Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01 Executado por Pedro (administrador) em PEDRO-MEGA (30-03-2016 19:38:31) Executando a partir de C:\Users\Pedro\Music\Pictures\Desktop Perfis Carregados: Pedro (Perfis Disponíveis: Pedro & Convidado) Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: "%1" %*) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Baidu, Inc.) C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (Scarlet.Crush Productions) C:\Users\Pedro\Music\ScpServer\bin\ScpService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Baidu Inc.) C:\Program Files\baidu\Baidu Browser\sparkservice.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE () C:\Program Files\baidu\Baidu Browser\spark.exe () C:\Program Files\baidu\Baidu Browser\spark.exe () C:\Program Files\baidu\Baidu Browser\spark.exe () C:\Program Files\baidu\Baidu Browser\spark.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\baidu\Baidu Browser\spark.exe () C:\Program Files\baidu\Baidu Browser\spark.exe () C:\Program Files\baidu\Baidu Browser\spark.exe () C:\Program Files\baidu\Baidu Browser\spark.exe () C:\Program Files\baidu\Baidu Browser\spark.exe (Baidu.com, Inc.) C:\Program Files\baidu\Baidu Browser\sparkupdate.exe () C:\Program Files\baidu\Baidu Browser\spark.exe (YGOPRO) C:\Users\Pedro\Videos\YUGIOH\ygopro_vs_ai_debug.exe () C:\Program Files\baidu\Baidu Browser\spark.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [Baidu PC Faster 4.0.0.0] => "C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe" -auto -start HKLM\...\Winlogon: [Userinit] userinit.exe,,c:\program files\microsoft\desktoplayer.exe,c:\users\pedro\microsoft\desktoplayer.exe HKU\S-1-5-21-3242213785-1770070969-4110494137-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3242213785-1770070969-4110494137-1000\...\MountPoints2: {0fe648be-0e1f-11e0-b4f2-806e6f6e6963} - D:\Autorun.exe AlternateShell: CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\..\Interfaces\{4FA66DE4-4436-4DCB-8BC3-810AA8C51934}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3242213785-1770070969-4110494137-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com.br/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2016-01-08] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-14] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2016-01-08] (Oracle Corporation) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-15] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default FF Homepage: about:blank FF Homepage: google.com.br FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-07-09] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-27] (Adobe Systems, Inc.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Nenhum Arquivo] FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Nenhum Arquivo] FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2016-01-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2016-01-08] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-15] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-11-27] (Pando Networks) FF Plugin: @raidcall.en/RCplugin -> C:\Users\Pedro\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-12-23] (Raidcall) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3242213785-1770070969-4110494137-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pedro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-11] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3242213785-1770070969-4110494137-1000: eagleget.com/EagleGet32 -> C:\Program Files\EagleGet\npEagleget.dll [2016-03-07] (EagleGet) FF Plugin HKU\S-1-5-21-3242213785-1770070969-4110494137-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-11-27] (Pando Networks) FF Plugin HKU\S-1-5-21-3242213785-1770070969-4110494137-1000: SkypePlugin -> C:\Users\Pedro\AppData\Local\SkypePlugin\7.3.0.501\npGatewayNpapi.dll [2015-06-05] (Skype Technologies S.A.) FF SearchPlugin: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-123044.xml [2012-09-14] FF Extension: Pesca Oferta - C:\Users\Pedro\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-yjvSPauaTBQLgg@jetpack.xpi [2012-08-19] [não assinado] Chrome: ======= CHR Profile: C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-06] CHR Extension: (Google Drive) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06] CHR Extension: (YouTube) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06] CHR Extension: (Planilhas do Google) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-06] CHR Extension: (Documentos Google off-line) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-06] CHR Extension: (EagleGet Downloader) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2016-03-06] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-06] CHR Extension: (Gmail) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-06] CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx [2014-09-15] CHR HKU\S-1-5-21-3242213785-1770070969-4110494137-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files\EagleGet\addon\eagleget_cext@eagleget.com.crx [2014-09-15] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 ALG; C:\Windows\System32\alg.exe [86332 2009-07-13] (Microsoft Corporation) [Arquivo não assinado] S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1916656 2016-02-09] (Microsoft Corporation) R2 Ds3Service; C:\Users\Pedro\Music\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1897480 2016-03-22] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2016-03-22] (LogMeIn, Inc.) S3 msiserver; C:\Windows\System32\msiexec.exe [100014 2015-12-15] (Microsoft Corporation) [Arquivo não assinado] S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S3 npggsvc; C:\Windows\system32\GameMon.des [5246360 2013-11-20] (INCA Internet Co., Ltd.) S3 RpcLocator; C:\Windows\system32\locator.exe [35556 2009-07-13] (Microsoft Corporation) [Arquivo não assinado] S3 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation) [Arquivo não assinado] S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [Arquivo não assinado] R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation) [Arquivo não assinado] S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [Arquivo não assinado] S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [62418 2009-07-13] (Microsoft Corporation) [Arquivo não assinado] S3 vds; C:\Windows\System32\vds.exe [480105 2010-11-20] (Microsoft Corporation) [Arquivo não assinado] R2 VelocityEngineSrv; C:\Windows\system32\takeexternal.dll [413936 2015-12-08] () S3 VSS; C:\Windows\system32\vssvc.exe [1052382 2010-11-20] (Microsoft Corporation) [Arquivo não assinado] S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [Arquivo não assinado] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 winsecsrv; C:\Windows\System32\winsecsrv.dll [413936 2015-12-08] () S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [162753 2009-07-13] (Microsoft Corporation) [Arquivo não assinado] S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X] S2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 360HookOem; C:\Windows\System32\drivers\360HookOem.sys [54912 2012-05-31] (360安全中心) [Arquivo não assinado] S3 apf004; C:\Windows\system32\apf004.sys [15112 2014-03-27] () R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-03-31] (Baidu, Inc.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-03-11] (BlueStack Systems) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 IAMT03; C:\Windows\system32\DRIVERS\IAMT03.sys [40848 2007-04-11] (Intel Corporation) S3 IAMTV; C:\Windows\system32\DRIVERS\IAMTV.sys [38288 2007-04-11] (Intel Corporation) S3 IAMTXP; C:\Windows\system32\DRIVERS\IAMTXP.sys [47496 2007-04-11] (Intel Corporation) R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [210376 2016-01-16] (Microvirt Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [37408 2014-08-14] (NT Kernel Resources) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2011-08-02] (Apple Inc.) [Arquivo não assinado] S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2004-12-31] (INCA Internet Co., Ltd.) [Arquivo não assinado] R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [33024 2013-05-05] (Scarlet.Crush Productions) S3 Spring; C:\Program Files\WindowsFaster\Spring.sys [96608 2014-06-19] () S3 ssm_bus; C:\Windows\System32\DRIVERS\ssm_bus.sys [58320 2005-08-30] (MCCI) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [Arquivo não assinado] R2 winlsecsrv; C:\Windows\system32\drivers\winlsecsrv.sys [123504 2015-12-08] () U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation) S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2099-09-16 13:16 - 14414-09-16 13:17 - 00000000 ___SD C:\Users\Convidado\AppData\LocalLow\Microsoft 2099-09-16 13:15 - 14414-09-16 13:15 - 00000000 ____D C:\Users\Convidado\AppData\Roaming\Baidu Security 2099-09-16 13:14 - 14414-09-16 13:14 - 00058016 _____ C:\Users\Convidado\AppData\Local\GDIPFONTCACHEV1.DAT 2099-09-16 13:14 - 14414-09-16 13:14 - 00000000 ____D C:\Users\Convidado\AppData\Local\LogMeIn 2099-09-16 12:20 - 14414-09-16 12:47 - 00524288 ___SH C:\Users\Pedro\ntuser.dat{0bcebbe8-3ae6-1832-80ea-4487fcba7ef6}.TMContainer00000000000000000002.regtrans-ms 2099-09-16 12:20 - 14414-09-16 12:47 - 00524288 ___SH C:\Users\Pedro\ntuser.dat{0bcebbe8-3ae6-1832-80ea-4487fcba7ef6}.TMContainer00000000000000000001.regtrans-ms 2099-09-16 12:20 - 14414-09-16 12:47 - 00065536 ___SH C:\Users\Pedro\ntuser.dat{0bcebbe8-3ae6-1832-80ea-4487fcba7ef6}.TM.blf 2099-09-15 18:53 - 14414-09-15 18:53 - 00524288 ___SH C:\Users\Pedro\ntuser.dat{aeff6c8d-3a54-1832-b520-4487fcba7ef6}.TMContainer00000000000000000002.regtrans-ms 2099-09-15 18:53 - 14414-09-15 18:53 - 00524288 ___SH C:\Users\Pedro\ntuser.dat{aeff6c8d-3a54-1832-b520-4487fcba7ef6}.TMContainer00000000000000000001.regtrans-ms 2099-09-15 18:53 - 14414-09-15 18:53 - 00065536 ___SH C:\Users\Pedro\ntuser.dat{aeff6c8d-3a54-1832-b520-4487fcba7ef6}.TM.blf 2016-03-30 18:52 - 2016-03-30 18:52 - 00003165 _____ C:\Users\Pedro\Desktop\JRT.txt 2016-03-30 16:00 - 2016-03-30 16:12 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\ZHP 2016-03-30 12:59 - 2016-03-30 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster 2016-03-30 12:59 - 2016-03-30 12:59 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster 2016-03-30 12:59 - 2015-03-31 03:22 - 00113992 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys 2016-03-29 19:48 - 2016-03-29 20:11 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ 2016-03-29 19:47 - 2016-03-29 19:47 - 00068472 _____ C:\Users\Pedro\Documents\cc_20160329_194742.reg 2016-03-29 19:05 - 2016-03-29 20:10 - 00000000 ____D C:\Users\Pedro\AppData\Local\CatalinaGroup 2016-03-29 15:47 - 2016-03-30 19:38 - 00000000 ____D C:\FRST 2016-03-24 11:42 - 2016-03-24 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-03-24 11:42 - 2016-03-24 11:42 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2016-03-23 20:20 - 2016-03-23 20:21 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\PStar 2016-03-17 22:48 - 2016-03-17 22:48 - 00001060 _____ C:\Users\Public\Desktop\Grand Chase History.lnk 2016-03-17 22:48 - 2016-03-17 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Chase History 2016-03-17 22:39 - 2016-03-18 22:34 - 00000000 ____D C:\Program Files\Grand Chase History 2016-03-17 18:30 - 2016-03-17 18:30 - 00000000 ____D C:\Users\Pedro\AppData\LocalLow\uTorrent 2016-03-17 17:52 - 2016-03-17 17:57 - 725483520 _____ C:\Users\Pedro\Downloads\pt_office_professional_plus_2013_x86_VL.iso 2016-03-14 19:48 - 2016-03-14 19:48 - 00000000 ____D C:\Users\Pedro\Downloads\MEmu Download 2016-03-14 19:47 - 2016-03-14 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEmu 2016-03-14 19:46 - 2016-03-15 18:35 - 00000000 ____D C:\Users\Pedro\.MemuHyperv 2016-03-14 19:45 - 2016-03-14 19:45 - 00000000 ____D C:\Program Files\Microvirt 2016-03-14 15:38 - 2016-03-14 15:38 - 00000000 ____D C:\Users\Pedro\AppData\Local\Macromedia 2016-03-14 15:35 - 2016-03-14 15:35 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksGameManager 2016-03-14 15:35 - 2016-03-14 15:35 - 00000000 ____D C:\ProgramData\BlueStacksGameManager 2016-03-14 15:33 - 2016-03-14 15:34 - 00000000 ____D C:\Program Files\BlueStacks 2016-03-14 15:33 - 2016-03-14 15:33 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacks 2016-03-14 15:33 - 2016-03-14 15:33 - 00000000 ____D C:\ProgramData\BlueStacks 2016-03-11 21:54 - 2016-03-11 21:55 - 00000000 ____D C:\Users\Pedro\ROTZ 2016-03-11 21:42 - 2016-03-13 12:00 - 00000000 ____D C:\Program Files\ROTZ 2016-03-11 21:42 - 2016-03-11 21:42 - 00000966 _____ C:\Users\Public\Desktop\ROTZ.lnk 2016-03-11 21:42 - 2016-03-11 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROTZ 2016-03-06 18:38 - 2016-03-29 16:23 - 00000000 ____D C:\Program Files\AdwCleaner 2016-03-06 18:26 - 2016-03-06 18:26 - 00002099 _____ C:\Users\Public\Desktop\Baidu Browser.lnk 2016-03-06 18:26 - 2016-03-06 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser 2016-03-04 15:16 - 2016-03-04 15:16 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-03-03 22:42 - 2016-03-03 22:42 - 00000000 ____D C:\Users\Pedro\AppData\Local\Steam 2016-03-03 22:42 - 2016-03-03 22:42 - 00000000 ____D C:\Users\Pedro\AppData\Local\CEF 2016-03-03 22:05 - 2016-03-03 22:05 - 00000000 ____D C:\Users\Pedro\AppData\Local\VS Revo Group 2016-03-03 22:04 - 2016-03-03 22:04 - 00001238 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2016-03-03 22:04 - 2016-03-03 22:04 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group 2016-03-03 22:04 - 2016-03-03 22:04 - 00000000 ____D C:\ProgramData\VS Revo Group 2016-03-03 22:04 - 2016-03-03 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2016-03-03 22:04 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2016-03-03 13:28 - 2016-03-03 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-03-03 13:28 - 2016-03-03 13:28 - 00001123 _____ C:\Users\Public\Desktop\Steam.lnk 2016-02-29 15:20 - 2016-02-29 15:20 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\LibreOffice 2016-02-29 15:16 - 2016-03-01 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0 2016-02-29 15:14 - 2016-02-29 15:16 - 00000000 ____D C:\Program Files\LibreOffice 5 2016-02-29 14:15 - 2016-03-01 17:36 - 00000000 ____D C:\Program Files\Microsoft Toolkit Final 2016-02-27 22:20 - 2016-03-01 17:37 - 00000000 ____D C:\223f15b940991e81f0a242 2016-02-27 10:18 - 2016-03-01 17:36 - 00000000 ____D C:\Windows\Temp5450CDBD-C7CC-7961-8FC6-3E993681E3BC-Signatures 2016-02-23 12:46 - 2016-02-23 12:46 - 00069864 _____ C:\Windows\system32\Drivers\pcwtata.sys 2016-02-17 21:12 - 2016-02-17 22:05 - 00000511 _____ C:\Users\Pedro\AppData\Local\DialogChoices.xml 2016-02-16 13:25 - 2016-02-16 13:25 - 00000000 ____D C:\Users\Pedro\AppData\Local\Home 2016-02-16 13:20 - 2016-02-16 19:18 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\LuaEdit 2016-02-16 13:19 - 2016-02-16 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LuaEdit 2010 2016-02-16 13:19 - 2016-02-16 13:19 - 00000000 ____D C:\Program Files\LuaEdit 2010 2016-02-16 13:18 - 2016-02-16 13:18 - 00000000 ____D C:\Users\Todos os Usuários\SQLite Expert 2016-02-16 13:18 - 2016-02-16 13:18 - 00000000 ____D C:\ProgramData\SQLite Expert 2016-02-16 13:18 - 2016-02-16 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLite Expert 2016-02-16 13:18 - 2016-02-16 13:18 - 00000000 ____D C:\Program Files\SQLite Expert 2016-02-10 16:29 - 2016-02-10 16:29 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtPokemonDBR.lnk 2016-02-10 16:28 - 2016-02-10 16:29 - 00000000 ____D C:\Program Files\OtPokemonDBR 2016-01-13 11:00 - 2016-01-13 11:01 - 00000000 ____D C:\Pokemon Nox 2016-01-12 23:25 - 2016-01-12 23:25 - 00000000 ____D C:\Users\Pedro\PHorizon 2016-01-08 07:39 - 2016-01-08 07:39 - 00000000 ____D C:\Users\Pedro\AppData\LocalLow\Oracle 2016-01-08 07:39 - 2016-01-08 07:39 - 00000000 ____D C:\Program Files\Common Files\Java 2016-01-08 07:38 - 2016-01-08 07:38 - 00001260 _____ C:\AiOLog.txt 2016-01-08 01:22 - 2016-01-17 23:10 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\dxupdate.dll 2016-01-08 01:22 - 2014-06-03 18:31 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-01-08 01:22 - 2014-06-03 18:31 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2016-01-08 01:22 - 2014-06-03 18:31 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2016-01-08 01:22 - 2014-06-03 18:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2016-01-08 01:22 - 2014-06-03 18:31 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2016-01-08 01:22 - 2014-06-03 18:30 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2016-01-08 01:22 - 2014-06-03 18:29 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2016-01-08 01:22 - 2014-06-03 18:28 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2016-01-08 01:22 - 2014-06-03 18:28 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2016-01-08 01:22 - 2014-06-03 18:28 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2016-01-08 01:22 - 2014-06-03 18:28 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2016-01-08 01:22 - 2014-06-03 18:28 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll 2016-01-08 01:22 - 2014-06-03 18:28 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2016-01-08 01:22 - 2014-06-03 18:28 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-01-08 01:22 - 2014-06-03 18:15 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_43.dll 2016-01-08 01:22 - 2014-06-03 18:15 - 01566040 _____ C:\Windows\system32\dsetup32.dll 2016-01-08 01:22 - 2014-06-03 18:15 - 00095576 _____ (Microsoft Corporation) C:\Windows\system32\DSETUP.dll 2016-01-08 01:22 - 2014-06-03 18:14 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_40.dll 2016-01-08 01:22 - 2014-06-03 18:14 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_41.dll 2016-01-08 01:22 - 2014-06-03 18:14 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_42.dll 2016-01-08 01:22 - 2014-06-03 18:13 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2016-01-08 01:22 - 2014-06-03 18:13 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_38.dll 2016-01-08 01:22 - 2014-06-03 18:13 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_37.dll 2016-01-08 01:22 - 2014-06-03 18:13 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2016-01-08 01:22 - 2014-06-03 18:13 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2016-01-08 01:22 - 2014-06-03 18:12 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcompiler_36.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\d3dcompiler_35.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\d3dcompiler_34.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\d3dcompiler_33.dll 2016-01-08 01:22 - 2014-06-03 18:11 - 00053592 _____ (Microsoft Corporation) C:\Windows\system32\D3D11InstallHelper.dll 2016-01-08 01:22 - 2014-06-03 18:10 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2016-01-08 01:22 - 2014-06-03 18:09 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2016-01-08 01:22 - 2014-06-03 18:09 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2016-01-08 01:03 - 2014-06-03 18:25 - 00007927 _____ C:\Windows\system32\xinput9_1_0_x64.cat 2016-01-08 01:03 - 2014-06-03 18:24 - 00010392 _____ C:\Windows\system32\xinput1_3_x64.cat 2016-01-08 01:03 - 2014-06-03 18:24 - 00007927 _____ C:\Windows\system32\xinput1_2_x64.cat 2016-01-08 01:03 - 2014-06-03 18:24 - 00007927 _____ C:\Windows\system32\xinput1_1_x64.cat 2016-01-08 01:03 - 2014-06-03 18:24 - 00007094 _____ C:\Windows\system32\XAudio2_7_x64.cat 2016-01-08 01:03 - 2014-06-03 18:24 - 00007094 _____ C:\Windows\system32\XAudio2_6_x64.cat 2016-01-08 01:03 - 2014-06-03 18:24 - 00007081 _____ C:\Windows\system32\XAudio2_5_x64.cat 2016-01-08 01:03 - 2014-06-03 18:23 - 00010342 _____ C:\Windows\system32\XAudio2_2_x64.cat 2016-01-08 01:03 - 2014-06-03 18:23 - 00010342 _____ C:\Windows\system32\XAudio2_1_x64.cat 2016-01-08 01:03 - 2014-06-03 18:23 - 00010044 _____ C:\Windows\system32\XAudio2_0_x64.cat 2016-01-08 01:03 - 2014-06-03 18:23 - 00008111 _____ C:\Windows\system32\XAudio2_3_x64.cat 2016-01-08 01:03 - 2014-06-03 18:23 - 00007081 _____ C:\Windows\system32\XAudio2_4_x64.cat 2016-01-08 01:03 - 2014-06-03 18:21 - 00007813 _____ C:\Windows\system32\XACT3_3_x64.cat 2016-01-08 01:03 - 2014-06-03 18:21 - 00006796 _____ C:\Windows\system32\XACT3_7_x64.cat 2016-01-08 01:03 - 2014-06-03 18:21 - 00006796 _____ C:\Windows\system32\XACT3_6_x64.cat 2016-01-08 01:03 - 2014-06-03 18:21 - 00006796 _____ C:\Windows\system32\XACT3_5_x64.cat 2016-01-08 01:03 - 2014-06-03 18:21 - 00006783 _____ C:\Windows\system32\XACT3_4_x64.cat 2016-01-08 01:03 - 2014-06-03 18:20 - 00010690 _____ C:\Windows\system32\xact2_9_x64.cat 2016-01-08 01:03 - 2014-06-03 18:20 - 00010690 _____ C:\Windows\system32\xact2_8_x64.cat 2016-01-08 01:03 - 2014-06-03 18:20 - 00010690 _____ C:\Windows\system32\xact2_7_x64.cat 2016-01-08 01:03 - 2014-06-03 18:20 - 00010044 _____ C:\Windows\system32\XACT3_2_x64.cat 2016-01-08 01:03 - 2014-06-03 18:20 - 00010044 _____ C:\Windows\system32\XACT3_1_x64.cat 2016-01-08 01:03 - 2014-06-03 18:20 - 00010044 _____ C:\Windows\system32\XACT3_0_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00010662 _____ C:\Windows\system32\xact2_6_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00010046 _____ C:\Windows\system32\xact2_10_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00008225 _____ C:\Windows\system32\xact2_5_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00008225 _____ C:\Windows\system32\xact2_4_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00008225 _____ C:\Windows\system32\xact2_3_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00008225 _____ C:\Windows\system32\xact2_2_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00008225 _____ C:\Windows\system32\xact2_1_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00008225 _____ C:\Windows\system32\xact_x64.cat 2016-01-08 01:03 - 2014-06-03 18:19 - 00006796 _____ C:\Windows\system32\X3DAudio1_7_x64.cat 2016-01-08 01:03 - 2014-06-03 18:18 - 00010046 _____ C:\Windows\system32\x3daudio1_2_x64.cat 2016-01-08 01:03 - 2014-06-03 18:18 - 00010044 _____ C:\Windows\system32\X3DAudio1_4_x64.cat 2016-01-08 01:03 - 2014-06-03 18:18 - 00010044 _____ C:\Windows\system32\X3DAudio1_3_x64.cat 2016-01-08 01:03 - 2014-06-03 18:18 - 00007813 _____ C:\Windows\system32\X3DAudio1_5_x64.cat 2016-01-08 01:03 - 2014-06-03 18:18 - 00006783 _____ C:\Windows\system32\X3DAudio1_6_x64.cat 2016-01-08 01:03 - 2014-06-03 18:15 - 00066865 _____ C:\Windows\system32\dxupdate.cif 2016-01-08 01:03 - 2014-06-03 18:14 - 00007813 _____ C:\Windows\system32\d3dx9_40_x64.cat 2016-01-08 01:03 - 2014-06-03 18:14 - 00006796 _____ C:\Windows\system32\d3dx9_43_x64.cat 2016-01-08 01:03 - 2014-06-03 18:14 - 00006783 _____ C:\Windows\system32\d3dx9_42_x64.cat 2016-01-08 01:03 - 2014-06-03 18:14 - 00006783 _____ C:\Windows\system32\d3dx9_41_x64.cat 2016-01-08 01:03 - 2014-06-03 18:13 - 00010044 _____ C:\Windows\system32\d3dx9_39_x64.cat 2016-01-08 01:03 - 2014-06-03 18:13 - 00010044 _____ C:\Windows\system32\d3dx9_38_x64.cat 2016-01-08 01:03 - 2014-06-03 18:13 - 00010044 _____ C:\Windows\system32\d3dx9_37_x64.cat 2016-01-08 01:03 - 2014-06-03 18:12 - 00010392 _____ C:\Windows\system32\d3dx9_35_x64.cat 2016-01-08 01:03 - 2014-06-03 18:12 - 00010392 _____ C:\Windows\system32\d3dx9_34_x64.cat 2016-01-08 01:03 - 2014-06-03 18:12 - 00010046 _____ C:\Windows\system32\d3dx9_36_x64.cat 2016-01-08 01:03 - 2014-06-03 18:11 - 00010392 _____ C:\Windows\system32\d3dx9_33_x64.cat 2016-01-08 01:03 - 2014-06-03 18:11 - 00007927 _____ C:\Windows\system32\d3dx9_32_x64.cat 2016-01-08 01:03 - 2014-06-03 18:11 - 00007927 _____ C:\Windows\system32\d3dx9_31_x64.cat 2016-01-08 01:03 - 2014-06-03 18:11 - 00007927 _____ C:\Windows\system32\d3dx9_30_x64.cat 2016-01-08 01:03 - 2014-06-03 18:10 - 00007927 _____ C:\Windows\system32\d3dx9_29_x64.cat 2016-01-08 01:03 - 2014-06-03 18:10 - 00007927 _____ C:\Windows\system32\d3dx9_28_x64.cat 2016-01-08 01:03 - 2014-06-03 18:10 - 00007740 _____ C:\Windows\system32\d3dx9_27_x64.cat 2016-01-08 01:03 - 2014-06-03 18:10 - 00007479 _____ C:\Windows\system32\d3dx9_26_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00007927 _____ C:\Windows\system32\d3dx10_00_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00007479 _____ C:\Windows\system32\d3dx9_25_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00007479 _____ C:\Windows\system32\d3dx9_24_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006796 _____ C:\Windows\system32\d3dx11_43_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006796 _____ C:\Windows\system32\d3dx10_43_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006796 _____ C:\Windows\system32\d3dx10_42_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006796 _____ C:\Windows\system32\d3dcsx_43_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006796 _____ C:\Windows\system32\D3DCompiler_43_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006783 _____ C:\Windows\system32\d3dx11_42_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006783 _____ C:\Windows\system32\d3dcsx_42_x64.cat 2016-01-08 01:03 - 2014-06-03 18:09 - 00006783 _____ C:\Windows\system32\D3DCompiler_42_x64.cat 2016-01-08 00:52 - 2016-01-08 00:52 - 00001084 _____ C:\Users\Public\Desktop\DS3 Tool.lnk 2016-01-08 00:52 - 2016-01-08 00:52 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\MotioninJoy 2016-01-08 00:52 - 2016-01-08 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2016-01-08 00:52 - 2010-08-19 18:24 - 00255496 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll 2016-01-08 00:28 - 2016-01-08 00:52 - 00000000 ____D C:\Program Files\MotioninJoy ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2099-09-16 13:16 - 2013-11-24 17:25 - 00000000 ____D C:\Users\Convidado\AppData\LocalLow 2099-09-16 13:15 - 2013-11-24 17:25 - 00000000 ____D C:\Users\Convidado\AppData\Roaming 2099-09-16 13:14 - 2013-11-24 17:25 - 00000000 ____D C:\Users\Convidado\AppData\Local\Microsoft 2099-09-16 13:14 - 2013-11-24 17:25 - 00000000 ____D C:\Users\Convidado\AppData\Local 2099-09-16 12:53 - 2014-09-07 22:54 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Nponl 2099-09-16 12:21 - 2013-12-18 19:31 - 00000000 ____D C:\Users\Todos os Usuários\LogMeIn 2099-09-16 12:21 - 2013-12-18 19:31 - 00000000 ____D C:\ProgramData\LogMeIn 2016-03-30 18:25 - 2011-12-20 10:47 - 00000000 ____D C:\Users\Pedro\AppData\Local\LogMeIn Hamachi 2016-03-30 18:06 - 2009-07-14 01:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-30 18:06 - 2009-07-14 01:34 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-30 18:04 - 2014-10-28 21:44 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup 2016-03-30 18:04 - 2014-10-28 21:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-03-30 17:59 - 2013-08-22 13:40 - 01245184 _____ C:\Windows\system32\Ikeext.etl 2016-03-30 17:59 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-30 17:54 - 2014-04-27 19:07 - 00000000 ____D C:\AdwCleaner 2016-03-30 17:52 - 2013-12-01 18:24 - 00000000 ____D C:\Windows\pss 2016-03-30 17:14 - 2013-06-20 18:22 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\TS3Client 2016-03-30 15:03 - 2012-10-22 20:42 - 00000000 ____D C:\Users\Pedro\AppData\LocalLow\Temp 2016-03-30 15:03 - 2011-05-07 17:34 - 00000000 ____D C:\Users\Pedro 2016-03-30 15:01 - 2014-01-13 11:28 - 00000059 _____ C:\Users\Pedro\AppData\Local\UserProducts.xml 2016-03-30 12:58 - 2014-11-24 12:24 - 00000000 ____D C:\Users\Public\Documents\Baidu Security 2016-03-30 12:58 - 2013-09-13 23:57 - 00000000 ____D C:\Users\Todos os Usuários\Baidu Security 2016-03-30 12:58 - 2013-09-13 23:57 - 00000000 ____D C:\ProgramData\Baidu Security 2016-03-30 12:58 - 2013-09-13 23:54 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Baidu Security 2016-03-30 12:43 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2016-03-29 20:41 - 2015-04-26 17:52 - 00000000 ____D C:\Program Files\Instalador Naruto Revolution 2016-03-29 20:41 - 2015-04-21 17:02 - 00000000 ____D C:\Program Files\Pokémon Draw 1.10 2016-03-29 20:41 - 2015-04-20 17:49 - 00000000 ____D C:\Program Files\PokeMIW 2016-03-29 20:41 - 2015-04-19 21:54 - 00000000 ____D C:\Program Files\Aurera-Global 2016-03-29 20:41 - 2015-02-09 20:40 - 00000000 ____D C:\Program Files\PSky 2016-03-29 20:41 - 2015-01-22 00:01 - 00000000 ____D C:\Program Files\EagleGet 2016-03-29 20:41 - 2013-11-26 22:16 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-03-29 20:41 - 2009-07-13 21:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\hh.exe 2016-03-29 20:41 - 2009-07-13 20:36 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-03-29 19:45 - 2012-10-22 20:41 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\uTorrent 2016-03-29 19:33 - 2011-11-22 16:05 - 00000000 ____D C:\Users\Pedro\AppData\Local\Apple Computer 2016-03-29 12:38 - 2011-11-08 11:21 - 00002113 _____ C:\Windows\epplauncher.mif 2016-03-22 18:17 - 2013-07-31 12:44 - 00000000 ___HD C:\Windows\msdownld.tmp 2016-03-22 17:53 - 2013-01-06 22:26 - 00000000 ____D C:\Windows\system32\directx 2016-03-22 16:20 - 2013-12-18 19:31 - 00027040 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2016-03-17 13:19 - 2013-06-09 00:33 - 00000000 ____D C:\Program Files\Common Files\Steam 2016-03-15 15:15 - 2012-08-28 16:40 - 00000000 ____D C:\CFLog 2016-03-14 22:01 - 2015-08-31 22:12 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2016-03-14 22:01 - 2015-08-31 22:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-14 21:56 - 2015-08-31 21:54 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-14 15:34 - 2009-07-13 23:37 - 00000000 __RHD C:\Users\Public\Libraries 2016-03-11 21:44 - 2014-05-19 22:37 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-03-11 21:44 - 2014-05-19 22:37 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-08 22:31 - 2015-12-18 10:29 - 00000000 ____D C:\Users\Todos os Usuários\Cache 2016-03-08 22:31 - 2015-12-18 10:29 - 00000000 ____D C:\ProgramData\Cache 2016-03-06 18:26 - 2015-02-10 21:45 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Baidu 2016-03-06 18:26 - 2015-02-10 21:45 - 00000000 ____D C:\Program Files\baidu 2016-03-06 18:23 - 2011-07-11 19:41 - 00000000 ____D C:\Program Files\Google 2016-03-06 18:16 - 2011-07-11 19:41 - 00000000 ____D C:\Users\Pedro\AppData\Local\Google 2016-03-06 17:49 - 2013-11-24 17:25 - 00000000 ____D C:\Users\Convidado 2016-03-06 17:49 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration 2016-03-05 09:03 - 2010-12-13 10:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-03-04 23:05 - 2010-12-13 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-03-04 12:42 - 2014-06-05 21:51 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-04 12:27 - 2014-06-05 21:51 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-03-04 12:27 - 2014-06-05 21:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-03-03 22:53 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF 2016-03-03 22:45 - 2015-12-15 19:03 - 00000000 ____D C:\Users\Pedro\Documents\Aurakingdom.to Private 2016-03-03 22:43 - 2015-07-10 15:16 - 00000000 ____D C:\AeriaGames 2016-03-03 22:43 - 2014-03-26 22:18 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2016-03-03 22:04 - 2014-12-03 13:58 - 00000000 ____D C:\Program Files\VS Revo Group 2016-03-01 17:37 - 2014-01-23 15:07 - 00000000 ____D C:\Fraps 2016-03-01 17:36 - 2015-10-26 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YGOPro Salvation Server Launcher 2016-03-01 17:36 - 2015-09-07 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2016-03-01 17:36 - 2015-01-12 14:50 - 00000000 ____D C:\Users\Pedro\Documents\PokeBrO 2016-03-01 17:36 - 2014-11-11 15:12 - 00000000 ____D C:\Program Files\RaidCall.BR 2016-03-01 17:36 - 2012-09-18 17:11 - 00000000 __SHD C:\Windows\system32\%APPDATA% 2016-03-01 17:36 - 2011-11-08 11:20 - 00000000 ____D C:\Program Files\Microsoft Security Client 2016-03-01 17:36 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-03-01 14:07 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\tracing 2016-02-29 21:15 - 2014-01-12 17:45 - 00482592 _____ C:\Windows\system32\FNTCACHE.DAT 2016-02-29 16:31 - 2014-01-08 18:30 - 00126240 _____ C:\Users\Pedro\AppData\Local\GDIPFONTCACHEV1.DAT 2016-02-29 14:38 - 2011-05-07 17:42 - 00000000 ____D C:\Users\Pedro\AppData\Roaming\SoftGrid Client 2016-02-29 14:22 - 2015-10-26 20:36 - 00001545 _____ C:\Users\Public\Desktop\YGOPro Salvation Server Launcher.lnk 2016-02-29 14:22 - 2014-12-03 14:36 - 00001397 _____ C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ==================== Arquivos na raiz de alguns diretórios ======= 2012-06-01 22:52 - 2012-06-01 22:53 - 0083087 _____ () C:\Program Files\Uninstal.exe 2014-12-02 18:01 - 2014-12-02 21:56 - 0000117 _____ () C:\Users\Pedro\AppData\Roaming\D2Info0 2014-12-02 18:01 - 2014-12-02 18:23 - 0000008 _____ () C:\Users\Pedro\AppData\Roaming\DofusAppId0_1 2014-12-02 18:23 - 2014-12-02 18:43 - 0000008 _____ () C:\Users\Pedro\AppData\Roaming\DofusAppId0_2 2014-12-02 21:56 - 2014-12-02 22:04 - 0000008 _____ () C:\Users\Pedro\AppData\Roaming\DofusAppId0_3 2012-09-27 21:14 - 2012-09-27 21:14 - 0138056 _____ () C:\Users\Pedro\AppData\Roaming\PnkBstrK.sys 2016-02-17 21:12 - 2016-02-17 22:05 - 0000511 _____ () C:\Users\Pedro\AppData\Local\DialogChoices.xml 2014-02-03 14:12 - 2014-02-03 14:28 - 0014318 _____ () C:\Users\Pedro\AppData\Local\log.txt 2014-02-03 14:11 - 2011-06-10 23:58 - 0421200 _____ (Microsoft Corporation) C:\Users\Pedro\AppData\Local\msvcp100.dll 2014-02-03 14:11 - 2011-06-10 23:58 - 0773968 _____ (Microsoft Corporation) C:\Users\Pedro\AppData\Local\msvcr100.dll 2014-02-03 14:11 - 2013-08-07 14:32 - 2598912 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Pedro\AppData\Local\QtCore4.dll 2014-02-03 14:11 - 2013-06-27 09:16 - 8581632 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Pedro\AppData\Local\QtGui4.dll 2014-02-03 14:11 - 2013-06-27 09:10 - 1053696 _____ (Digia Plc and/or its subsidiary(-ies)) C:\Users\Pedro\AppData\Local\QtNetwork4.dll 2013-09-11 18:42 - 2015-01-12 19:47 - 0007607 _____ () C:\Users\Pedro\AppData\Local\Resmon.ResmonCfg 2016-02-13 19:23 - 2016-02-13 19:23 - 0000003 _____ () C:\Users\Pedro\AppData\Local\updater.log 2014-01-13 11:28 - 2016-03-30 15:01 - 0000059 _____ () C:\Users\Pedro\AppData\Local\UserProducts.xml 2014-10-04 23:48 - 2014-10-04 23:48 - 0000000 _____ () C:\Users\Pedro\AppData\Local\{74F714DF-304D-4365-84F5-907E2218D876} Alguns arquivos em TEMP: ==================== C:\Users\Pedro\AppData\Local\Temp\Adw.exe C:\Users\Pedro\AppData\Local\Temp\JRT.exe C:\Users\Pedro\AppData\Local\Temp\libeay32.dll C:\Users\Pedro\AppData\Local\Temp\msvcr120.dll C:\Users\Pedro\AppData\Local\Temp\sqlite3.dll C:\Users\Pedro\AppData\Local\Temp\ZHPCleaner-2015.4.26.191.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe [2011-05-08 09:30] - [2015-12-08 19:19] - 2616832 ____A (Microsoft Corporation) 89D26AF0F2DAB60B67B4896066E79558 C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe [2011-06-21 14:32] - [2015-11-22 16:52] - 0027136 ____A (Microsoft Corporation) E777AD06E20B181E82A670E54C1C57C6 C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-03-29 13:57 ==================== Fim de FRST.txt ============================