Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:14-12-2015 Executado por Nathan (administrador) em NATHAN-PC (15-12-2015 15:19:40) Executando a partir de C:\Users\Nathan\Downloads Perfis Carregados: Nathan (Perfis Disponíveis: Nathan) Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Ray you) C:\Program Files (x86)\RayDld\ihpmServer.exe () C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe (DotCash Limited) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe () C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\jnsp754F.tmp (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (© 2015 Microsoft Corporation) C:\Users\Nathan\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_watch.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_hub.exe () C:\ProgramData\WindowsMsg\osmsg.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_filetransfer.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_browser.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_central_control.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_monitor.exe () C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_dialogs.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe () C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe (Nexon) C:\Level Up! Games\Combat Arms\CombatArms.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 1999-12-31] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => "C:\Program Files\iTunes\iTunesHelper.exe" HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.BR\raidcall.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [mbot_br_014010153] => [X] HKLM-x32\...\Run: [gmsd_br_005010154] => [X] HKLM-x32\...\Run: [rec_en_77] => [X] HKLM-x32\...\Run: [gmsd_br_005010155] => [X] HKLM-x32\...\Run: [gmsd_br_004010155] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-09] (AVAST Software) HKLM-x32\...\Run: [HomePageHelper] => C:\ProgramData\HomePage.exe [1100288 2015-11-25] () HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe [1081344 2015-12-04] () HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [BingSvc] => C:\Users\Nathan\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-13] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [MediaFire Tray] => C:\Users\Nathan\AppData\Local\MediaFire Desktop\mf_watch.exe [4025856 2015-11-05] () HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software) HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [CrashService] => "C:\Users\Nathan\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2920448 2015-12-02] () HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50749056 2015-12-08] (Skype Technologies S.A.) HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\Run: [-] => c:\programdata\carssb.exe [1852416 2015-12-15] () HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\...\MountPoints2: {8cc533d5-5ae0-11e5-a88f-902b34f9e21b} - F:\LGAutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-09] (AVAST Software) ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_6c25c.dll [2015-08-20] (TODO: ) ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_6c25c.dll [2015-08-20] (TODO: ) ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_6c25c.dll [2015-08-20] (TODO: ) ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_6c25c.dll [2015-08-20] (TODO: ) ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_6c25c.dll [2015-08-20] (TODO: ) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [.DEFAULT] => Proxy está habilitado. ProxyServer: [.DEFAULT] => http=127.0.0.1:50785;https=127.0.0.1:50785 Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll Nenhum Arquivo Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll Nenhum Arquivo Tcpip\Parameters: [DhcpNameServer] 187.122.127.35 187.122.127.59 Tcpip\..\Interfaces\{6981DDE4-5613-4EA0-B08D-D61797B3DB4F}: [DhcpNameServer] 187.122.127.35 187.122.127.59 Tcpip\..\Interfaces\{7329F755-F2A9-4455-8A80-6BD55B0F62AB}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B23DF83A-566F-4183-B9FC-D9296F173646}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=91104071_hao_pg HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953 HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ URLSearchHook: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 - (Sem Nome) - {D8278076-BC68-4484-9233-6E7F1628B56C} - Nenhum Arquivo SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} SearchScopes: HKLM -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334580&octid=EB_ORIGINAL_CTID&ISID=M05293CE4-7B2C-487E-8C4D-CA94E0C954B1&SearchSource=58&CUI=&UM=8&UP=SPB632A31D-33C7-46D8-A7E9-A9E05478C6CE&D=112215&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1448149121&z=0e8773fead7355d22bdadadg5z7zcbegazct6g3o2g&from=tugss&uid=wdcxwd5000aakx-00u6aa0_wd-wcc2ecu1895318953&q={searchTerms} SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_6&ent=ch_5108&q={searchTerms} SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {5BAB3DD0-AFDA-4675-9FE4-5A0226D1E264} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://mysearch.avg.com/search?cid={B350ABAC-BA49-409B-9DCA-4FA89120E3BE}&mid=6488f62645fe47cd80904162721d0be8-db1370f5bca904e6bdb50359c1e986e718b9aa06&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-09-13 11:07:06&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-1221338766-1399980504-2822238388-1000 -> {9521373A-EC33-4E6A-9C87-E1549227A163} URL = hxxp://www.search.ask.com/web?tpid=ATU4SP-MED&o=APN11391&pf=V7&p2=^BAY^defaul^BW^BR&gct=sb&itbv=12.34.1.2165&apn_uid=14821F95-D3D6-4327-ADB0-9372688B3377&apn_ptnrs=^BAY&apn_dtid=^defaul^BW^BR&apn_dbr=chrome.exe_0_45.0.2454.85&doi=2015-09-05&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-23] (AVAST Software) BHO: Sem Nome -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Nenhum Arquivo BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Sem Nome -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} -> Nenhum Arquivo BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-23] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Sem Nome -> {b608cc98-54de-4775-96c9-097de398500c} -> Nenhum Arquivo BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-11-07] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [Nenhum Arquivo] FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2015-11-07] (Microsoft Corporation) FF Plugin-x32: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npnxgame.dll [2015-09-05] (Nexon) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-09-17] (Nexon) FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Nathan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-09-18] (Raidcall) FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Nathan\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll [Nenhum Arquivo] FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-11-23] (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-11-23] (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}] - C:\Program Files\shopperz211120151408\Firefox\{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}] - C:\Program Files\shopperz211120151408\Firefox\{594A1C2F-8940-4DAF-87D8-DB187D9DEDF8}.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-09] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-09] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br CHR StartupUrls: Default -> "hxxps://www.google.com.br/" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-02] CHR Extension: (Google Docs) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-02] CHR Extension: (Google Drive) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02] CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02] CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02] CHR Extension: (Bing) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-02] CHR Extension: (Planilhas do Google) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-02] CHR Extension: (Documentos Google off-line) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-03] CHR Extension: (Avast Online Security) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-02] CHR Extension: (Skype Click to Call) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-11] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-03] CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-02] CHR HKU\S-1-5-21-1221338766-1399980504-2822238388-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-23] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-09] (AVAST Software) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 1999-12-31] (Intel Corporation) R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [271592 2015-11-18] (Ray you) S3 MediaFire Desktop Updater Service; C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe [210416 2015-11-05] () R2 MF NTFS Monitor; C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe [456176 2015-11-05] () R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [270304 2015-11-21] (DotCash Limited) R2 qymumylo; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\jnsp754F.tmp [247808 2015-11-21] () [Arquivo não assinado] R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.0.10998\WeatherService.exe [152008 2015-11-01] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X] S2 Dripkix; não ImagePath S2 ginoquci; não ImagePath S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X] S2 rojuxire; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\knsp8995.tmp [X] S2 SSFK; não ImagePath S2 typikeni; C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009\hnse907E.tmp [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-09] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [450504 2015-12-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-09] (AVAST Software) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-11-05] (Windows (R) Win 7 DDK provider) R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [55016 2015-11-21] (DotCash) R2 SPDRIVER_1.42.1.2719; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2719\jsdrv.sys [52376 2015-10-27] () S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16056 2015-12-07] (SlimWare Utilities, Inc.) S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-11-25] (电脑管家) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17039.214\QMUdisk64.sys [X] S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.2.17039.214\softaal64.sys [X] S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2015-12-15 15:19 - 2015-12-15 15:20 - 00027105 _____ C:\Users\Nathan\Downloads\FRST.txt 2015-12-15 15:19 - 2015-12-15 15:19 - 02369536 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe 2015-12-15 15:19 - 2015-12-15 15:19 - 00000000 ____D C:\FRST 2015-12-15 15:17 - 2015-12-15 15:17 - 01720832 _____ (Farbar) C:\Users\Nathan\Downloads\FRST.exe 2015-12-15 10:38 - 2015-12-15 10:38 - 00000000 ____D C:\Program Files (x86)\WeatherTool 2015-12-15 10:35 - 2015-12-15 13:50 - 01852416 _____ C:\Users\Todos os Usuários\carssb.exe 2015-12-15 10:35 - 2015-12-15 13:50 - 01852416 _____ C:\ProgramData\carssb.exe 2015-12-15 00:10 - 2015-12-15 00:10 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\LightGate 2015-12-13 09:26 - 2015-12-13 09:26 - 00000000 ___HD C:\Users\Nathan\Documents\.4sh 2015-12-13 09:20 - 2015-12-13 09:20 - 11595328 _____ (New IT Solutions) C:\Users\Nathan\Downloads\4shared_Desktop_4.0.14.27377.exe 2015-12-13 09:03 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL 2015-12-13 09:01 - 2015-12-13 09:01 - 17251392 _____ (DsNET Corp ) C:\Users\Nathan\Downloads\aTubeCatcher.exe 2015-12-13 07:28 - 2015-12-13 09:03 - 00001190 _____ C:\Users\Public\Desktop\aTube Catcher.lnk 2015-12-13 07:28 - 2015-12-13 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2015-12-13 07:28 - 2015-12-13 07:28 - 00000000 ____D C:\Program Files (x86)\DsNET Corp 2015-12-13 07:21 - 2015-12-13 07:24 - 00000000 ____D C:\Program Files (x86)\Ares 2015-12-13 07:21 - 2015-12-13 07:21 - 00000000 ____D C:\Users\Nathan\AppData\Local\Ares 2015-12-11 12:47 - 2015-12-11 12:54 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-11 12:47 - 2015-12-11 12:47 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-11 12:47 - 2015-12-11 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-11 12:45 - 2015-12-11 12:46 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Nathan\Downloads\SkypeSetup.exe 2015-12-09 11:38 - 2015-12-09 11:38 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-09 11:37 - 2015-12-09 11:37 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-08 18:04 - 2015-11-20 16:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-08 18:04 - 2015-11-20 16:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-08 18:04 - 2015-11-20 16:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-08 18:04 - 2015-11-20 16:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-08 18:04 - 2015-11-20 16:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-08 18:04 - 2015-11-20 16:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-08 18:04 - 2015-11-20 16:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-08 18:04 - 2015-11-20 16:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-08 18:04 - 2015-11-20 16:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-08 18:04 - 2015-11-11 19:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-08 18:04 - 2015-11-11 18:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-08 18:04 - 2015-11-11 16:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-08 18:04 - 2015-11-11 16:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-08 18:04 - 2015-11-11 16:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-08 18:04 - 2015-11-11 16:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-08 18:04 - 2015-11-11 14:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-08 18:04 - 2015-11-11 14:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-08 18:04 - 2015-11-11 13:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-08 18:04 - 2015-11-11 13:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-08 18:04 - 2015-11-11 13:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-08 18:04 - 2015-11-11 13:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-08 18:04 - 2015-11-11 12:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-08 18:04 - 2015-11-10 16:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-08 18:04 - 2015-11-10 16:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-08 18:04 - 2015-11-10 16:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-08 18:04 - 2015-11-10 16:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-08 18:04 - 2015-11-10 16:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-08 18:04 - 2015-11-10 15:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-08 18:04 - 2015-11-09 22:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-08 18:04 - 2015-11-09 22:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-08 18:04 - 2015-11-09 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-08 18:04 - 2015-11-09 22:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-08 18:04 - 2015-11-09 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-08 18:04 - 2015-11-09 22:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-08 18:04 - 2015-11-09 22:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-08 18:04 - 2015-11-09 22:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-08 18:04 - 2015-11-09 22:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-08 18:04 - 2015-11-09 22:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-08 18:04 - 2015-11-09 22:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-08 18:04 - 2015-11-09 22:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-08 18:04 - 2015-11-09 22:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-08 18:04 - 2015-11-09 21:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-08 18:04 - 2015-11-09 21:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-08 18:04 - 2015-11-09 21:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-08 18:04 - 2015-11-09 21:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-08 18:04 - 2015-11-09 21:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-08 18:04 - 2015-11-09 21:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-08 18:04 - 2015-11-09 21:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-08 18:04 - 2015-11-09 21:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-08 18:04 - 2015-11-09 21:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-08 18:04 - 2015-11-09 21:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-08 18:04 - 2015-11-09 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-08 18:04 - 2015-11-08 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-08 18:04 - 2015-11-08 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-08 18:04 - 2015-11-08 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-08 18:04 - 2015-11-08 20:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-08 18:04 - 2015-11-08 20:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-08 18:04 - 2015-11-08 20:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-08 18:04 - 2015-11-08 20:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-08 18:04 - 2015-11-08 20:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-08 18:04 - 2015-11-08 20:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-08 18:04 - 2015-11-08 20:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-08 18:04 - 2015-11-08 20:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-08 18:04 - 2015-11-08 20:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-08 18:04 - 2015-11-08 20:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-08 18:04 - 2015-11-08 20:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-08 18:04 - 2015-11-08 20:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-08 18:04 - 2015-11-08 20:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-08 18:04 - 2015-11-08 19:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-08 18:04 - 2015-11-08 19:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-08 18:04 - 2015-11-08 19:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-08 18:04 - 2015-11-08 19:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-08 18:04 - 2015-11-08 19:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-08 18:04 - 2015-11-08 19:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-08 18:04 - 2015-11-08 19:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-08 18:04 - 2015-11-08 19:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-08 18:04 - 2015-11-08 19:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-08 18:04 - 2015-11-08 19:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-08 18:04 - 2015-11-08 19:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-08 18:04 - 2015-11-08 19:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-08 18:04 - 2015-11-08 18:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-08 18:04 - 2015-11-08 18:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-08 18:04 - 2015-11-08 18:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-08 18:04 - 2015-11-05 17:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-08 18:04 - 2015-11-05 17:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-08 18:04 - 2015-11-05 07:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-08 18:04 - 2015-11-03 17:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-08 18:04 - 2015-11-03 16:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-08 18:02 - 2015-11-03 17:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-08 18:02 - 2015-11-03 16:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-07 01:23 - 2015-12-08 18:31 - 00000000 ____D C:\Windows.old 2015-12-07 00:34 - 2015-12-08 18:31 - 00000000 ____D C:\Users\Nathan 2015-12-06 20:42 - 2015-12-06 20:42 - 00159144 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\WindowsActivationUpdate.exe 2015-12-04 12:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe 2015-12-04 12:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2015-12-03 10:57 - 2015-12-08 18:24 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-02 23:43 - 2015-12-15 00:10 - 00002305 ____R C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-02 23:43 - 2015-12-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-12-02 23:41 - 2015-12-10 11:18 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-02 23:41 - 2015-12-10 11:18 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-02 23:41 - 2015-12-07 00:47 - 00004176 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-02 23:41 - 2015-12-07 00:47 - 00003924 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-02 08:25 - 2015-12-02 15:40 - 01308162 _____ ( ) C:\Users\Todos os Usuários\carss---.exe 2015-12-02 08:25 - 2015-12-02 15:40 - 01308162 _____ ( ) C:\ProgramData\carss---.exe 2015-11-30 12:03 - 2015-11-30 19:28 - 01927168 _____ C:\Users\Todos os Usuários\tops.exe 2015-11-30 12:03 - 2015-11-30 19:28 - 01927168 _____ C:\ProgramData\tops.exe 2015-11-27 12:14 - 2015-11-26 07:58 - 04127064 _____ C:\Users\Todos os Usuários\ch_dl_url 2015-11-27 12:14 - 2015-11-26 07:58 - 04127064 _____ C:\ProgramData\ch_dl_url 2015-11-27 12:10 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe 2015-11-27 12:10 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe 2015-11-26 23:26 - 2015-11-27 00:02 - 167839512 _____ (Apple Inc.) C:\Users\Nathan\Downloads\iTunes6464Setup.exe 2015-11-25 16:02 - 2015-11-25 16:02 - 00000000 ____D C:\Users\Nathan\AppData\Local\gmsd_br_005010157 2015-11-25 16:02 - 2015-11-25 16:02 - 00000000 ____D C:\Program Files (x86)\gmsd_br_005010157 2015-11-25 14:30 - 2015-11-25 14:30 - 00005120 _____ C:\Users\Nathan\AppData\Roaming\GiftBag.db 2015-11-24 13:55 - 2015-11-24 13:55 - 00002114 _____ C:\Users\Todos os Usuários\carss.exe.lnk 2015-11-24 13:55 - 2015-11-24 13:55 - 00002114 _____ C:\ProgramData\carss.exe.lnk 2015-11-23 18:30 - 2015-11-27 12:09 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys 2015-11-23 17:30 - 2015-11-23 17:30 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\AVAST Software 2015-11-23 17:29 - 2015-12-08 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-11-23 17:29 - 2015-11-23 17:29 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-11-23 17:28 - 2015-12-09 11:38 - 00450504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-11-23 17:28 - 2015-12-09 11:38 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-11-23 17:28 - 2015-12-09 11:38 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-11-23 17:28 - 2015-12-09 11:38 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-11-23 17:28 - 2015-12-09 11:38 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-11-23 17:28 - 2015-12-09 11:38 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-11-23 17:28 - 2015-12-09 11:38 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-11-23 17:28 - 2015-12-09 11:38 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-11-23 17:28 - 2015-12-09 11:37 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-11-23 17:27 - 2015-11-23 17:27 - 00000000 ____D C:\Program Files\AVAST Software 2015-11-23 17:26 - 2015-11-23 17:26 - 05084256 _____ (AVAST Software) C:\Users\Nathan\Downloads\avast_free_antivirus_setup_online.exe 2015-11-23 17:26 - 2015-11-23 17:26 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2015-11-23 17:26 - 2015-11-23 17:26 - 00000000 ____D C:\ProgramData\AVAST Software 2015-11-23 16:58 - 2015-11-23 16:58 - 00000000 ____D C:\Users\Todos os Usuários\TXQMPC 2015-11-23 16:58 - 2015-11-23 16:58 - 00000000 ____D C:\ProgramData\TXQMPC 2015-11-23 16:52 - 2015-11-23 16:52 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\TENCENT 2015-11-23 16:48 - 2015-11-25 14:28 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys 2015-11-23 16:48 - 2015-11-23 16:48 - 00000000 ____D C:\Program Files\Common Files\Tencent 2015-11-23 16:47 - 2015-11-25 14:28 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys 2015-11-23 16:47 - 2015-11-23 16:47 - 00000000 ____D C:\Program Files (x86)\Tencent 2015-11-23 15:24 - 2015-11-23 15:24 - 00000000 ____D C:\Users\Nathan\AppData\LocalLow\SmartWeb 2015-11-23 15:22 - 2015-11-23 15:22 - 00592759 _____ C:\Users\Nathan\AVGInstLog.cab 2015-11-23 15:18 - 2015-11-23 15:18 - 00000008 _____ C:\END 2015-11-23 15:12 - 2015-11-30 13:03 - 00000644 _____ C:\Users\Todos os Usuários\xcgui_debug.txt 2015-11-23 15:12 - 2015-11-30 13:03 - 00000644 _____ C:\ProgramData\xcgui_debug.txt 2015-11-23 15:03 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\3WMiniPro3 2015-11-23 15:03 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\3WMiniPro3 2015-11-23 14:57 - 2015-12-08 18:24 - 00000000 ____D C:\Windows\system32\appmgmt 2015-11-23 14:52 - 2015-11-23 16:58 - 00000000 ____D C:\Users\Todos os Usuários\Tencent 2015-11-23 14:52 - 2015-11-23 16:58 - 00000000 ____D C:\ProgramData\Tencent 2015-11-23 14:51 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\032B0290-1448297491-05F9-E206-1B0700080009 2015-11-23 14:51 - 2015-11-23 14:51 - 00001046 _____ C:\Windows\Tasks\xT3rYNeym.job 2015-11-23 14:50 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\OpedBrowsrVersion5 2015-11-23 14:47 - 2015-11-23 18:58 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Tencent 2015-11-23 14:44 - 2015-12-15 10:27 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2015-11-23 14:44 - 2015-12-15 10:27 - 00000000 ____D C:\ProgramData\WindowsMsg 2015-11-23 14:39 - 2015-12-07 00:47 - 00004298 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update 2015-11-23 14:36 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\WWMiniProW 2015-11-23 14:36 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\WWMiniProW 2015-11-23 14:33 - 2015-12-07 00:47 - 00004150 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task 2015-11-23 14:15 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe 2015-11-23 14:15 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2015-11-22 21:11 - 2015-11-23 15:10 - 00000322 _____ C:\Users\Nathan\AppData\Roaming\xcgui_debug.txt 2015-11-22 21:07 - 2015-11-23 14:07 - 00000063 _____ C:\Users\Nathan\AppData\Roaming\WB.CFG 2015-11-22 21:01 - 2015-11-23 16:45 - 00000017 _____ C:\Windows\SysWOW64\history.dat 2015-11-22 20:51 - 2015-11-24 12:12 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\istartpageing 2015-11-22 20:51 - 2015-11-23 23:21 - 00000098 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-11-22 20:51 - 2015-11-23 23:21 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-11-22 20:51 - 2015-11-23 17:02 - 00000000 ____D C:\Program Files (x86)\SFK 2015-11-22 20:51 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Todos os Usuários\vWMiniProv 2015-11-22 20:51 - 2015-11-23 16:30 - 00000000 ____D C:\ProgramData\vWMiniProv 2015-11-22 20:28 - 2015-11-23 19:40 - 00000000 ____D C:\Program Files (x86)\032B0290-1448231309-05F9-E206-1B0700080009 2015-11-22 20:12 - 2015-11-22 20:12 - 00000000 ____D C:\Program Files (x86)\globalUpdate 2015-11-22 20:10 - 2015-11-23 17:02 - 00000000 ____D C:\Program Files\Dripkix 2015-11-22 20:10 - 2015-11-22 20:10 - 00000187 _____ C:\Users\Nathan\AppData\Local\Konk-hex.exe.config 2015-11-22 20:09 - 2015-12-07 00:47 - 00004350 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_323332373737353832362d2d37505a2a6c55326c342341 2015-11-22 20:08 - 2015-11-23 14:43 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\systweak 2015-11-22 20:08 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe 2015-11-22 20:07 - 2015-12-07 00:47 - 00003720 _____ C:\Windows\System32\Tasks\PFExe 2015-11-22 20:07 - 2015-12-07 00:47 - 00003350 _____ C:\Windows\System32\Tasks\Price Fountain 2015-11-22 20:07 - 2015-11-23 15:07 - 00000296 _____ C:\Windows\Tasks\Price Fountain.job 2015-11-22 20:07 - 2015-11-22 20:07 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\PriceFountain 2015-11-22 20:05 - 2015-11-23 19:43 - 00000000 ____D C:\Program Files (x86)\ORBTR 2015-11-22 20:05 - 2015-11-22 20:05 - 00002494 _____ C:\Windows\patsearch.bin 2015-11-22 20:05 - 2015-11-22 20:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf 2015-11-22 19:54 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\Velocidade Do PC 2015-11-22 19:52 - 2015-12-10 11:18 - 00000940 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-11-22 19:52 - 2015-12-07 00:47 - 00004048 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-11-22 19:52 - 2015-12-07 00:47 - 00003794 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-11-22 19:52 - 2015-11-23 14:10 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-11-22 19:51 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files (x86)\032B0290-1448229112-05F9-E206-1B0700080009 2015-11-22 19:50 - 2015-12-07 00:47 - 00003342 _____ C:\Windows\System32\Tasks\crash_service 2015-11-22 19:50 - 2015-12-07 00:47 - 00003310 _____ C:\Windows\System32\Tasks\Run_Bobby_Browser 2015-11-21 21:44 - 2015-12-01 18:20 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.9414 2015-11-21 21:43 - 2015-12-10 11:18 - 00000936 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-11-21 21:43 - 2015-12-07 09:40 - 00000424 __RSH C:\Users\Todos os Usuários\ntuser.pol 2015-11-21 21:43 - 2015-12-07 09:40 - 00000424 __RSH C:\ProgramData\ntuser.pol 2015-11-21 21:43 - 2015-12-07 00:47 - 00004288 _____ C:\Windows\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core 2015-11-21 21:43 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Setup2194419 2015-11-21 21:43 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\{64D95285-4071-3E3D-2DE9-1BD50981E74D} 2015-11-21 21:43 - 2015-11-21 21:43 - 00000000 ____D C:\Users\Nathan\AppData\Local\taso 2015-11-21 21:43 - 2015-11-21 21:43 - 00000000 ____D C:\Program Files (x86)\Opera 2015-11-21 21:42 - 2015-12-07 00:47 - 00004354 _____ C:\Windows\System32\Tasks\ShopperPro 2015-11-21 21:42 - 2015-11-23 19:32 - 00000000 ____D C:\Users\Nathan\AppData\Local\SmartWeb 2015-11-21 21:42 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files\Common Files\ShopperPro 2015-11-21 21:42 - 2015-11-23 16:46 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\PushApp 2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ___HD C:\sohucache 2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\Nathan\Documents\ËѺüÓ°Òô 2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\globalUpdate 2015-11-21 21:42 - 2015-11-21 21:42 - 00000000 ____D C:\SHDownload 2015-11-21 21:41 - 2015-12-07 00:47 - 00003724 _____ C:\Windows\System32\Tasks\ShopperProJSUpd 2015-11-21 21:41 - 2015-11-23 18:32 - 00000000 ____D C:\Program Files (x86)\ShopperPro 2015-11-21 21:41 - 2015-11-23 17:04 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro 2015-11-21 21:41 - 2015-11-23 17:04 - 00000000 ____D C:\ProgramData\ShopperPro 2015-11-21 21:41 - 2015-11-21 21:41 - 00000000 ____D C:\Users\Nathan\AppData\Local\Temp尰 2015-11-21 21:40 - 2015-11-23 16:30 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2015-11-21 21:40 - 2015-11-21 21:40 - 00000000 ____D C:\Users\Nathan\AppData\Local\Prompt Downloader 2015-11-21 21:39 - 2015-11-23 16:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Yeaplayer 2015-11-21 21:39 - 2015-11-23 16:30 - 00000000 ____D C:\Program Files (x86)\RayDld 2015-11-21 21:39 - 2015-11-21 21:38 - 00055016 _____ (DotCash) C:\Windows\system32\Drivers\MPCKpt.sys 2015-11-21 21:38 - 2015-12-15 10:23 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2015-11-21 21:38 - 2015-12-07 00:47 - 00003684 _____ C:\Windows\System32\Tasks\Inst_Rep 2015-11-21 21:38 - 2015-11-23 19:32 - 00000000 ____D C:\Program Files (x86)\OLBPre 2015-11-21 21:38 - 2015-11-21 21:38 - 00000000 ____D C:\Users\Nathan\AppData\Local\CrashRpt 2015-11-21 21:38 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\Nathan\AppData\Roaming\yeaplayer_51472.exe 2015-11-21 21:37 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe 2015-11-21 21:37 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe 2015-11-21 21:36 - 2015-11-21 21:36 - 00004579 _____ C:\Users\Nathan\AppData\Roaming\webad.xml 2015-11-21 21:36 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Nathan\AppData\Roaming\upgsvr.exe 2015-11-21 21:35 - 2015-11-21 21:35 - 00007605 _____ C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg 2015-11-21 21:34 - 2015-11-22 20:06 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\UpAuroraBrowser 2015-11-21 21:34 - 2015-11-21 12:15 - 02212752 _____ (UpAurora.COM) C:\Users\Nathan\AppData\Roaming\UpAurora_1.0.0.3030__102br.exe 2015-11-21 21:33 - 2015-12-07 00:47 - 00003088 _____ C:\Windows\System32\Tasks\svchost 2015-11-21 21:33 - 2015-12-01 18:35 - 00000000 ____D C:\Users\Nathan\AppData\Local\032B0290-1448141590-05F9-E206-1B0700080009 2015-11-21 21:32 - 2015-11-26 13:56 - 00000000 ____D C:\Program Files (x86)\032B0290-1448148741-05F9-E206-1B0700080009 2015-11-21 21:32 - 2009-06-10 19:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-11-21 21:30 - 2015-12-07 00:47 - 00003248 _____ C:\Windows\System32\Tasks\Rush Extension 2015-11-21 21:30 - 2015-11-21 21:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\Rush Extension 2015-11-21 10:10 - 2015-11-21 21:44 - 00061344 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2015-11-17 00:07 - 2015-11-17 00:07 - 00000000 ___DL C:\Users\Nathan\AppData\LocalLow\PlayReady ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2015-12-15 15:20 - 2015-09-20 16:24 - 00000000 ___HD C:\Users\Nathan\.mediafire 2015-12-15 15:19 - 2009-07-14 01:20 - 00000000 ____D C:\Windows 2015-12-15 14:43 - 2015-06-14 07:00 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\WeatherTool 2015-12-15 14:23 - 2009-07-14 02:45 - 00034400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-15 14:23 - 2009-07-14 02:45 - 00034400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-15 11:16 - 2015-09-05 16:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Skype 2015-12-15 11:15 - 2015-09-12 17:59 - 00000000 ____D C:\Users\Nathan\euu 2015-12-15 10:24 - 2015-09-20 16:27 - 00000000 ___RD C:\Users\Nathan\MediaFire 2015-12-15 10:23 - 2015-09-05 12:30 - 00000000 __SHD C:\Users\Nathan\IntelGraphicsProfiles 2015-12-15 10:22 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-14 21:02 - 2009-07-14 15:55 - 00703370 _____ C:\Windows\system32\prfh0416.dat 2015-12-14 21:02 - 2009-07-14 15:55 - 00146156 _____ C:\Windows\system32\prfc0416.dat 2015-12-14 21:02 - 2009-07-14 03:13 - 01628224 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-14 21:02 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2015-12-14 14:43 - 2015-09-17 02:07 - 00000000 ____D C:\Users\Nathan\Documents\Euro Truck Simulator 2 2015-12-12 19:53 - 2015-09-04 23:55 - 00000000 ____D C:\Users\Nathan\Desktop\Movies 2015-12-11 18:16 - 2015-11-08 13:59 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\TS3Client 2015-12-11 12:48 - 2015-09-05 13:55 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2015-12-11 12:48 - 2015-09-05 13:55 - 00000000 ____D C:\ProgramData\Skype 2015-12-11 12:47 - 2015-09-05 16:13 - 00000000 ____D C:\Users\Nathan\AppData\Local\Skype 2015-12-09 23:52 - 2015-09-04 23:55 - 00000000 ____D C:\Users\Nathan\Desktop\nova 2015-12-09 11:32 - 2009-07-14 02:45 - 00270368 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-09 01:42 - 2015-11-06 17:55 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 01:39 - 2015-11-06 17:54 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-08 18:24 - 2015-11-08 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-12-08 18:24 - 2015-11-06 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0 2015-12-08 18:24 - 2015-11-06 15:17 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-12-08 18:24 - 2015-09-26 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-12-08 18:24 - 2015-09-20 16:21 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaFire Desktop 2015-12-08 18:24 - 2015-09-17 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up! 2015-12-08 18:24 - 2015-09-15 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 2015-12-08 18:24 - 2015-09-05 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-12-08 18:24 - 2015-09-05 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers 2015-12-08 18:24 - 2015-09-05 12:04 - 00000000 ____D C:\Windows\system32\nn-NO 2015-12-08 18:24 - 2015-09-04 23:48 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-08 18:24 - 2015-09-04 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-12-08 18:24 - 2011-02-07 03:08 - 00000000 ____D C:\Windows\system32\SPReview 2015-12-08 18:24 - 2011-02-07 02:10 - 00000000 ____D C:\Windows\system32\EventProviders 2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 __RSD C:\Windows\Media 2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 __RHD C:\Users\Public\Libraries 2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF 2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\LiveKernelReports 2015-12-08 18:24 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-12-08 17:35 - 2015-10-30 17:34 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-07 15:06 - 2015-09-05 12:38 - 00000000 ___HD C:\Program Files (x86)\Temp 2015-12-07 14:56 - 2015-09-05 12:21 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys 2015-12-07 10:04 - 2015-09-05 12:30 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-12-07 00:47 - 2015-10-15 15:08 - 00020895 _____ C:\Windows\diagerr.xml 2015-12-07 00:47 - 2015-10-15 15:08 - 00019053 _____ C:\Windows\diagwrn.xml 2015-12-07 00:47 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\registration 2015-12-07 00:09 - 2013-07-25 18:35 - 00008192 __RSH C:\BOOTSECT.BAK 2015-12-07 00:01 - 2011-02-07 02:53 - 00000000 ____D C:\Windows\Panther 2015-12-03 10:57 - 2015-09-05 14:00 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-02 23:43 - 2015-09-05 12:27 - 00000000 ____D C:\Program Files (x86)\Google 2015-12-02 23:41 - 2015-09-05 12:27 - 00000000 ____D C:\Users\Nathan\AppData\Local\Deployment 2015-12-01 22:08 - 2015-09-05 12:21 - 00000412 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2015-12-01 18:09 - 2015-09-17 22:00 - 00000000 ____D C:\Users\Nathan\Desktop\Nathan 2015-11-30 20:45 - 2015-09-08 12:26 - 00000000 ___SD C:\Windows\system32\GWX 2015-11-30 20:28 - 2015-10-06 21:42 - 00000000 ____D C:\Users\Nathan\AppData\Local\ElevatedDiagnostics 2015-11-26 13:41 - 2015-09-04 23:30 - 00001393 _____ C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-23 22:59 - 2015-09-05 13:11 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2015-11-23 22:59 - 2015-09-05 13:11 - 00000000 ____D C:\ProgramData\Oracle 2015-11-23 22:58 - 2015-09-05 13:11 - 00000000 ____D C:\Users\Nathan\.oracle_jre_usage 2015-11-23 22:58 - 2015-09-05 13:11 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-23 22:57 - 2015-09-05 13:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-11-23 20:10 - 2015-10-02 21:30 - 00000066 _____ C:\Users\Nathan\Downloads\installer.zip 2015-11-23 20:03 - 2015-04-19 10:20 - 00000626 _____ C:\Users\Nathan\AppData\Roaming\7XOJUyW3Gj1wgJ 2015-11-23 18:32 - 2014-09-23 16:56 - 00000000 ____D C:\Fraps 2015-11-23 16:54 - 2015-09-05 00:45 - 00059288 _____ C:\Users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-23 16:48 - 2015-09-04 23:30 - 00000000 ____D C:\Users\Nathan\AppData\Local\VirtualStore 2015-11-23 16:30 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\AppCompat 2015-11-23 14:13 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-11-22 19:50 - 2015-04-08 01:15 - 00016611 _____ C:\claraInstaller.txt 2015-11-19 16:10 - 2015-09-05 11:57 - 00000000 ____D C:\Users\Nathan\Desktop\gabriel 2015-11-17 13:45 - 2015-09-05 12:31 - 00000368 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Nathan).job 2015-11-16 00:16 - 2015-09-05 13:13 - 00000000 ____D C:\Users\Nathan\AppData\Roaming\.minecraft 2015-11-15 15:33 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache ==================== Arquivos na raiz de alguns diretórios ======= 2015-04-19 10:20 - 2015-11-23 20:03 - 0000626 _____ () C:\Users\Nathan\AppData\Roaming\7XOJUyW3Gj1wgJ 2015-11-25 14:30 - 2015-11-25 14:30 - 0005120 _____ () C:\Users\Nathan\AppData\Roaming\GiftBag.db 2015-11-21 21:34 - 2015-11-21 12:15 - 2212752 _____ (UpAurora.COM) C:\Users\Nathan\AppData\Roaming\UpAurora_1.0.0.3030__102br.exe 2015-11-21 21:36 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\Nathan\AppData\Roaming\upgsvr.exe 2015-11-22 21:07 - 2015-11-23 14:07 - 0000063 _____ () C:\Users\Nathan\AppData\Roaming\WB.CFG 2015-11-21 21:36 - 2015-11-21 21:36 - 0004579 _____ () C:\Users\Nathan\AppData\Roaming\webad.xml 2015-11-22 21:11 - 2015-11-23 15:10 - 0000322 _____ () C:\Users\Nathan\AppData\Roaming\xcgui_debug.txt 2015-11-21 21:38 - 2015-11-14 21:08 - 2496403 _____ ( ) C:\Users\Nathan\AppData\Roaming\yeaplayer_51472.exe 2015-11-22 20:10 - 2015-11-22 20:10 - 0000187 _____ () C:\Users\Nathan\AppData\Local\Konk-hex.exe.config 2015-11-21 21:35 - 2015-11-21 21:35 - 0007605 _____ () C:\Users\Nathan\AppData\Local\Resmon.ResmonCfg 2015-12-02 08:25 - 2015-12-02 15:40 - 1308162 _____ ( ) C:\ProgramData\carss---.exe 2015-11-24 13:55 - 2015-11-24 13:55 - 0002114 _____ () C:\ProgramData\carss.exe.lnk 2015-12-15 10:35 - 2015-12-15 13:50 - 1852416 _____ () C:\ProgramData\carssb.exe 2015-11-27 12:14 - 2015-11-26 07:58 - 4127064 _____ () C:\ProgramData\ch_dl_url 2015-11-27 12:10 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe 2015-12-04 12:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2015-11-30 12:03 - 2015-11-30 19:28 - 1927168 _____ () C:\ProgramData\tops.exe 2015-11-21 21:37 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe 2015-11-23 15:12 - 2015-11-30 13:03 - 0000644 _____ () C:\ProgramData\xcgui_debug.txt 2015-11-23 14:15 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2015-11-22 20:51 - 2015-11-23 23:21 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\carss---.exe C:\ProgramData\carssb.exe C:\ProgramData\HomePage.exe C:\ProgramData\LightGate.exe C:\ProgramData\tops.exe C:\ProgramData\upgsvr.exe C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\carss---.exe C:\Users\Todos os Usuários\carssb.exe C:\Users\Todos os Usuários\HomePage.exe C:\Users\Todos os Usuários\LightGate.exe C:\Users\Todos os Usuários\tops.exe C:\Users\Todos os Usuários\upgsvr.exe C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns arquivos em TEMP: ==================== C:\Users\Nathan\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll C:\Users\Nathan\AppData\Local\Temp\atcMedia1481449989774.exe C:\Users\Nathan\AppData\Local\Temp\atcMedia1781441468718.exe C:\Users\Nathan\AppData\Local\Temp\atcMedia331447171930.exe C:\Users\Nathan\AppData\Local\Temp\atcMedia7541441468801.exe C:\Users\Nathan\AppData\Local\Temp\BingSvc.exe C:\Users\Nathan\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Nathan\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Nathan\AppData\Local\Temp\DefaultPack.EXE C:\Users\Nathan\AppData\Local\Temp\downloader.dll C:\Users\Nathan\AppData\Local\Temp\FileAssociationsTool.exe C:\Users\Nathan\AppData\Local\Temp\jre-8u65-windows-au.exe C:\Users\Nathan\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon2_x64.dll C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon3_x64.dll C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon4_x64.dll C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon5_x64.dll C:\Users\Nathan\AppData\Local\Temp\MediaFireIcon_x64.dll C:\Users\Nathan\AppData\Local\Temp\MFDesktopShellStatic_x64.dll C:\Users\Nathan\AppData\Local\Temp\NGMDll.dll C:\Users\Nathan\AppData\Local\Temp\NGMResource.dll C:\Users\Nathan\AppData\Local\Temp\NGMSetup.exe C:\Users\Nathan\AppData\Local\Temp\nsw7724.tmp.exe C:\Users\Nathan\AppData\Local\Temp\PCMgr_Setup_11_2_17039_214.exe C:\Users\Nathan\AppData\Local\Temp\QQPCDownload74628.exe C:\Users\Nathan\AppData\Local\Temp\QQPCMgr_Setup.exe C:\Users\Nathan\AppData\Local\Temp\qqpcmgr_v11.0.16794.227_45129_Silence.exe C:\Users\Nathan\AppData\Local\Temp\safeguard.exe C:\Users\Nathan\AppData\Local\Temp\scp258A.tmp.exe C:\Users\Nathan\AppData\Local\Temp\SHUninstall.exe C:\Users\Nathan\AppData\Local\Temp\shutdown1442773313.exe C:\Users\Nathan\AppData\Local\Temp\SHVersion.dll C:\Users\Nathan\AppData\Local\Temp\SohuTool.dll C:\Users\Nathan\AppData\Local\Temp\SoHuVA_4.5.77.0-c20-nti-ng-s-tp.exe C:\Users\Nathan\AppData\Local\Temp\unicows.dll C:\Users\Nathan\AppData\Local\Temp\Uninstall.exe C:\Users\Nathan\AppData\Local\Temp\UninstallModule.exe C:\Users\Nathan\AppData\Local\Temp\utils.dll C:\Users\Nathan\AppData\Local\Temp\ytb.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2015-12-01 13:39 ==================== Fim de FRST.txt ============================