Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-11-2017
Ran by Nasser (administrator) on CASA (20-11-2017 07:05:48)
Running from C:\Users\Nasser\Downloads
Loaded Profiles: Nasser (Available Profiles: Nasser)
Platform: Windows 10 Home Version 1607 14393.321 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-09] (Microsoft Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-06] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{77215cfc-8ff9-44a9-8395-43632b5cefcd}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8bbf5dfd-5a1b-4504-ab7c-e8f40addb8a1}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d21d1229-569c-4feb-82ee-916ef82dcf98}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2838503418-137235398-234371728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2838503418-137235398-234371728-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2838503418-137235398-234371728-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKU\S-1-5-21-2838503418-137235398-234371728-1001 -> DefaultScope {DB250F02-A3E3-4EE1-9965-B033F0BB899B} URL =
SearchScopes: HKU\S-1-5-21-2838503418-137235398-234371728-1001 -> {DB250F02-A3E3-4EE1-9965-B033F0BB899B} URL =
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default [2017-11-20]
CHR Extension: (Apresentações) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Documentos) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Folhas de cálculo) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Documentos do Google offline) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Speedtest by Ookla) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-06-29]
CHR Extension: (Gmail) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-08-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
R1 MpKsl96704eb9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C642035B-AC33-4CB8-B34E-2520F32E8321}\MpKsl96704eb9.sys [58120 2017-11-20] (Microsoft Corporation)
R1 MpKsla7f6bb8f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BB7DB24-7DB8-4556-A677-72E4348D93D7}\MpKsla7f6bb8f.sys [58120 2017-11-19] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-20 07:05 - 2017-11-20 07:06 - 000013004 _____ C:\Users\Nasser\Downloads\FRST.txt
2017-11-20 07:04 - 2017-11-20 07:05 - 000000000 ____D C:\FRST
2017-11-20 07:01 - 2017-11-20 07:04 - 002391552 _____ (Farbar) C:\Users\Nasser\Downloads\FRST64.exe
2017-11-19 17:27 - 2017-11-19 19:45 - 729358468 _____ C:\Users\Nasser\Downloads\Baadshaho (2017) 1CD pDVDRip x264 AAC-HDbuffs.mkv
2017-11-19 12:17 - 2017-11-19 12:17 - 000056929 _____ C:\Users\Nasser\Downloads\SN 17 OUT.xlsx
2017-11-19 12:02 - 2017-11-19 12:05 - 000056929 _____ C:\Users\Nasser\Desktop\SN 17 OUT.xlsx
2017-11-17 05:40 - 2017-11-17 05:41 - 000000000 ____D C:\Users\Nasser\Downloads\Raju Chacha 2000
2017-11-15 22:33 - 2017-11-15 22:33 - 000065024 _____ C:\Users\Nasser\Desktop\SN 17 OUT 2.xlsx
2017-11-15 08:29 - 2017-11-18 19:45 - 000000000 ____D C:\Users\Nasser\Downloads\DWTS S25
2017-11-11 07:33 - 2017-11-19 10:51 - 000068488 _____ C:\Users\Nasser\Desktop\SN 17 NOV.xlsx
2017-11-04 12:16 - 2017-11-04 12:17 - 006744332 _____ C:\Users\Nasser\Downloads\Brazilian Truffles (Brigadieros) 4 Ways.mp4
2017-11-04 12:13 - 2017-11-04 12:15 - 008198616 _____ C:\Users\Nasser\Downloads\Easy Chocolate Truffles 4 Ways.mp4
2017-11-03 09:20 - 2017-11-03 09:25 - 000012612 _____ C:\Users\Nasser\Desktop\Extracto SMART NAIRA RESIDENCIAL 1-11-2017.xlsx
2017-11-03 09:01 - 2017-11-15 22:29 - 000030126 _____ C:\Users\Nasser\Desktop\Extractos OUTUBRO 2017.xlsx
2017-10-30 16:50 - 2017-10-30 16:56 - 036226033 _____ C:\Users\Nasser\Downloads\Learn Urdu through English for beginners lesson 2.mp4
2017-10-30 16:41 - 2017-10-30 16:43 - 034323278 _____ C:\Users\Nasser\Downloads\Learn Urdu through English for beginners lesson 1.mp4
2017-10-29 13:08 - 2017-10-29 22:41 - 1047527424 _____ C:\Users\Nasser\Downloads\Microsoft Office 2016 Pro Plus VL X64 MULTi-17 v2 OCT 2017.part1.rar
2017-10-29 11:46 - 2017-11-18 19:50 - 000000000 ____D C:\Users\Nasser\Downloads\Baadshaho (2017)
2017-10-21 18:31 - 2017-11-19 17:22 - 000000000 ____D C:\Users\Nasser\Downloads\Gangster 2006
2017-10-21 14:40 - 2017-10-21 18:55 - 1690393771 _____ C:\Users\Nasser\Downloads\Undercover Grandpa (2017).zip
2017-10-18 08:57 - 2017-10-27 14:18 - 000000000 ____D C:\Users\Nasser\Documents\Anti Virus
2017-10-18 07:54 - 2017-10-27 14:19 - 000000000 ____D C:\AdwCleaner
2017-10-17 16:38 - 2017-10-30 17:32 - 000000000 ____D C:\Users\Nasser\Downloads\Filmes Novos
2017-10-16 00:18 - 2017-10-16 00:19 - 000052736 _____ C:\Users\Nasser\Desktop\SN 17 SET.xlsx
2017-10-16 00:15 - 2017-10-16 00:13 - 000115248 _____ C:\Users\Nasser\Desktop\SN 17 SET - Cópia.xlsx
2017-10-15 14:12 - 2017-10-16 00:22 - 000031935 _____ C:\Users\Nasser\Desktop\Extractos SETEMBRO 2017.xlsx
2017-10-08 06:45 - 2017-10-08 08:15 - 277544444 _____ C:\Users\Nasser\Downloads\The.Sinner.S01E01.HDTV.x264-SVA.mkv
2017-10-07 14:45 - 2017-10-07 14:45 - 000064000 _____ C:\Users\Nasser\Desktop\SN 17 AGO.xlsx
2017-10-07 14:35 - 2017-10-07 14:34 - 000144591 _____ C:\Users\Nasser\Desktop\SN 17 AGO - rascunho - Cópia.xlsx
2017-10-07 08:25 - 2017-10-07 14:35 - 000031174 _____ C:\Users\Nasser\Desktop\Extractos AGOSTO 2017.xlsx
2017-10-06 18:52 - 2017-10-06 19:39 - 309340336 _____ C:\Users\Nasser\Downloads\Fashion.Police.09.18.17.Emmys.HDTV.x264-PWE.mp4
2017-10-04 14:52 - 2017-10-04 14:53 - 000000000 ____D C:\Users\Nasser\Downloads\Wonder Woman (2017)
2017-10-02 16:51 - 2017-11-15 22:28 - 000225590 _____ C:\Users\Nasser\Desktop\SN 17 OUT - rascunho.xlsx
2017-09-18 15:09 - 2017-10-23 08:19 - 000000000 ____D C:\Users\Nasser\AppData\Local\ElevatedDiagnostics
2017-09-06 10:48 - 2017-10-16 00:13 - 000115248 _____ C:\Users\Nasser\Desktop\SN 17 SET - rascunho.xlsx
2017-08-31 12:23 - 2017-08-31 12:23 - 000191955 _____ C:\Users\Nasser\Downloads\008-2016_Extratos de Conta.pdf
2017-08-31 12:22 - 2017-08-31 12:22 - 000201699 _____ C:\Users\Nasser\Downloads\007-2016_Extratos de Conta (1).pdf
2017-08-31 11:40 - 2017-08-31 11:40 - 000011906 _____ C:\Users\Nasser\Desktop\Extracto SMART NAIRA RESIDENCIAL 31-08-2017.xlsx
2017-08-29 23:38 - 2017-08-30 00:01 - 1385018677 _____ C:\Users\Nasser\Downloads\MTV.Video.Music.Awards.2017.HDTV.x264-RBB.mp4
2017-08-28 22:48 - 2017-11-05 15:19 - 000000000 ____D C:\Users\Nasser\Downloads\Dear Zindagi 2016
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-20 05:42 - 2016-10-09 07:28 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-11-20 05:40 - 2016-05-18 04:25 - 000000000 __SHD C:\Users\Nasser\IntelGraphicsProfiles
2017-11-20 03:30 - 2016-12-08 05:26 - 000052807 _____ C:\Users\Nasser\Desktop\RASCUNHO.txt
2017-11-19 21:38 - 2016-10-09 06:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-19 18:58 - 2015-12-24 20:48 - 000645321 _____ C:\Users\Nasser\Documents\Notas.txt
2017-11-19 12:17 - 2015-06-26 18:33 - 000000000 ____D C:\Users\Nasser\AppData\Local\Packages
2017-11-19 05:36 - 2016-07-16 23:08 - 000485292 _____ C:\WINDOWS\system32\prfh0816.dat
2017-11-19 05:36 - 2016-07-16 23:08 - 000140456 _____ C:\WINDOWS\system32\prfc0816.dat
2017-11-19 05:36 - 2016-05-17 23:46 - 001671610 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-19 05:32 - 2016-10-09 07:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-19 05:31 - 2016-07-16 06:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-19 05:22 - 2014-09-08 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-11-16 06:33 - 2016-10-09 07:28 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-16 06:32 - 2016-06-14 12:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-15 22:40 - 2016-02-11 12:29 - 000000000 ____D C:\Users\Nasser\Desktop\SNP
2017-11-15 19:46 - 2016-10-09 07:28 - 000003526 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 19:46 - 2016-10-09 07:28 - 000003402 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 14:48 - 2017-02-17 06:19 - 000000000 ____D C:\Users\Nasser\Documents\Kingston
2017-11-14 14:39 - 2016-05-18 10:42 - 000000000 ____D C:\Users\Nasser\Desktop\Cotações Pemba
2017-11-14 14:30 - 2015-09-10 12:40 - 000000000 ____D C:\Users\Nasser\Desktop\SMART
2017-11-14 06:22 - 2015-06-27 02:00 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 06:22 - 2015-06-27 02:00 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-09 18:49 - 2017-06-25 16:19 - 000000000 ____D C:\Users\Nasser\Downloads\Ghost.in.The.Shell.2017.HC.HD
2017-11-09 18:48 - 2016-05-25 18:47 - 000000000 ____D C:\Users\Nasser\Documents\Bollywood
2017-11-07 08:57 - 2017-07-27 05:36 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2838503418-137235398-234371728-1001
2017-11-07 08:57 - 2016-05-18 04:35 - 000002412 _____ C:\Users\Nasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 08:57 - 2016-05-18 04:35 - 000000000 ___RD C:\Users\Nasser\OneDrive
2017-10-27 14:24 - 2016-10-09 06:52 - 000000000 ____D C:\Users\Nasser
2017-10-27 14:19 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-10-27 14:19 - 2016-07-05 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-27 14:19 - 2016-07-05 13:14 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-27 14:19 - 2016-04-15 20:18 - 000000000 ____D C:\Users\Nasser\Documents\Quantico.S01E16.HD
2017-10-27 14:18 - 2016-11-09 16:22 - 000000000 ____D C:\Users\Nasser\Downloads\Lethal Weapon
2017-10-27 14:12 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-27 13:58 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\registration
2017-10-27 13:56 - 2016-07-05 13:14 - 000000000 ____D C:\ProgramData\Oracle
2017-10-25 10:03 - 2015-12-05 14:57 - 000000000 ____D C:\Users\Nasser\Desktop\Nova pasta
2017-10-22 18:28 - 2016-05-04 13:45 - 000000000 ____D C:\Users\Nasser\Documents\I
Some files in TEMP:
====================
2017-07-19 15:13 - 2017-07-19 15:13 - 000739904 _____ (Oracle Corporation) C:\Users\Nasser\AppData\Local\Temp\jre-8u141-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-14 07:54
==================== End of FRST.txt ============================
Ran by Nasser (administrator) on CASA (20-11-2017 07:05:48)
Running from C:\Users\Nasser\Downloads
Loaded Profiles: Nasser (Available Profiles: Nasser)
Platform: Windows 10 Home Version 1607 14393.321 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-09] (Microsoft Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-06] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{77215cfc-8ff9-44a9-8395-43632b5cefcd}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8bbf5dfd-5a1b-4504-ab7c-e8f40addb8a1}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d21d1229-569c-4feb-82ee-916ef82dcf98}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2838503418-137235398-234371728-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2838503418-137235398-234371728-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-2838503418-137235398-234371728-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_c
SearchScopes: HKU\S-1-5-21-2838503418-137235398-234371728-1001 -> DefaultScope {DB250F02-A3E3-4EE1-9965-B033F0BB899B} URL =
SearchScopes: HKU\S-1-5-21-2838503418-137235398-234371728-1001 -> {DB250F02-A3E3-4EE1-9965-B033F0BB899B} URL =
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-19] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default [2017-11-20]
CHR Extension: (Apresentações) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Documentos) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Google Drive) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Folhas de cálculo) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Documentos do Google offline) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Speedtest by Ookla) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-06-29]
CHR Extension: (Gmail) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\Nasser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-08-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
R1 MpKsl96704eb9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C642035B-AC33-4CB8-B34E-2520F32E8321}\MpKsl96704eb9.sys [58120 2017-11-20] (Microsoft Corporation)
R1 MpKsla7f6bb8f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BB7DB24-7DB8-4556-A677-72E4348D93D7}\MpKsla7f6bb8f.sys [58120 2017-11-19] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-20 07:05 - 2017-11-20 07:06 - 000013004 _____ C:\Users\Nasser\Downloads\FRST.txt
2017-11-20 07:04 - 2017-11-20 07:05 - 000000000 ____D C:\FRST
2017-11-20 07:01 - 2017-11-20 07:04 - 002391552 _____ (Farbar) C:\Users\Nasser\Downloads\FRST64.exe
2017-11-19 17:27 - 2017-11-19 19:45 - 729358468 _____ C:\Users\Nasser\Downloads\Baadshaho (2017) 1CD pDVDRip x264 AAC-HDbuffs.mkv
2017-11-19 12:17 - 2017-11-19 12:17 - 000056929 _____ C:\Users\Nasser\Downloads\SN 17 OUT.xlsx
2017-11-19 12:02 - 2017-11-19 12:05 - 000056929 _____ C:\Users\Nasser\Desktop\SN 17 OUT.xlsx
2017-11-17 05:40 - 2017-11-17 05:41 - 000000000 ____D C:\Users\Nasser\Downloads\Raju Chacha 2000
2017-11-15 22:33 - 2017-11-15 22:33 - 000065024 _____ C:\Users\Nasser\Desktop\SN 17 OUT 2.xlsx
2017-11-15 08:29 - 2017-11-18 19:45 - 000000000 ____D C:\Users\Nasser\Downloads\DWTS S25
2017-11-11 07:33 - 2017-11-19 10:51 - 000068488 _____ C:\Users\Nasser\Desktop\SN 17 NOV.xlsx
2017-11-04 12:16 - 2017-11-04 12:17 - 006744332 _____ C:\Users\Nasser\Downloads\Brazilian Truffles (Brigadieros) 4 Ways.mp4
2017-11-04 12:13 - 2017-11-04 12:15 - 008198616 _____ C:\Users\Nasser\Downloads\Easy Chocolate Truffles 4 Ways.mp4
2017-11-03 09:20 - 2017-11-03 09:25 - 000012612 _____ C:\Users\Nasser\Desktop\Extracto SMART NAIRA RESIDENCIAL 1-11-2017.xlsx
2017-11-03 09:01 - 2017-11-15 22:29 - 000030126 _____ C:\Users\Nasser\Desktop\Extractos OUTUBRO 2017.xlsx
2017-10-30 16:50 - 2017-10-30 16:56 - 036226033 _____ C:\Users\Nasser\Downloads\Learn Urdu through English for beginners lesson 2.mp4
2017-10-30 16:41 - 2017-10-30 16:43 - 034323278 _____ C:\Users\Nasser\Downloads\Learn Urdu through English for beginners lesson 1.mp4
2017-10-29 13:08 - 2017-10-29 22:41 - 1047527424 _____ C:\Users\Nasser\Downloads\Microsoft Office 2016 Pro Plus VL X64 MULTi-17 v2 OCT 2017.part1.rar
2017-10-29 11:46 - 2017-11-18 19:50 - 000000000 ____D C:\Users\Nasser\Downloads\Baadshaho (2017)
2017-10-21 18:31 - 2017-11-19 17:22 - 000000000 ____D C:\Users\Nasser\Downloads\Gangster 2006
2017-10-21 14:40 - 2017-10-21 18:55 - 1690393771 _____ C:\Users\Nasser\Downloads\Undercover Grandpa (2017).zip
2017-10-18 08:57 - 2017-10-27 14:18 - 000000000 ____D C:\Users\Nasser\Documents\Anti Virus
2017-10-18 07:54 - 2017-10-27 14:19 - 000000000 ____D C:\AdwCleaner
2017-10-17 16:38 - 2017-10-30 17:32 - 000000000 ____D C:\Users\Nasser\Downloads\Filmes Novos
2017-10-16 00:18 - 2017-10-16 00:19 - 000052736 _____ C:\Users\Nasser\Desktop\SN 17 SET.xlsx
2017-10-16 00:15 - 2017-10-16 00:13 - 000115248 _____ C:\Users\Nasser\Desktop\SN 17 SET - Cópia.xlsx
2017-10-15 14:12 - 2017-10-16 00:22 - 000031935 _____ C:\Users\Nasser\Desktop\Extractos SETEMBRO 2017.xlsx
2017-10-08 06:45 - 2017-10-08 08:15 - 277544444 _____ C:\Users\Nasser\Downloads\The.Sinner.S01E01.HDTV.x264-SVA.mkv
2017-10-07 14:45 - 2017-10-07 14:45 - 000064000 _____ C:\Users\Nasser\Desktop\SN 17 AGO.xlsx
2017-10-07 14:35 - 2017-10-07 14:34 - 000144591 _____ C:\Users\Nasser\Desktop\SN 17 AGO - rascunho - Cópia.xlsx
2017-10-07 08:25 - 2017-10-07 14:35 - 000031174 _____ C:\Users\Nasser\Desktop\Extractos AGOSTO 2017.xlsx
2017-10-06 18:52 - 2017-10-06 19:39 - 309340336 _____ C:\Users\Nasser\Downloads\Fashion.Police.09.18.17.Emmys.HDTV.x264-PWE.mp4
2017-10-04 14:52 - 2017-10-04 14:53 - 000000000 ____D C:\Users\Nasser\Downloads\Wonder Woman (2017)
2017-10-02 16:51 - 2017-11-15 22:28 - 000225590 _____ C:\Users\Nasser\Desktop\SN 17 OUT - rascunho.xlsx
2017-09-18 15:09 - 2017-10-23 08:19 - 000000000 ____D C:\Users\Nasser\AppData\Local\ElevatedDiagnostics
2017-09-06 10:48 - 2017-10-16 00:13 - 000115248 _____ C:\Users\Nasser\Desktop\SN 17 SET - rascunho.xlsx
2017-08-31 12:23 - 2017-08-31 12:23 - 000191955 _____ C:\Users\Nasser\Downloads\008-2016_Extratos de Conta.pdf
2017-08-31 12:22 - 2017-08-31 12:22 - 000201699 _____ C:\Users\Nasser\Downloads\007-2016_Extratos de Conta (1).pdf
2017-08-31 11:40 - 2017-08-31 11:40 - 000011906 _____ C:\Users\Nasser\Desktop\Extracto SMART NAIRA RESIDENCIAL 31-08-2017.xlsx
2017-08-29 23:38 - 2017-08-30 00:01 - 1385018677 _____ C:\Users\Nasser\Downloads\MTV.Video.Music.Awards.2017.HDTV.x264-RBB.mp4
2017-08-28 22:48 - 2017-11-05 15:19 - 000000000 ____D C:\Users\Nasser\Downloads\Dear Zindagi 2016
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-20 05:42 - 2016-10-09 07:28 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-11-20 05:40 - 2016-05-18 04:25 - 000000000 __SHD C:\Users\Nasser\IntelGraphicsProfiles
2017-11-20 03:30 - 2016-12-08 05:26 - 000052807 _____ C:\Users\Nasser\Desktop\RASCUNHO.txt
2017-11-19 21:38 - 2016-10-09 06:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-19 18:58 - 2015-12-24 20:48 - 000645321 _____ C:\Users\Nasser\Documents\Notas.txt
2017-11-19 12:17 - 2015-06-26 18:33 - 000000000 ____D C:\Users\Nasser\AppData\Local\Packages
2017-11-19 05:36 - 2016-07-16 23:08 - 000485292 _____ C:\WINDOWS\system32\prfh0816.dat
2017-11-19 05:36 - 2016-07-16 23:08 - 000140456 _____ C:\WINDOWS\system32\prfc0816.dat
2017-11-19 05:36 - 2016-05-17 23:46 - 001671610 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-19 05:32 - 2016-10-09 07:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-19 05:31 - 2016-07-16 06:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-19 05:22 - 2014-09-08 18:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-11-16 06:33 - 2016-10-09 07:28 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-16 06:32 - 2016-06-14 12:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-15 22:40 - 2016-02-11 12:29 - 000000000 ____D C:\Users\Nasser\Desktop\SNP
2017-11-15 19:46 - 2016-10-09 07:28 - 000003526 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 19:46 - 2016-10-09 07:28 - 000003402 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 14:48 - 2017-02-17 06:19 - 000000000 ____D C:\Users\Nasser\Documents\Kingston
2017-11-14 14:39 - 2016-05-18 10:42 - 000000000 ____D C:\Users\Nasser\Desktop\Cotações Pemba
2017-11-14 14:30 - 2015-09-10 12:40 - 000000000 ____D C:\Users\Nasser\Desktop\SMART
2017-11-14 06:22 - 2015-06-27 02:00 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 06:22 - 2015-06-27 02:00 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-09 18:49 - 2017-06-25 16:19 - 000000000 ____D C:\Users\Nasser\Downloads\Ghost.in.The.Shell.2017.HC.HD
2017-11-09 18:48 - 2016-05-25 18:47 - 000000000 ____D C:\Users\Nasser\Documents\Bollywood
2017-11-07 08:57 - 2017-07-27 05:36 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2838503418-137235398-234371728-1001
2017-11-07 08:57 - 2016-05-18 04:35 - 000002412 _____ C:\Users\Nasser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 08:57 - 2016-05-18 04:35 - 000000000 ___RD C:\Users\Nasser\OneDrive
2017-10-27 14:24 - 2016-10-09 06:52 - 000000000 ____D C:\Users\Nasser
2017-10-27 14:19 - 2016-07-16 11:45 - 000000000 ____D C:\WINDOWS\INF
2017-10-27 14:19 - 2016-07-05 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-10-27 14:19 - 2016-07-05 13:14 - 000000000 ____D C:\Program Files (x86)\Java
2017-10-27 14:19 - 2016-04-15 20:18 - 000000000 ____D C:\Users\Nasser\Documents\Quantico.S01E16.HD
2017-10-27 14:18 - 2016-11-09 16:22 - 000000000 ____D C:\Users\Nasser\Downloads\Lethal Weapon
2017-10-27 14:12 - 2016-07-16 11:47 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-27 13:58 - 2016-07-16 11:47 - 000000000 ____D C:\WINDOWS\registration
2017-10-27 13:56 - 2016-07-05 13:14 - 000000000 ____D C:\ProgramData\Oracle
2017-10-25 10:03 - 2015-12-05 14:57 - 000000000 ____D C:\Users\Nasser\Desktop\Nova pasta
2017-10-22 18:28 - 2016-05-04 13:45 - 000000000 ____D C:\Users\Nasser\Documents\I
Some files in TEMP:
====================
2017-07-19 15:13 - 2017-07-19 15:13 - 000739904 _____ (Oracle Corporation) C:\Users\Nasser\AppData\Local\Temp\jre-8u141-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-14 07:54
==================== End of FRST.txt ============================