Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Marcel (administrator) on MARCEL_MORETTI (08-12-2015 13:29:21)
Running from C:\Users\Ariel\Downloads
Loaded Profiles: Marcel (Available Profiles: Marcel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Ariel\AppData\Local\gmsd_br_005010169\upgmsd_br_005010169.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\knsk13D9.tmpfs
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Ariel\AppData\Local\Temp\nshACD1.tmp
(TODO: <公司名>) C:\ProgramData\upgsvr.exe
() C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\hnsv4E04.tmp
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Mentor Graphics Corporation) C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
() C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\jnsa30E1.tmp
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Users\Ariel\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\Ariel\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ariel\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Autodesk Inc.) C:\Users\Ariel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe [718336 2011-03-02] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-03-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-03-30] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-03-30] (Synaptics Incorporated)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-30] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [mbot_br_257] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [LightGate] => C:\Users\Ariel\AppData\Roaming\LightGate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [HomePageHelper] => C:\Users\Ariel\AppData\Roaming\HomePage.exe [1100288 2015-11-25] ()
HKLM-x32\...\RunOnce: [upgmsd_br_005010169.exe] => C:\Users\Ariel\AppData\Local\gmsd_br_005010169\upgmsd_br_005010169.exe [3264176 2015-12-07] ()
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ariel\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [GoogleChromeAutoLaunch_F825DD62C9AA018B43DBB0A1261D56EE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [YeaInstaller] => C:\Users\Ariel\AppData\Local\Temp\setup.exe [2180096 2015-12-08] (TZ) <===== ATTENTION
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-04] (Microsoft Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-11-30] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49607;https=127.0.0.1:49607
Tcpip\Parameters: [DhcpNameServer] 187.122.127.58 187.122.127.34
Tcpip\..\Interfaces\{32FEAEFB-EA38-45F4-B6E3-D9FD52082E3F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8159B5FE-9EAE-4840-9C07-B04B3A444AEA}: [DhcpNameServer] 187.122.127.58 187.122.127.34
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409789721&from=irs&uid=TOSHIBAXMK7559GSXP_41F6F0DBSXX41F6F0DBS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409789721&from=irs&uid=TOSHIBAXMK7559GSXP_41F6F0DBSXX41F6F0DBS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=209&itype=n&ver=13467&tm=465&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=209&itype=n&ver=13467&tm=465&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=77034122_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M24457FA8-F75E-4482-837D-F206BCBDD1AA&SearchSource=58&CUI=&UM=6&UP=SPBCBBCEB8-8D74-4C47-9028-9A2357B30914&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {72110F6D-94C1-4080-9608-99B7FD2048DE} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=209&itype=n&ver=13467&tm=465&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=77034122_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-11-02] (Oracle Corporation)
BHO-x32: Baidu Toolbar BHO -> {77FEF28E-EB96-44FF-B511-3185DEA48697} -> C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-30] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-11-02] (Oracle Corporation)
Toolbar: HKLM-x32 - °Ù¶È¹¤¾ßÀ¸ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449584979&z=5556be86880b6ff2af20ccbg3z5z3t1w6bez7tbm7q&from=cmi&uid=TOSHIBAXMK7559GSXP_41F6F0DBSXX41F6F0DBS
FireFox:
========
FF ProfilePath: C:\Users\Ariel\AppData\Roaming\Mozilla\Firefox\Profiles\sh6vw0wl.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @baidu.com/BaiduExpert-npplugin -> C:\Users\Ariel\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\npBDExNP.dll [2015-12-08] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-06-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-06-08] (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3714732022-3955062655-33925618-1000: gastecnologia.com.br/sf/uni -> C:\Users\Ariel\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-06] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Twitter ™) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmflajicfghjbedfjgaiimfcffkiime [2015-01-27]
CHR Extension: (Facebook) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-01-27]
CHR Extension: (Movie Mode) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmhnlonpgaajdgcddgdeknmejeljoei [2015-12-08]
CHR Extension: (Google +) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-03-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-10-06]
CHR Extension: (feedly) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2015-12-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Instagram) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacfdfgmgfbpgjgpgghdcjfaajdiggho [2015-01-27]
CHR Extension: (Plugin Beach) - C:\Users\Ariel\AppData\Local\Plugin Beach\Component [2015-12-08]
CHR HKU\S-1-5-21-3714732022-3955062655-33925618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ariel\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-12]
CHR HKU\S-1-5-21-3714732022-3955062655-33925618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)
R2 ginoquci; C:\Users\Ariel\AppData\Local\Temp\nshACD1.tmp [222208 2015-12-08] () [File not signed]
R2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 nyneryxo; C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\hnsv4E04.tmp [134656 2015-12-08] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-11-07] (The OpenVPN Project)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Remote Solver for Flow Simulation 2010; C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [144680 2009-09-11] (Mentor Graphics Corporation)
R2 roqenufe; C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\jnsa30E1.tmp [307200 2015-12-08] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-04] (SolidWorks) [File not signed]
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [155280 2015-12-08] (TODO: <公司名>)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-08] (Sysinternals process Explorer) <==== ATTENTION
R2 XBox; C:\Users\Ariel\AppData\Roaming\XBox\XBLive.exe [6728120 2015-11-05] ()
R2 cegopupy; C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\knsk13D9.tmpfs [X]
S2 globalUpdate; no ImagePath <==== ATTENTION
S3 globalUpdatem; no ImagePath <==== ATTENTION
S2 MSSQL$TEW_SQLEXPRESS; no ImagePath
S4 SQLAgent$TEW_SQLEXPRESS; no ImagePath
S2 WMPNetworkSvc; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S3 BprotectEx; no ImagePath
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 PCFApiUtil; no ImagePath
R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-03-30] (REDC)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [29352 2015-10-08] ()
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-28] ()
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-08 13:29 - 2015-12-08 13:30 - 00036837 _____ C:\Users\Ariel\Downloads\FRST.txt
2015-12-08 13:28 - 2015-12-08 13:29 - 00000000 ____D C:\FRST
2015-12-08 13:28 - 2015-12-08 13:28 - 02369024 _____ (Farbar) C:\Users\Ariel\Downloads\FRST64.exe
2015-12-08 12:55 - 2015-12-08 12:55 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-12-08 12:55 - 2015-12-08 12:55 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\CalendarTool
2015-12-08 12:55 - 2015-12-08 12:55 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-12-08 12:54 - 2015-12-08 12:54 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-08 12:41 - 2015-12-08 12:41 - 00000017 _____ C:\Windows\SysWOW64\history.dat
2015-12-08 12:37 - 2015-12-08 12:55 - 00000000 ____D C:\Users\Ariel\AppData\Local\gmsd_br_005010169
2015-12-08 12:33 - 2015-12-08 12:33 - 00000000 ____D C:\Users\Ariel\AppData\LocalLow\Baidu
2015-12-08 12:32 - 2015-11-26 07:58 - 04127064 _____ C:\Users\Ariel\AppData\Roaming\da3c3f44f7de8ef5.exe
2015-12-08 12:30 - 2015-12-08 13:24 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\XBox
2015-12-08 12:30 - 2015-12-08 12:52 - 00001443 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-08 12:30 - 2015-12-08 04:46 - 00271784 _____ C:\Users\Ariel\AppData\Roaming\downloader_2.0.0.1_102br_45_20151208_1446_1449557202.exe
2015-12-08 12:29 - 2015-12-08 13:06 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-08 12:29 - 2015-12-08 12:48 - 00000000 ____D C:\Program Files (x86)\SFK
2015-12-08 12:29 - 2015-12-08 12:31 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\istartpageing
2015-12-08 12:27 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Ariel\AppData\Roaming\HomePage.exe
2015-12-08 07:40 - 2015-12-08 07:40 - 00000000 ____D C:\Users\Ariel\AppData\Local\Yeaplayer
2015-12-08 01:39 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\Ariel\AppData\Roaming\yeaplayer_51472.exe
2015-12-08 01:36 - 2015-12-08 12:51 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\LightGate
2015-12-08 01:36 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Ariel\AppData\Roaming\LightGate.exe
2015-12-08 01:35 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-08 01:34 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Ariel\AppData\Roaming\upgsvr.exe
2015-12-08 01:32 - 2015-12-08 07:40 - 00000000 ____D C:\Users\Ariel\AppData\Local\3C70F8C0-1449538339-11DE-83FA-F0BF9757CA72
2015-12-08 01:32 - 2015-12-08 01:32 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\ASPackage
2015-12-08 01:31 - 2015-12-08 12:58 - 00000000 ____D C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72
2015-12-08 01:31 - 2014-12-02 02:47 - 00000822 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-08 01:30 - 2015-12-08 01:30 - 00003174 _____ C:\Windows\System32\Tasks\Plugin Beach
2015-12-08 01:30 - 2015-12-08 01:30 - 00003164 _____ C:\Windows\System32\Tasks\Plugin Beach2
2015-12-08 01:29 - 2015-12-08 01:30 - 00000000 ____D C:\Users\Ariel\AppData\Local\Plugin Beach
2015-12-08 00:59 - 2015-12-08 01:23 - 00000000 ____D C:\Users\Ariel\Downloads\SW2010_SP0.0
2015-12-08 00:59 - 2015-12-08 00:59 - 00000000 ____D C:\Users\Ariel\Downloads\AUTODESK.AUTOCAD.V2016.x64.x86-ISO-DownloadsFull.Net
2015-12-08 00:51 - 2015-12-08 00:51 - 00002285 _____ C:\Users\Ariel\Desktop\Instalar agora Autodesk® AutoCAD® 2016.lnk
2015-12-08 00:51 - 2015-12-08 00:51 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-08 00:50 - 2015-12-08 00:50 - 00000000 ____D C:\Program Files (x86)\Autodesk
2015-12-08 00:46 - 2015-12-08 00:46 - 00002100 _____ C:\Users\Public\Desktop\AutoCAD 2016 - Português - Brasil (Brazilian Portuguese).lnk
2015-12-08 00:10 - 2015-12-08 00:24 - 00000000 ____D C:\Program Files\Autodesk
2015-12-08 00:06 - 2015-12-08 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-07 23:54 - 2015-12-07 23:55 - 00000000 ____D C:\Autodesk
2015-12-07 22:18 - 2015-12-07 22:18 - 00003300 _____ C:\Windows\System32\Tasks\{C141AAA1-41A3-4D10-8BFB-E3D4B9225C4C}
2015-12-07 21:48 - 2015-12-07 21:48 - 00003300 _____ C:\Windows\System32\Tasks\{965F8CCB-864E-44CA-9649-374927C62F63}
2015-12-07 19:10 - 2015-12-07 19:10 - 00000000 _____ C:\Windows\eDrawingOfficeAutomator.INI
2015-12-07 19:03 - 2015-12-07 19:03 - 00112527 _____ C:\Users\Ariel\Downloads\Emerald 25 Semanas.pdf
2015-12-07 19:02 - 2015-12-07 19:03 - 00112384 _____ C:\Users\Ariel\Downloads\ATC Ireland - Dublin 25 Semanas Tarde.pdf
2015-12-07 18:48 - 2015-12-07 23:50 - 00000000 ____D C:\Program Files (x86)\SolidWorks Corp
2015-12-07 18:33 - 2015-12-07 18:33 - 00003046 _____ C:\Windows\System32\Tasks\{D1BD0394-7BA9-474B-A91A-8F8257FCF846}
2015-12-06 15:43 - 2015-12-08 00:58 - 00000000 ____D C:\Users\Ariel\AppData\LocalLow\uTorrent
2015-12-04 19:38 - 2015-12-04 19:38 - 00136823 _____ C:\Users\Ariel\Downloads\CT - Dublin - ERIN School (25+8) com Assist em R$ + 2s E HOUSE (dead.13.12.15).pdf
2015-12-04 19:38 - 2015-12-04 19:38 - 00135881 _____ C:\Users\Ariel\Downloads\CT - Dublin - Malvern House TARDE (25+8) com Assist em R$ + 2 sE HOUSE (dead.13.12.15).pdf
2015-11-16 16:18 - 2015-12-07 23:18 - 00000000 ____D C:\Users\Ariel\Desktop\UBP
2015-11-15 18:01 - 2015-11-25 13:40 - 00000000 ____D C:\Users\Ariel\Desktop\Intercâmbio
2015-11-12 15:23 - 2015-11-03 15:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 15:07 - 2015-10-20 16:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 15:07 - 2015-10-20 16:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 15:07 - 2015-10-20 16:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 15:07 - 2015-10-20 16:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 15:07 - 2015-10-20 16:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 15:07 - 2015-10-20 15:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 15:05 - 2015-11-03 20:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 15:05 - 2015-11-03 19:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 15:05 - 2015-10-30 21:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 15:05 - 2015-10-30 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 15:05 - 2015-10-30 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 15:05 - 2015-10-30 21:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 15:05 - 2015-10-30 21:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 15:05 - 2015-10-30 21:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 15:05 - 2015-10-30 21:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 15:05 - 2015-10-30 21:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 15:05 - 2015-10-30 21:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 15:05 - 2015-10-30 21:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 15:05 - 2015-10-30 21:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 15:05 - 2015-10-30 21:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 15:05 - 2015-10-30 21:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 15:05 - 2015-10-30 21:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 15:05 - 2015-10-30 21:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 15:05 - 2015-10-30 21:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 15:05 - 2015-10-30 21:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 15:05 - 2015-10-30 21:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 15:05 - 2015-10-30 21:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 15:05 - 2015-10-30 20:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 15:05 - 2015-10-30 20:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 15:05 - 2015-10-30 20:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 15:05 - 2015-10-30 20:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 15:05 - 2015-10-30 20:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 15:05 - 2015-10-30 20:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 15:05 - 2015-10-30 20:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 15:05 - 2015-10-30 20:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 15:05 - 2015-10-30 20:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 15:05 - 2015-10-30 20:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 15:05 - 2015-10-30 20:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 15:05 - 2015-10-30 20:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 15:05 - 2015-10-30 20:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 15:05 - 2015-10-30 20:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 15:05 - 2015-10-30 20:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 15:05 - 2015-10-30 20:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 15:05 - 2015-10-30 20:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 15:05 - 2015-10-30 20:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 15:05 - 2015-10-30 20:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 15:05 - 2015-10-30 20:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 15:05 - 2015-10-30 20:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 15:05 - 2015-10-30 20:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 15:05 - 2015-10-30 20:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 15:05 - 2015-10-30 20:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 15:05 - 2015-10-30 20:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 15:05 - 2015-10-30 20:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 15:05 - 2015-10-30 20:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 15:05 - 2015-10-30 20:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 15:05 - 2015-10-30 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 15:05 - 2015-10-30 20:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 15:05 - 2015-10-30 20:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 15:05 - 2015-10-30 20:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 15:05 - 2015-10-30 20:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 15:05 - 2015-10-30 20:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 15:05 - 2015-10-30 20:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 15:05 - 2015-10-30 20:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 15:05 - 2015-10-30 20:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 15:05 - 2015-10-30 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 15:05 - 2015-10-30 20:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 15:05 - 2015-10-30 19:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 15:05 - 2015-10-30 19:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 15:05 - 2015-10-30 19:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 15:05 - 2015-10-30 19:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 15:03 - 2015-10-19 23:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 15:03 - 2015-10-19 23:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 15:03 - 2015-10-19 23:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 15:03 - 2015-10-19 23:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 15:03 - 2015-10-19 23:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 15:03 - 2015-10-19 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 15:03 - 2015-10-19 23:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 15:03 - 2015-10-19 23:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 15:03 - 2015-10-19 23:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 15:03 - 2015-10-19 23:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 15:03 - 2015-10-19 22:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 15:03 - 2015-10-19 22:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 15:03 - 2015-10-19 22:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 15:03 - 2015-10-19 22:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 15:03 - 2015-10-19 22:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 15:03 - 2015-10-19 22:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 15:03 - 2015-10-19 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 15:03 - 2015-10-19 21:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 15:03 - 2015-10-19 21:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 15:03 - 2015-10-19 21:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 15:03 - 2015-10-19 21:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 15:03 - 2015-10-19 21:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:03 - 2015-09-23 11:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 15:03 - 2015-09-23 11:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 15:03 - 2015-09-23 11:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 15:02 - 2015-10-29 15:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 15:02 - 2015-10-29 15:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 15:02 - 2015-10-29 15:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 15:02 - 2015-10-13 14:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 15:02 - 2015-10-13 14:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 14:57 - 2015-10-13 02:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 14:57 - 2015-10-01 16:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 14:57 - 2015-10-01 16:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 14:57 - 2015-10-01 15:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-08 13:28 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-12-08 13:24 - 2014-10-03 11:43 - 00000560 __RSH C:\ProgramData\ntuser.pol
2015-12-08 13:16 - 2014-05-05 21:27 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-08 13:05 - 2014-09-03 22:01 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\uTorrent
2015-12-08 13:05 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-12-08 13:00 - 2009-07-14 02:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 13:00 - 2009-07-14 02:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 12:52 - 2015-02-12 20:29 - 00000000 ___RD C:\Users\Ariel\Google Drive
2015-12-08 12:52 - 2014-05-05 21:28 - 00002229 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 12:51 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-08 12:49 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-08 12:48 - 2014-05-02 04:49 - 00001413 _____ C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-08 12:47 - 2015-11-02 23:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-08 12:47 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-08 12:36 - 2014-11-10 12:55 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Baidu
2015-12-08 12:31 - 2014-05-05 23:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-08 12:30 - 2014-05-05 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-08 00:45 - 2014-09-09 00:46 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2015-12-08 00:45 - 2014-09-09 00:31 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Autodesk
2015-12-08 00:43 - 2014-09-09 00:31 - 00000000 ____D C:\ProgramData\Autodesk
2015-12-08 00:42 - 2014-09-09 00:45 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-12-08 00:42 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-07 23:53 - 2014-09-29 19:08 - 00659968 ___SH C:\Users\Ariel\Downloads\Thumbs.db
2015-12-07 23:10 - 2014-09-04 18:48 - 00000000 ____D C:\Users\Ariel\Documents\SolidWorks Downloads
2015-12-07 22:13 - 2014-09-04 21:56 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
2015-12-07 22:12 - 2014-09-04 21:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-07 22:01 - 2015-01-26 18:08 - 00000000 ____D C:\Users\Ariel\Desktop\Pessoal
2015-12-07 21:32 - 2014-09-09 00:52 - 00000000 ____D C:\Users\Ariel\AppData\Local\Autodesk
2015-12-07 20:53 - 2014-09-04 18:47 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\SolidWorks
2015-12-07 20:29 - 2014-05-05 22:50 - 00000000 ____D C:\Users\Ariel\AppData\Local\Adobe
2015-12-07 19:01 - 2014-09-13 13:55 - 01083904 ___SH C:\Users\Ariel\Desktop\Thumbs.db
2015-12-07 18:48 - 2014-09-04 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-07 16:26 - 2015-06-09 15:36 - 00000000 ____D C:\Users\Ariel\Documents\Inventor
2015-12-02 13:39 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2015-12-02 10:11 - 2014-05-05 21:27 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 10:11 - 2014-05-05 21:27 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 10:11 - 2014-05-05 21:27 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 18:36 - 2015-01-26 14:17 - 00000000 ____D C:\Users\Ariel\Documents\Outlook Files
2015-11-27 15:56 - 2014-10-06 10:29 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Skype
2015-11-25 12:40 - 2015-02-12 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-19 17:02 - 2015-04-20 11:39 - 00000000 ____D C:\Windows\system32\MRT
2015-11-19 16:55 - 2015-04-20 11:39 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-19 16:54 - 2014-09-08 23:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-19 16:34 - 2009-07-14 05:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-19 16:34 - 2009-07-14 00:34 - 00000478 _____ C:\Windows\win.ini
2015-11-09 12:30 - 2014-10-06 10:29 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-09-02 11:20 - 2015-09-02 11:20 - 6714975 _____ () C:\Users\Ariel\AppData\Roaming\asaasaasa.zip
2015-12-08 12:32 - 2015-11-26 07:58 - 4127064 _____ () C:\Users\Ariel\AppData\Roaming\da3c3f44f7de8ef5.exe
2015-12-08 12:30 - 2015-12-08 04:46 - 0271784 _____ () C:\Users\Ariel\AppData\Roaming\downloader_2.0.0.1_102br_45_20151208_1446_1449557202.exe
2015-12-08 12:27 - 2015-11-25 15:31 - 1100288 _____ () C:\Users\Ariel\AppData\Roaming\HomePage.exe
2015-12-08 01:36 - 2015-12-04 13:14 - 1081344 _____ () C:\Users\Ariel\AppData\Roaming\LightGate.exe
2015-09-02 11:20 - 2015-09-02 11:20 - 0027973 _____ () C:\Users\Ariel\AppData\Roaming\pak.zip
2015-04-19 10:20 - 2015-04-19 10:20 - 0005872 _____ () C:\Users\Ariel\AppData\Roaming\RT2uUvImTCfceCEMBGnvO1N
2014-05-05 21:30 - 2015-05-11 18:19 - 0030971 _____ () C:\Users\Ariel\AppData\Roaming\unins000.dat
2015-05-11 18:19 - 2015-05-11 18:19 - 0717985 _____ () C:\Users\Ariel\AppData\Roaming\unins000.exe
2015-12-08 01:34 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Ariel\AppData\Roaming\upgsvr.exe
2015-01-26 12:52 - 2015-01-26 12:52 - 0000045 _____ () C:\Users\Ariel\AppData\Roaming\WB.CFG
2015-12-08 01:39 - 2015-11-14 21:08 - 2496403 _____ ( ) C:\Users\Ariel\AppData\Roaming\yeaplayer_51472.exe
2015-02-17 19:33 - 2015-02-17 20:24 - 0000548 _____ () C:\Users\Ariel\AppData\Local\out.png
2014-12-01 15:11 - 2014-12-01 15:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-10 12:55 - 2014-11-10 12:55 - 0000165 _____ () C:\ProgramData\bc.ini
2014-09-09 00:51 - 2014-09-09 00:51 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-07-29 11:48 - 2015-07-29 11:48 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-12-08 01:35 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
Files to move or delete:
====================
C:\Users\Ariel\AppData\Local\Temp\setup.exe
C:\ProgramData\upgsvr.exe
Some files in TEMP:
====================
C:\Users\Ariel\AppData\Local\Temp\1%20navigaki.exe
C:\Users\Ariel\AppData\Local\Temp\AcDeltree.exe
C:\Users\Ariel\AppData\Local\Temp\avg82E5.exe
C:\Users\Ariel\AppData\Local\Temp\BDWebAdapterZip.dll
C:\Users\Ariel\AppData\Local\Temp\BDWebDownload.dll
C:\Users\Ariel\AppData\Local\Temp\bitool.dll
C:\Users\Ariel\AppData\Local\Temp\setup.exe
C:\Users\Ariel\AppData\Local\Temp\Uninstall.exe
C:\Users\Ariel\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-02 10:40
==================== End of FRST.txt ============================
Ran by Marcel (administrator) on MARCEL_MORETTI (08-12-2015 13:29:21)
Running from C:\Users\Ariel\Downloads
Loaded Profiles: Marcel (Available Profiles: Marcel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Ariel\AppData\Local\gmsd_br_005010169\upgmsd_br_005010169.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\knsk13D9.tmpfs
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Users\Ariel\AppData\Local\Temp\nshACD1.tmp
(TODO: <公司名>) C:\ProgramData\upgsvr.exe
() C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\hnsv4E04.tmp
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Mentor Graphics Corporation) C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
() C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\jnsa30E1.tmp
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Users\Ariel\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\Ariel\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Ariel\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Autodesk Inc.) C:\Users\Ariel\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe [718336 2011-03-02] ()
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel(R) Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-03-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-03-30] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-03-30] (Synaptics Incorporated)
HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-30] (AVAST Software)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [mbot_br_257] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2024800 2014-06-04] (Wondershare)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [LightGate] => C:\Users\Ariel\AppData\Roaming\LightGate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [HomePageHelper] => C:\Users\Ariel\AppData\Roaming\HomePage.exe [1100288 2015-11-25] ()
HKLM-x32\...\RunOnce: [upgmsd_br_005010169.exe] => C:\Users\Ariel\AppData\Local\gmsd_br_005010169\upgmsd_br_005010169.exe [3264176 2015-12-07] ()
Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ariel\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [GoogleChromeAutoLaunch_F825DD62C9AA018B43DBB0A1261D56EE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Run: [YeaInstaller] => C:\Users\Ariel\AppData\Local\Temp\setup.exe [2180096 2015-12-08] (TZ) <===== ATTENTION
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-04] (Microsoft Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRAM FILES (X86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-12-19] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-11-30] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49607;https=127.0.0.1:49607
Tcpip\Parameters: [DhcpNameServer] 187.122.127.58 187.122.127.34
Tcpip\..\Interfaces\{32FEAEFB-EA38-45F4-B6E3-D9FD52082E3F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8159B5FE-9EAE-4840-9C07-B04B3A444AEA}: [DhcpNameServer] 187.122.127.58 187.122.127.34
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409789721&from=irs&uid=TOSHIBAXMK7559GSXP_41F6F0DBSXX41F6F0DBS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409789721&from=irs&uid=TOSHIBAXMK7559GSXP_41F6F0DBSXX41F6F0DBS&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
HKU\S-1-5-21-3714732022-3955062655-33925618-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=209&itype=n&ver=13467&tm=465&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=209&itype=n&ver=13467&tm=465&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=77034122_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M24457FA8-F75E-4482-837D-F206BCBDD1AA&SearchSource=58&CUI=&UM=6&UP=SPBCBBCEB8-8D74-4C47-9028-9A2357B30914&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {72110F6D-94C1-4080-9608-99B7FD2048DE} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=209&itype=n&ver=13467&tm=465&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=77034122_oem_dg&ch=33
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
SearchScopes: HKU\S-1-5-21-3714732022-3955062655-33925618-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-30] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-11-02] (Oracle Corporation)
BHO-x32: Baidu Toolbar BHO -> {77FEF28E-EB96-44FF-B511-3185DEA48697} -> C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-30] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-11-02] (Oracle Corporation)
Toolbar: HKLM-x32 - °Ù¶È¹¤¾ßÀ¸ - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files (x86)\Baidu\Toolbar\BaiduBarX.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449584979&z=5556be86880b6ff2af20ccbg3z5z3t1w6bez7tbm7q&from=cmi&uid=TOSHIBAXMK7559GSXP_41F6F0DBSXX41F6F0DBS
FireFox:
========
FF ProfilePath: C:\Users\Ariel\AppData\Roaming\Mozilla\Firefox\Profiles\sh6vw0wl.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @baidu.com/BaiduExpert-npplugin -> C:\Users\Ariel\AppData\Roaming\Baidu\BDWebAdapter\3.0.348.0\npBDExNP.dll [2015-12-08] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-11-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-06-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-06-08] (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3714732022-3955062655-33925618-1000: gastecnologia.com.br/sf/uni -> C:\Users\Ariel\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll [2014-07-15] (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-06] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Twitter ™) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmflajicfghjbedfjgaiimfcffkiime [2015-01-27]
CHR Extension: (Facebook) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-01-27]
CHR Extension: (Movie Mode) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmhnlonpgaajdgcddgdeknmejeljoei [2015-12-08]
CHR Extension: (Google +) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-03-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-10-06]
CHR Extension: (feedly) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2015-12-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Instagram) - C:\Users\Ariel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacfdfgmgfbpgjgpgghdcjfaajdiggho [2015-01-27]
CHR Extension: (Plugin Beach) - C:\Users\Ariel\AppData\Local\Plugin Beach\Component [2015-12-08]
CHR HKU\S-1-5-21-3714732022-3955062655-33925618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ariel\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-02-12]
CHR HKU\S-1-5-21-3714732022-3955062655-33925618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://nav.brotlab.net?uid={6b0229a66e18437cbb388d03164c3dce}&r=102br
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)
R2 ginoquci; C:\Users\Ariel\AppData\Local\Temp\nshACD1.tmp [222208 2015-12-08] () [File not signed]
R2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
R2 nyneryxo; C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\hnsv4E04.tmp [134656 2015-12-08] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [33080 2014-11-07] (The OpenVPN Project)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 Remote Solver for Flow Simulation 2010; C:\Program Files (x86)\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [144680 2009-09-11] (Mentor Graphics Corporation)
R2 roqenufe; C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\jnsa30E1.tmp [307200 2015-12-08] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-09-04] (SolidWorks) [File not signed]
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [155280 2015-12-08] (TODO: <公司名>)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-24] (GAS Tecnologia LTDA)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-08] (Sysinternals process Explorer) <==== ATTENTION
R2 XBox; C:\Users\Ariel\AppData\Roaming\XBox\XBLive.exe [6728120 2015-11-05] ()
R2 cegopupy; C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72\knsk13D9.tmpfs [X]
S2 globalUpdate; no ImagePath <==== ATTENTION
S3 globalUpdatem; no ImagePath <==== ATTENTION
S2 MSSQL$TEW_SQLEXPRESS; no ImagePath
S4 SQLAgent$TEW_SQLEXPRESS; no ImagePath
S2 WMPNetworkSvc; no ImagePath
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S3 BprotectEx; no ImagePath
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 PCFApiUtil; no ImagePath
R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-03-30] (REDC)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [29352 2015-10-08] ()
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-28] ()
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-08 13:29 - 2015-12-08 13:30 - 00036837 _____ C:\Users\Ariel\Downloads\FRST.txt
2015-12-08 13:28 - 2015-12-08 13:29 - 00000000 ____D C:\FRST
2015-12-08 13:28 - 2015-12-08 13:28 - 02369024 _____ (Farbar) C:\Users\Ariel\Downloads\FRST64.exe
2015-12-08 12:55 - 2015-12-08 12:55 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-12-08 12:55 - 2015-12-08 12:55 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\CalendarTool
2015-12-08 12:55 - 2015-12-08 12:55 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-12-08 12:54 - 2015-12-08 12:54 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-08 12:41 - 2015-12-08 12:41 - 00000017 _____ C:\Windows\SysWOW64\history.dat
2015-12-08 12:37 - 2015-12-08 12:55 - 00000000 ____D C:\Users\Ariel\AppData\Local\gmsd_br_005010169
2015-12-08 12:33 - 2015-12-08 12:33 - 00000000 ____D C:\Users\Ariel\AppData\LocalLow\Baidu
2015-12-08 12:32 - 2015-11-26 07:58 - 04127064 _____ C:\Users\Ariel\AppData\Roaming\da3c3f44f7de8ef5.exe
2015-12-08 12:30 - 2015-12-08 13:24 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\XBox
2015-12-08 12:30 - 2015-12-08 12:52 - 00001443 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-08 12:30 - 2015-12-08 04:46 - 00271784 _____ C:\Users\Ariel\AppData\Roaming\downloader_2.0.0.1_102br_45_20151208_1446_1449557202.exe
2015-12-08 12:29 - 2015-12-08 13:06 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-08 12:29 - 2015-12-08 12:48 - 00000000 ____D C:\Program Files (x86)\SFK
2015-12-08 12:29 - 2015-12-08 12:31 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\istartpageing
2015-12-08 12:27 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Ariel\AppData\Roaming\HomePage.exe
2015-12-08 07:40 - 2015-12-08 07:40 - 00000000 ____D C:\Users\Ariel\AppData\Local\Yeaplayer
2015-12-08 01:39 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\Ariel\AppData\Roaming\yeaplayer_51472.exe
2015-12-08 01:36 - 2015-12-08 12:51 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\LightGate
2015-12-08 01:36 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Ariel\AppData\Roaming\LightGate.exe
2015-12-08 01:35 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-08 01:34 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Ariel\AppData\Roaming\upgsvr.exe
2015-12-08 01:32 - 2015-12-08 07:40 - 00000000 ____D C:\Users\Ariel\AppData\Local\3C70F8C0-1449538339-11DE-83FA-F0BF9757CA72
2015-12-08 01:32 - 2015-12-08 01:32 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\ASPackage
2015-12-08 01:31 - 2015-12-08 12:58 - 00000000 ____D C:\Program Files (x86)\3C70F8C0-1449545487-11DE-83FA-F0BF9757CA72
2015-12-08 01:31 - 2014-12-02 02:47 - 00000822 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-08 01:30 - 2015-12-08 01:30 - 00003174 _____ C:\Windows\System32\Tasks\Plugin Beach
2015-12-08 01:30 - 2015-12-08 01:30 - 00003164 _____ C:\Windows\System32\Tasks\Plugin Beach2
2015-12-08 01:29 - 2015-12-08 01:30 - 00000000 ____D C:\Users\Ariel\AppData\Local\Plugin Beach
2015-12-08 00:59 - 2015-12-08 01:23 - 00000000 ____D C:\Users\Ariel\Downloads\SW2010_SP0.0
2015-12-08 00:59 - 2015-12-08 00:59 - 00000000 ____D C:\Users\Ariel\Downloads\AUTODESK.AUTOCAD.V2016.x64.x86-ISO-DownloadsFull.Net
2015-12-08 00:51 - 2015-12-08 00:51 - 00002285 _____ C:\Users\Ariel\Desktop\Instalar agora Autodesk® AutoCAD® 2016.lnk
2015-12-08 00:51 - 2015-12-08 00:51 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-08 00:50 - 2015-12-08 00:50 - 00000000 ____D C:\Program Files (x86)\Autodesk
2015-12-08 00:46 - 2015-12-08 00:46 - 00002100 _____ C:\Users\Public\Desktop\AutoCAD 2016 - Português - Brasil (Brazilian Portuguese).lnk
2015-12-08 00:10 - 2015-12-08 00:24 - 00000000 ____D C:\Program Files\Autodesk
2015-12-08 00:06 - 2015-12-08 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-12-07 23:54 - 2015-12-07 23:55 - 00000000 ____D C:\Autodesk
2015-12-07 22:18 - 2015-12-07 22:18 - 00003300 _____ C:\Windows\System32\Tasks\{C141AAA1-41A3-4D10-8BFB-E3D4B9225C4C}
2015-12-07 21:48 - 2015-12-07 21:48 - 00003300 _____ C:\Windows\System32\Tasks\{965F8CCB-864E-44CA-9649-374927C62F63}
2015-12-07 19:10 - 2015-12-07 19:10 - 00000000 _____ C:\Windows\eDrawingOfficeAutomator.INI
2015-12-07 19:03 - 2015-12-07 19:03 - 00112527 _____ C:\Users\Ariel\Downloads\Emerald 25 Semanas.pdf
2015-12-07 19:02 - 2015-12-07 19:03 - 00112384 _____ C:\Users\Ariel\Downloads\ATC Ireland - Dublin 25 Semanas Tarde.pdf
2015-12-07 18:48 - 2015-12-07 23:50 - 00000000 ____D C:\Program Files (x86)\SolidWorks Corp
2015-12-07 18:33 - 2015-12-07 18:33 - 00003046 _____ C:\Windows\System32\Tasks\{D1BD0394-7BA9-474B-A91A-8F8257FCF846}
2015-12-06 15:43 - 2015-12-08 00:58 - 00000000 ____D C:\Users\Ariel\AppData\LocalLow\uTorrent
2015-12-04 19:38 - 2015-12-04 19:38 - 00136823 _____ C:\Users\Ariel\Downloads\CT - Dublin - ERIN School (25+8) com Assist em R$ + 2s E HOUSE (dead.13.12.15).pdf
2015-12-04 19:38 - 2015-12-04 19:38 - 00135881 _____ C:\Users\Ariel\Downloads\CT - Dublin - Malvern House TARDE (25+8) com Assist em R$ + 2 sE HOUSE (dead.13.12.15).pdf
2015-11-16 16:18 - 2015-12-07 23:18 - 00000000 ____D C:\Users\Ariel\Desktop\UBP
2015-11-15 18:01 - 2015-11-25 13:40 - 00000000 ____D C:\Users\Ariel\Desktop\Intercâmbio
2015-11-12 15:23 - 2015-11-03 15:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 15:07 - 2015-10-20 16:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 15:07 - 2015-10-20 16:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 15:07 - 2015-10-20 16:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 15:07 - 2015-10-20 16:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 15:07 - 2015-10-20 16:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 15:07 - 2015-10-20 16:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 15:07 - 2015-10-20 15:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 15:07 - 2015-10-20 15:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 15:05 - 2015-11-03 20:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 15:05 - 2015-11-03 19:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 15:05 - 2015-10-30 21:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 15:05 - 2015-10-30 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 15:05 - 2015-10-30 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 15:05 - 2015-10-30 21:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 15:05 - 2015-10-30 21:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 15:05 - 2015-10-30 21:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 15:05 - 2015-10-30 21:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 15:05 - 2015-10-30 21:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 15:05 - 2015-10-30 21:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 15:05 - 2015-10-30 21:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 15:05 - 2015-10-30 21:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 15:05 - 2015-10-30 21:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 15:05 - 2015-10-30 21:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 15:05 - 2015-10-30 21:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 15:05 - 2015-10-30 21:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 15:05 - 2015-10-30 21:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 15:05 - 2015-10-30 21:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 15:05 - 2015-10-30 21:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 15:05 - 2015-10-30 21:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 15:05 - 2015-10-30 20:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 15:05 - 2015-10-30 20:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 15:05 - 2015-10-30 20:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 15:05 - 2015-10-30 20:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 15:05 - 2015-10-30 20:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 15:05 - 2015-10-30 20:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 15:05 - 2015-10-30 20:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 15:05 - 2015-10-30 20:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 15:05 - 2015-10-30 20:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 15:05 - 2015-10-30 20:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 15:05 - 2015-10-30 20:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 15:05 - 2015-10-30 20:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 15:05 - 2015-10-30 20:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 15:05 - 2015-10-30 20:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 15:05 - 2015-10-30 20:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 15:05 - 2015-10-30 20:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 15:05 - 2015-10-30 20:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 15:05 - 2015-10-30 20:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 15:05 - 2015-10-30 20:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 15:05 - 2015-10-30 20:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 15:05 - 2015-10-30 20:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 15:05 - 2015-10-30 20:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 15:05 - 2015-10-30 20:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 15:05 - 2015-10-30 20:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 15:05 - 2015-10-30 20:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 15:05 - 2015-10-30 20:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 15:05 - 2015-10-30 20:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 15:05 - 2015-10-30 20:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 15:05 - 2015-10-30 20:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 15:05 - 2015-10-30 20:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 15:05 - 2015-10-30 20:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 15:05 - 2015-10-30 20:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 15:05 - 2015-10-30 20:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 15:05 - 2015-10-30 20:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 15:05 - 2015-10-30 20:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 15:05 - 2015-10-30 20:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 15:05 - 2015-10-30 20:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 15:05 - 2015-10-30 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 15:05 - 2015-10-30 20:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 15:05 - 2015-10-30 19:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 15:05 - 2015-10-30 19:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 15:05 - 2015-10-30 19:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 15:05 - 2015-10-30 19:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 15:03 - 2015-10-19 23:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 15:03 - 2015-10-19 23:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 15:03 - 2015-10-19 23:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 15:03 - 2015-10-19 23:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 15:03 - 2015-10-19 23:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 15:03 - 2015-10-19 23:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 15:03 - 2015-10-19 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 15:03 - 2015-10-19 23:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 15:03 - 2015-10-19 23:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 15:03 - 2015-10-19 23:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 15:03 - 2015-10-19 23:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 15:03 - 2015-10-19 23:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 15:03 - 2015-10-19 22:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 15:03 - 2015-10-19 22:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 15:03 - 2015-10-19 22:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 15:03 - 2015-10-19 22:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 15:03 - 2015-10-19 22:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 15:03 - 2015-10-19 22:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 15:03 - 2015-10-19 22:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 15:03 - 2015-10-19 22:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 15:03 - 2015-10-19 22:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 22:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 15:03 - 2015-10-19 21:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 15:03 - 2015-10-19 21:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 15:03 - 2015-10-19 21:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 15:03 - 2015-10-19 21:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 15:03 - 2015-10-19 21:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 15:03 - 2015-10-19 21:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 15:03 - 2015-09-23 11:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 15:03 - 2015-09-23 11:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 15:03 - 2015-09-23 11:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 15:02 - 2015-10-29 15:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 15:02 - 2015-10-29 15:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 15:02 - 2015-10-29 15:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 15:02 - 2015-10-29 15:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 15:02 - 2015-10-13 14:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 15:02 - 2015-10-13 14:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 14:57 - 2015-10-13 02:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 14:57 - 2015-10-01 16:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 14:57 - 2015-10-01 16:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 14:57 - 2015-10-01 15:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-08 13:28 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-12-08 13:24 - 2014-10-03 11:43 - 00000560 __RSH C:\ProgramData\ntuser.pol
2015-12-08 13:16 - 2014-05-05 21:27 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-08 13:05 - 2014-09-03 22:01 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\uTorrent
2015-12-08 13:05 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-12-08 13:00 - 2009-07-14 02:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-08 13:00 - 2009-07-14 02:45 - 00017072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-08 12:52 - 2015-02-12 20:29 - 00000000 ___RD C:\Users\Ariel\Google Drive
2015-12-08 12:52 - 2014-05-05 21:28 - 00002229 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 12:51 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-08 12:49 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-08 12:48 - 2014-05-02 04:49 - 00001413 _____ C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-08 12:47 - 2015-11-02 23:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-08 12:47 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-08 12:36 - 2014-11-10 12:55 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Baidu
2015-12-08 12:31 - 2014-05-05 23:02 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-08 12:30 - 2014-05-05 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-08 00:45 - 2014-09-09 00:46 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2015-12-08 00:45 - 2014-09-09 00:31 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Autodesk
2015-12-08 00:43 - 2014-09-09 00:31 - 00000000 ____D C:\ProgramData\Autodesk
2015-12-08 00:42 - 2014-09-09 00:45 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-12-08 00:42 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-07 23:53 - 2014-09-29 19:08 - 00659968 ___SH C:\Users\Ariel\Downloads\Thumbs.db
2015-12-07 23:10 - 2014-09-04 18:48 - 00000000 ____D C:\Users\Ariel\Documents\SolidWorks Downloads
2015-12-07 22:13 - 2014-09-04 21:56 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
2015-12-07 22:12 - 2014-09-04 21:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-07 22:01 - 2015-01-26 18:08 - 00000000 ____D C:\Users\Ariel\Desktop\Pessoal
2015-12-07 21:32 - 2014-09-09 00:52 - 00000000 ____D C:\Users\Ariel\AppData\Local\Autodesk
2015-12-07 20:53 - 2014-09-04 18:47 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\SolidWorks
2015-12-07 20:29 - 2014-05-05 22:50 - 00000000 ____D C:\Users\Ariel\AppData\Local\Adobe
2015-12-07 19:01 - 2014-09-13 13:55 - 01083904 ___SH C:\Users\Ariel\Desktop\Thumbs.db
2015-12-07 18:48 - 2014-09-04 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-07 16:26 - 2015-06-09 15:36 - 00000000 ____D C:\Users\Ariel\Documents\Inventor
2015-12-02 13:39 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2015-12-02 10:11 - 2014-05-05 21:27 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 10:11 - 2014-05-05 21:27 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 10:11 - 2014-05-05 21:27 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-01 18:36 - 2015-01-26 14:17 - 00000000 ____D C:\Users\Ariel\Documents\Outlook Files
2015-11-27 15:56 - 2014-10-06 10:29 - 00000000 ____D C:\Users\Ariel\AppData\Roaming\Skype
2015-11-25 12:40 - 2015-02-12 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-19 17:02 - 2015-04-20 11:39 - 00000000 ____D C:\Windows\system32\MRT
2015-11-19 16:55 - 2015-04-20 11:39 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-19 16:54 - 2014-09-08 23:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-19 16:34 - 2009-07-14 05:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-19 16:34 - 2009-07-14 00:34 - 00000478 _____ C:\Windows\win.ini
2015-11-09 12:30 - 2014-10-06 10:29 - 00000000 ____D C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-09-02 11:20 - 2015-09-02 11:20 - 6714975 _____ () C:\Users\Ariel\AppData\Roaming\asaasaasa.zip
2015-12-08 12:32 - 2015-11-26 07:58 - 4127064 _____ () C:\Users\Ariel\AppData\Roaming\da3c3f44f7de8ef5.exe
2015-12-08 12:30 - 2015-12-08 04:46 - 0271784 _____ () C:\Users\Ariel\AppData\Roaming\downloader_2.0.0.1_102br_45_20151208_1446_1449557202.exe
2015-12-08 12:27 - 2015-11-25 15:31 - 1100288 _____ () C:\Users\Ariel\AppData\Roaming\HomePage.exe
2015-12-08 01:36 - 2015-12-04 13:14 - 1081344 _____ () C:\Users\Ariel\AppData\Roaming\LightGate.exe
2015-09-02 11:20 - 2015-09-02 11:20 - 0027973 _____ () C:\Users\Ariel\AppData\Roaming\pak.zip
2015-04-19 10:20 - 2015-04-19 10:20 - 0005872 _____ () C:\Users\Ariel\AppData\Roaming\RT2uUvImTCfceCEMBGnvO1N
2014-05-05 21:30 - 2015-05-11 18:19 - 0030971 _____ () C:\Users\Ariel\AppData\Roaming\unins000.dat
2015-05-11 18:19 - 2015-05-11 18:19 - 0717985 _____ () C:\Users\Ariel\AppData\Roaming\unins000.exe
2015-12-08 01:34 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Ariel\AppData\Roaming\upgsvr.exe
2015-01-26 12:52 - 2015-01-26 12:52 - 0000045 _____ () C:\Users\Ariel\AppData\Roaming\WB.CFG
2015-12-08 01:39 - 2015-11-14 21:08 - 2496403 _____ ( ) C:\Users\Ariel\AppData\Roaming\yeaplayer_51472.exe
2015-02-17 19:33 - 2015-02-17 20:24 - 0000548 _____ () C:\Users\Ariel\AppData\Local\out.png
2014-12-01 15:11 - 2014-12-01 15:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-10 12:55 - 2014-11-10 12:55 - 0000165 _____ () C:\ProgramData\bc.ini
2014-09-09 00:51 - 2014-09-09 00:51 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-07-29 11:48 - 2015-07-29 11:48 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-12-08 01:35 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
Files to move or delete:
====================
C:\Users\Ariel\AppData\Local\Temp\setup.exe
C:\ProgramData\upgsvr.exe
Some files in TEMP:
====================
C:\Users\Ariel\AppData\Local\Temp\1%20navigaki.exe
C:\Users\Ariel\AppData\Local\Temp\AcDeltree.exe
C:\Users\Ariel\AppData\Local\Temp\avg82E5.exe
C:\Users\Ariel\AppData\Local\Temp\BDWebAdapterZip.dll
C:\Users\Ariel\AppData\Local\Temp\BDWebDownload.dll
C:\Users\Ariel\AppData\Local\Temp\bitool.dll
C:\Users\Ariel\AppData\Local\Temp\setup.exe
C:\Users\Ariel\AppData\Local\Temp\Uninstall.exe
C:\Users\Ariel\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-02 10:40
==================== End of FRST.txt ============================