Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01 Executado por Branco (administrador) em BRANCO-PC (23-03-2016 11:33:05) Executando a partir de C:\Users\Branco\Downloads Perfis Carregados: Branco (Perfis Disponíveis: Branco) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\SysOptEngineSvc.exe (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\FasterNow.exe (Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\Primary Color\updatePrimaryColor.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [Baidu PC Faster 5.1.0.0] => C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-07] (Baidu, Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12205784 1999-12-31] (Realtek Semiconductor) HKLM\...\Run: [Baidu PC Faster 4.0.0.0] => C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-07] (Baidu, Inc.) HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe" HKLM\...\Run: [win_en_77] => "C:\Program Files\win_en_77\win_en_77.exe" HKLM\...\Run: [sun21] => [X] HKLM\...\Run: [un] => C:\Users\Branco\AppData\Local\Temp\un.exe /start <===== ATENÇÃO HKLM\...\Run: [rec_en_221] => "C:\Program Files\rec_en_221\rec_en_221.exe" HKLM\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] () HKLM\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] () HKLM\...\Run: [RazerCortex] => C:\Program Files\Razer\Razer Cortex\RazerCortex.exe [2265928 2016-02-26] (Razer Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation) HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Run: [uTorrent] => C:\Users\Branco\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-02-25] (BitTorrent Inc.) HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Branco\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Run: [YeaInstaller] => C:\Users\Branco\AppData\Local\Temp\CU6BHY8P8\CU6BHY8P8.exe [1968128 2016-03-11] (TZ) <===== ATENÇÃO HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [1888256 2016-03-02] () HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\F9A8B7D3FAB1BD35CB5A96050ADC2F9F.dll Start /DEFAULT HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Run: [Pritc] => C:\Windows\TEMP\is-IOVE3.tmp\print.exe [2960896 2016-03-03] (VLOME) <===== ATENÇÃO HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-219047011-488505859-3757021965-1000\...\MountPoints2: {05f79673-dc03-11e5-bee0-e89a8fd68ab6} - G:\SETUP.EXE ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Branco\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Branco\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Branco\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.25.1 Tcpip\..\Interfaces\{003CC5E5-C234-45BA-8D54-E401CC2B2EEB}: [DhcpNameServer] 192.168.25.1 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-219047011-488505859-3757021965-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-20] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Windows\system32\config\systemprofile\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-06-18] () BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-20] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Branco\AppData\Roaming\Mozilla\Firefox\Profiles\tlaymlb8.default FF Homepage: search.mpc.am FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-20] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-13] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-03] [não assinado] Chrome: ======= CHR HomePage: Default -> search.mpc.am CHR StartupUrls: Default -> "search.mpc.am" CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968 CHR DefaultSearchKeyword: Default -> MPC Safe Search CHR Profile: C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-16] CHR Extension: (Google Docs) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-16] CHR Extension: (Google Drive) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-14] CHR Extension: (YouTube) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-14] CHR Extension: (Google Search) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-14] CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-03-22] CHR Extension: (Planilhas do Google) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-16] CHR Extension: (Documentos Google off-line) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (Super Animes) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\glokngbimckbfigmglafekkfcaflbaef [2016-02-14] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-14] CHR Extension: (Gmail) - C:\Users\Branco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-14] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 AppMgr3.57.4713165; C:\ProgramData\AppMgr3.57.4713165\AppMgr.exe [488360 2016-03-23] () S4 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082232 2016-01-15] (Disc Soft Ltd) S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-01-11] () [Arquivo não assinado] S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-16] (TODO: ) [Arquivo não assinado] S2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation) S2 MiniService; C:\Users\Branco\AppData\Local\MiniService\MiniService.exe [106296 2016-03-16] (Baidu Inc.) S3 npggsvc; C:\Windows\system32\GameMon.des [3621784 2015-12-15] (INCA Internet Co., Ltd.) R2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448 2015-05-07] (Baidu, Inc.) S2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [190120 2016-01-29] () S2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [132864 2016-02-26] (Razer Inc.) R2 Update Primary Color; C:\Program Files\Primary Color\updatePrimaryColor.exe [660904 2016-03-23] () S2 Util Primary Color; C:\Program Files\Primary Color\bin\utilPrimaryColor.exe [660904 2016-03-23] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S2 XapcnPhoneService; C:\Program Files\爱应用PC版\wp8svc.exe [34776 2014-05-21] () [Arquivo não assinado] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X] S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X] S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X] S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X] S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X] S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X] S2 Update Web Amplified; "C:\Program Files\Web Amplified\updateWebAmplified.exe" [X] S2 Util Web Amplified; "C:\Program Files\Web Amplified\bin\utilWebAmplified.exe" [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-03-31] (Baidu, Inc.) R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [113992 2015-03-31] (Baidu, Inc.) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [49408 2016-03-11] (Cherimoya Ltd) [Arquivo não assinado] R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-02-25] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-02-25] (Disc Soft Ltd) R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [489832 2013-11-21] (Intel Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [24424 2013-11-21] (Intel Corporation) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [100504 1999-12-31] (Qualcomm Atheros Co., Ltd.) R3 PCFApiUtil; C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [118152 2015-03-31] (Baidu, Inc.) R2 SPDRIVER_1.42.1.10650; C:\Program Files\ShopperPro3\JSDriver\1.42.1.10650\jsdrv.sys [32256 2016-03-13] () [Arquivo não assinado] R1 {333b9599-10bc-4dd6-bf9d-3e9ff9ed1474}Gw; C:\Windows\System32\drivers\{333b9599-10bc-4dd6-bf9d-3e9ff9ed1474}Gw.sys [43112 2016-03-10] (StdLib) R1 {786e1909-a881-43dd-a702-77d1bd01d1fb}Gw; C:\Windows\System32\drivers\{786e1909-a881-43dd-a702-77d1bd01d1fb}Gw.sys [42824 2016-03-23] (StdLib) R0 MPCBase; System32\drivers\MPCBase.sys [X] R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] S2 rzpmgrk; \??\C:\Windows\system32\drivers\rzpmgrk.sys [X] S2 rzpnk; \??\C:\Windows\system32\drivers\rzpnk.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-23 11:33 - 2016-03-23 11:33 - 00015262 _____ C:\Users\Branco\Downloads\FRST.txt 2016-03-23 11:32 - 2016-03-23 11:33 - 00000000 ____D C:\FRST 2016-03-23 11:31 - 2016-03-23 11:31 - 01725440 _____ (Farbar) C:\Users\Branco\Downloads\FRST.exe 2016-03-23 11:02 - 2016-03-23 11:02 - 00000000 ____D C:\Users\Todos os Usuários\6534aa3a-6df1-0 2016-03-23 11:02 - 2016-03-23 11:02 - 00000000 ____D C:\ProgramData\6534aa3a-6df1-0 2016-03-23 10:32 - 2016-03-23 10:32 - 00000000 ____D C:\Users\Branco\AppData\Roaming\MCorp 2016-03-23 10:31 - 2016-03-23 03:07 - 00042824 _____ (StdLib) C:\Windows\system32\Drivers\{786e1909-a881-43dd-a702-77d1bd01d1fb}Gw.sys 2016-03-23 10:29 - 2016-03-23 10:29 - 00000000 ____D C:\Users\Todos os Usuários\6534aa3a-5b73-1 2016-03-23 10:29 - 2016-03-23 10:29 - 00000000 ____D C:\ProgramData\6534aa3a-5b73-1 2016-03-23 07:18 - 2016-03-23 07:19 - 00000000 ____D C:\Users\Todos os Usuários\AppMgr3.57.4713165 2016-03-23 07:18 - 2016-03-23 07:19 - 00000000 ____D C:\ProgramData\AppMgr3.57.4713165 2016-03-23 07:17 - 2016-03-23 11:03 - 00000000 ____D C:\Program Files\Primary Color 2016-03-23 07:16 - 2016-03-23 11:02 - 00000000 ____D C:\Users\Branco\AppData\LocalLow\uTorrent 2016-03-23 07:15 - 2016-03-23 11:25 - 00000000 ____D C:\Program Files\MPC Cleaner 2016-03-22 15:52 - 2016-03-22 15:53 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Mozilla 2016-03-22 15:52 - 2016-03-22 15:52 - 00000000 ____D C:\Users\Branco\AppData\Local\Mozilla 2016-03-22 15:51 - 2016-03-23 11:03 - 00001165 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-22 15:51 - 2016-03-23 11:03 - 00001153 ____R C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-03-22 15:51 - 2016-03-22 15:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-03-22 15:49 - 2016-03-22 15:50 - 43499792 _____ C:\Users\Branco\Downloads\Firefox Setup 45.0.exe 2016-03-22 15:31 - 2016-03-22 22:34 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-22 15:31 - 2016-03-22 22:34 - 00001184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-22 15:28 - 2016-03-23 11:00 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-22 15:28 - 2016-03-22 15:28 - 00001226 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-03-22 15:28 - 2015-03-31 03:22 - 00113992 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BprotectEx.sys 2016-03-22 15:28 - 2015-03-31 03:22 - 00046440 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys 2016-03-20 14:42 - 2016-03-20 14:45 - 00000000 ____D C:\Users\Branco\Desktop\SkyrimConfigBackup 2016-03-20 14:42 - 2016-03-20 14:42 - 00000000 ____D C:\Users\Branco\Downloads\ULG4S 2016-03-20 14:29 - 2016-03-20 15:32 - 00000000 ____D C:\Users\Branco\AppData\Local\ULG 2016-03-20 14:15 - 2016-03-20 14:15 - 00919786 _____ C:\Users\Branco\Downloads\ULG Installer - 4S-17137-4-0.zip 2016-03-20 14:08 - 2016-03-20 14:08 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Sun 2016-03-20 14:08 - 2016-03-20 14:08 - 00000000 ____D C:\Users\Branco\AppData\LocalLow\Sun 2016-03-20 14:08 - 2016-03-20 14:08 - 00000000 ____D C:\Users\Branco\.oracle_jre_usage 2016-03-20 14:08 - 2016-03-20 14:08 - 00000000 ____D C:\Program Files\Common Files\Java 2016-03-20 14:07 - 2016-03-20 14:07 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2016-03-20 14:07 - 2016-03-20 14:07 - 00000000 ____D C:\ProgramData\Oracle 2016-03-20 14:07 - 2016-03-20 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-03-20 14:06 - 2016-03-20 14:06 - 00916058 _____ C:\Users\Branco\Downloads\ULG Installer - 5S-17137-5-0.zip 2016-03-20 14:06 - 2016-03-20 14:06 - 00000000 ____D C:\Program Files\Java 2016-03-20 14:05 - 2016-03-20 14:05 - 00735328 _____ (Oracle Corporation) C:\Users\Branco\Downloads\chromeinstall-8u73.exe 2016-03-20 14:05 - 2016-03-20 14:05 - 00000000 ____D C:\Users\Branco\AppData\LocalLow\Oracle 2016-03-20 10:49 - 2015-11-11 08:57 - 00121741 _____ C:\Users\Branco\Desktop\ULGX.jar 2016-03-18 10:27 - 2016-03-18 10:27 - 00118995 _____ C:\Users\Branco\Downloads\ULGX Beta-17137-10-0b11.zip 2016-03-18 10:23 - 2016-03-18 10:24 - 00000000 ____D C:\Users\Branco\Documents\Nexus Mod Manager 2016-03-18 10:23 - 2016-03-18 10:23 - 00000000 ____D C:\Users\Branco\AppData\Local\Black_Tree_Gaming 2016-03-18 10:11 - 2016-03-18 10:11 - 01424328 _____ (Microsoft Corporation) C:\Users\Branco\Downloads\NDP461-KB3102438-Web.exe 2016-03-18 10:10 - 2016-03-18 10:10 - 00001043 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk 2016-03-18 10:10 - 2016-03-18 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager 2016-03-18 10:10 - 2016-03-18 10:10 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2016-03-18 10:08 - 2016-03-18 10:08 - 05495448 _____ (Black Tree Gaming ) C:\Users\Branco\Downloads\Nexus Mod Manager-0.61.14.exe 2016-03-17 23:49 - 2016-03-18 00:06 - 00000000 ____D C:\Users\Branco\Downloads\Curso de Japonês 2016-03-16 16:02 - 2016-03-16 16:02 - 00000000 ____D C:\Users\Branco\Tracing 2016-03-16 15:58 - 2016-03-23 11:05 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Skype 2016-03-16 15:58 - 2016-03-16 15:58 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk 2016-03-16 15:58 - 2016-03-16 15:58 - 00000000 ___RD C:\Program Files\Skype 2016-03-16 15:58 - 2016-03-16 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-03-16 15:58 - 2016-03-16 15:58 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-03-16 15:57 - 2016-03-16 15:58 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-03-16 15:57 - 2016-03-16 15:58 - 00000000 ____D C:\ProgramData\Skype 2016-03-16 15:56 - 2016-03-16 15:56 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Branco\Downloads\SkypeSetup.exe 2016-03-16 15:29 - 2016-03-16 15:29 - 00000000 ____D C:\Users\Branco\AppData\LocalLow\Adobe 2016-03-16 15:02 - 2016-03-16 15:30 - 00000000 ____D C:\Users\Branco\AppData\Local\Adobe 2016-03-16 15:01 - 2016-03-16 15:01 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe 2016-03-16 15:01 - 2016-03-16 15:01 - 00000000 ____D C:\Users\Todos os Usuários\Adobe 2016-03-16 15:01 - 2016-03-16 15:01 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Thinstall 2016-03-16 15:01 - 2016-03-16 15:01 - 00000000 ____D C:\Users\Branco\AppData\Local\Thinstall 2016-03-16 15:01 - 2016-03-16 15:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-03-16 15:01 - 2016-03-16 15:01 - 00000000 ____D C:\ProgramData\Adobe 2016-03-16 15:01 - 2014-04-23 21:58 - 00000000 ____D C:\Users\Branco\Desktop\Photoshop CS5 Portable [Portugues] 2016-03-16 15:00 - 2016-03-16 15:01 - 167729172 _____ C:\Users\Branco\Downloads\Photoshop CS5 Portable [Portugues].rar 2016-03-16 09:29 - 2016-03-16 09:32 - 85159399 _____ C:\Users\Branco\Downloads\Rayman_Fiesta_Run_v1.0.0.17-Winphonehub.xap 2016-03-16 08:12 - 2016-03-16 08:12 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro3 2016-03-16 08:12 - 2016-03-16 08:12 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3 2016-03-16 08:12 - 2016-03-16 08:12 - 00000000 ____D C:\ProgramData\ShopperPro3 2016-03-16 08:12 - 2016-03-16 08:12 - 00000000 ____D C:\Program Files\ShopperPro3 2016-03-16 08:11 - 2016-03-23 10:28 - 00897677 _____ C:\Users\Todos os Usuários\YSIns.exe 2016-03-16 08:11 - 2016-03-23 10:28 - 00897677 _____ C:\ProgramData\YSIns.exe 2016-03-16 08:11 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe 2016-03-16 08:11 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe 2016-03-16 08:11 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe 2016-03-16 08:11 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe 2016-03-16 08:10 - 2016-03-23 11:27 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-03-16 08:10 - 2016-03-23 11:27 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-03-16 08:10 - 2016-03-23 11:02 - 00015482 _____ C:\Users\Todos os Usuários\webad.xml 2016-03-16 08:10 - 2016-03-23 11:02 - 00015482 _____ C:\ProgramData\webad.xml 2016-03-16 08:10 - 2016-03-16 08:10 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2016-03-16 08:10 - 2016-03-16 08:10 - 00000000 ____D C:\ProgramData\Windows Update 2016-03-16 08:10 - 2016-03-02 10:49 - 01888256 _____ C:\Users\Todos os Usuários\msiql.exe 2016-03-16 08:10 - 2016-03-02 10:49 - 01888256 _____ C:\ProgramData\msiql.exe 2016-03-16 08:10 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe 2016-03-16 08:10 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2016-03-15 11:08 - 2016-03-15 11:08 - 00000000 _____ C:\Users\Branco\AppData\Local\{EC0EB707-A8AC-4AF6-819D-DF690771905D} 2016-03-14 20:52 - 2016-03-14 20:52 - 00001203 _____ C:\Users\Branco\Desktop\Stardew Valley - Atalho.lnk 2016-03-14 20:39 - 2016-03-20 18:28 - 00000000 ____D C:\Users\Branco\AppData\Roaming\StardewValley 2016-03-14 20:37 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2016-03-14 20:37 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2016-03-14 20:37 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2016-03-14 20:37 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2016-03-14 20:37 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2016-03-14 20:37 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2016-03-14 20:36 - 2016-03-14 20:36 - 00000000 ____D C:\Program Files\Microsoft XNA 2016-03-14 20:34 - 2016-03-14 20:52 - 00000000 ____D C:\Users\Branco\Desktop\IGG-StardeValleyv1.051 2016-03-14 20:33 - 2016-03-14 20:34 - 302262929 _____ C:\Users\Branco\Downloads\IGG-StardeValleyv1.051.rar 2016-03-14 15:11 - 2016-03-14 15:11 - 00001074 _____ C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\爱应用PC版.lnk 2016-03-14 15:11 - 2016-03-14 15:11 - 00000000 ____D C:\Users\Branco\AppData\Roaming\XapcnClient 2016-03-14 15:11 - 2016-03-14 15:11 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱应用PC版 2016-03-14 15:10 - 2016-03-14 15:39 - 00000000 ____D C:\Program Files\爱应用PC版 2016-03-14 15:10 - 2016-03-14 15:10 - 00001050 _____ C:\Users\Branco\Desktop\爱应用PC版.lnk 2016-03-14 15:09 - 2016-03-14 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 7.1 2016-03-14 15:09 - 2016-03-14 15:09 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sdk7.1 2016-03-14 15:09 - 2016-03-14 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.0 2016-03-14 15:09 - 2016-03-14 15:09 - 00000000 ____D C:\Program Files\sdk7.1 2016-03-14 15:09 - 2016-03-14 15:09 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0 2016-03-14 14:13 - 2016-03-14 14:13 - 00000000 ____D C:\Users\Branco\Downloads\Windows Phone - Other hardware - WinUsb Device 2016-03-14 13:41 - 2016-03-14 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2016-03-14 13:38 - 2016-03-14 13:38 - 00000000 ____D C:\Program Files\Windows Phone Silverlight Kits 2016-03-14 13:36 - 2016-03-14 15:10 - 00000000 ____D C:\Program Files\Microsoft XDE 2016-03-14 13:36 - 2016-03-14 15:09 - 00000000 ____D C:\Program Files\Windows Phone Kits 2016-03-14 13:36 - 2016-03-14 13:44 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0 2016-03-14 13:36 - 2016-03-14 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1 2016-03-14 13:30 - 2015-06-04 11:02 - 00000000 ____D C:\Users\Branco\Desktop\WP8.1 SDK Tools Lite Setup Av1.20 2016-03-14 13:20 - 2016-03-14 13:26 - 00000000 ____D C:\Windows\system32\appmgmt 2016-03-14 13:08 - 2016-03-14 15:44 - 00000104 ____H C:\Users\Branco\AppData\Roaming\WPVXAP.setting 2016-03-14 12:41 - 2016-03-14 12:41 - 00000000 ____D C:\Users\Branco\Downloads\Windows Kits 2016-03-14 12:38 - 2016-03-14 12:38 - 00000000 ____D C:\Program Files\Windows Kits 2016-03-14 12:20 - 2016-03-17 12:00 - 00000000 ____D C:\Program Files\Microsoft SDKs 2016-03-14 11:50 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Todos os Usuários\service.exe 2016-03-14 11:50 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Branco\AppData\Roaming\service.exe 2016-03-14 11:50 - 2016-01-11 15:49 - 01734656 _____ C:\ProgramData\service.exe 2016-03-13 20:24 - 2015-12-15 04:58 - 03621784 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des 2016-03-13 20:24 - 2004-12-30 09:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys 2016-03-13 20:24 - 2003-07-15 18:17 - 00005174 _____ C:\Windows\system32\nppt9x.vxd 2016-03-13 20:23 - 2016-03-13 20:23 - 00000000 ____D C:\Program Files\Common Files\INCA Shared 2016-03-13 19:10 - 2016-03-13 21:14 - 00000737 _____ C:\Users\Public\Desktop\Ragnarok.lnk 2016-03-13 19:10 - 2016-03-13 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up 2016-03-13 18:51 - 2016-03-13 18:51 - 00000000 ____D C:\Level Up 2016-03-13 18:16 - 2016-03-13 18:35 - 1862719622 ____R (Level Up! Games ) C:\Users\Branco\Downloads\Instalador_Client_Ragnarok_20150422.exe 2016-03-12 16:05 - 2016-03-12 16:05 - 00001523 _____ C:\Users\Branco\Desktop\GrandChase - Atalho.lnk 2016-03-12 16:01 - 2016-03-12 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Chase History 2016-03-12 15:33 - 2016-03-12 16:23 - 00000000 ____D C:\Program Files\Grand Chase History 2016-03-12 11:39 - 2016-03-12 12:35 - 00000000 ____D C:\Users\Branco\Documents\DragonNest 2016-03-12 10:25 - 2016-03-12 13:09 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-03-11 09:38 - 2016-03-11 09:38 - 00081768 ____R (Microsoft Corporation) C:\Windows\xinput1_3.dll 2016-03-11 09:36 - 2016-03-11 09:36 - 01892184 ____R (Microsoft Corporation) C:\Windows\d3dx9_42.dll 2016-03-11 09:33 - 2016-03-11 09:33 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-03-11 09:33 - 2016-03-11 09:33 - 00000372 __RSH C:\ProgramData\ntuser.pol 2016-03-11 09:32 - 2016-03-11 09:32 - 00000000 ____D C:\Users\Branco\AppData\Local\macpromosoft 2016-03-11 09:16 - 2016-03-11 09:16 - 00000000 ____D C:\Program Files\Tencent 2016-03-11 09:15 - 2016-03-11 09:16 - 00000000 ____D C:\Users\Todos os Usuários\Tencent 2016-03-11 09:15 - 2016-03-11 09:16 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Tencent 2016-03-11 09:15 - 2016-03-11 09:16 - 00000000 ____D C:\ProgramData\Tencent 2016-03-11 09:14 - 2016-03-11 09:14 - 00000000 ____D C:\Users\Branco\AppData\Local\rec_en_221 2016-03-11 09:14 - 2016-03-11 09:10 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-03-11 09:13 - 2016-03-11 09:35 - 00000000 ____D C:\Program Files\64F5BFA8-1457698412-FC40-B9EE-E89A8FD68AB6 2016-03-11 09:12 - 2016-03-11 09:13 - 00000000 ___HD C:\Users\Branco\Documents\Panda StickyNotes 2016-03-11 09:11 - 2016-03-10 06:30 - 00043112 _____ (StdLib) C:\Windows\system32\Drivers\{333b9599-10bc-4dd6-bf9d-3e9ff9ed1474}Gw.sys 2016-03-11 09:09 - 2016-03-11 09:09 - 00000000 ____D C:\Users\Branco\AppData\Roaming\UG 2016-03-11 09:08 - 2016-03-11 09:33 - 00000000 ____D C:\Program Files\UPCleaner 2016-03-11 09:07 - 2016-03-11 09:07 - 00000000 ____D C:\Users\Branco\AppData\LocalLow\Company 2016-03-11 09:07 - 2016-03-11 09:07 - 00000000 ____D C:\Users\Branco\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-03-11 09:07 - 2016-03-11 09:07 - 00000000 ____D C:\uninst 2016-03-11 09:06 - 2016-03-11 09:10 - 00000000 ____D C:\Program Files\Sound+ 2016-03-11 09:06 - 2016-03-11 09:06 - 00000000 ____D C:\Users\Branco\AppData\Local\win_en_77 2016-03-11 08:45 - 2016-03-11 08:45 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2016-03-11 08:45 - 2016-03-11 08:45 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2016-03-11 08:45 - 2016-03-11 08:45 - 00000000 ____D C:\ProgramData\TEMP 2016-03-11 08:45 - 2015-02-17 11:20 - 00018992 _____ (Dll-Files.com) C:\Windows\system32\roboot.exe 2016-03-11 08:35 - 2016-03-18 10:29 - 00000000 ____D C:\Users\Branco\AppData\Local\Skyrim 2016-03-11 08:35 - 2016-03-11 08:35 - 00000000 ____D C:\Users\Branco\Documents\My Games 2016-03-11 07:57 - 2016-03-11 09:07 - 00049408 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-03-10 18:36 - 2016-03-10 18:36 - 00001800 _____ C:\Users\Branco\Desktop\Play The Elder Scrolls V Skyrim.lnk 2016-03-10 06:44 - 2016-03-18 10:24 - 00000000 ____D C:\Games 2016-03-09 22:28 - 2016-03-09 23:53 - 00000000 ____D C:\Users\Branco\Downloads\The Elder Scrolls V Skyrim PC full game + DLC ^^nosTEAM^^ 2016-03-08 19:54 - 2016-03-08 19:54 - 00000000 ____D C:\Users\Branco\Documents\Modelos Personalizados do Office 2016-03-08 19:15 - 2016-03-08 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-03-08 19:15 - 2016-03-08 19:15 - 00002901 _____ C:\Users\Branco\Desktop\Word 2013.lnk 2016-03-08 19:13 - 2016-03-08 19:13 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-03-08 19:10 - 2016-03-08 19:10 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2016-03-08 19:10 - 2016-03-08 19:10 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-08 19:09 - 2016-03-22 15:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-03-08 19:09 - 2016-03-08 19:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2016-03-08 19:09 - 2016-03-08 19:09 - 00000000 ____D C:\Windows\PCHEALTH 2016-03-08 19:03 - 2016-03-08 19:03 - 00000000 ____D C:\Program Files\Microsoft Analysis Services 2016-03-08 19:02 - 2016-03-08 19:23 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-03-08 19:02 - 2016-03-08 19:09 - 00000000 ____D C:\Program Files\Microsoft Office 2016-03-08 19:02 - 2016-03-08 19:02 - 00000000 ____D C:\Users\Branco\AppData\Local\Microsoft Help 2016-03-08 18:38 - 2016-03-08 18:44 - 681619456 _____ C:\Users\Branco\Downloads\OfficeProfessionalPlus_x86_pt-br.img 2016-03-08 10:03 - 2016-03-08 12:02 - 00000000 ____D C:\Users\Branco\Documents\MEGAsync Downloads 2016-03-08 10:03 - 2016-03-08 10:03 - 00000000 ___RD C:\Users\Branco\Documents\MEGA 2016-03-08 10:01 - 2016-03-08 10:01 - 00000000 ____D C:\Users\Branco\AppData\Local\Mega Limited 2016-03-07 19:47 - 2016-03-07 19:47 - 00088280 ____H C:\Windows\system32\mlfcache.dat 2016-03-07 10:35 - 2016-03-07 10:52 - 00000000 ____D C:\Wooxy 2016-03-07 10:35 - 2016-03-07 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wooxy 2016-03-04 11:30 - 2016-03-05 13:23 - 00000000 ____D C:\Users\Branco\Downloads\euescuto.com.br - Gorillaz 2016-03-04 11:12 - 2016-03-04 11:27 - 191333281 _____ C:\Users\Branco\Downloads\euescuto.com.br_-_Gorillaz.zip 2016-03-01 22:10 - 2016-03-01 22:10 - 01144750 _____ C:\Users\Branco\Downloads\12734846_1699190990296083_1740417283_n.mp4 2016-02-28 17:16 - 2016-02-28 17:16 - 00001196 _____ C:\Users\Branco\Desktop\_Launcher - Atalho.lnk 2016-02-28 15:15 - 2016-03-11 09:09 - 00001734 _____ C:\Users\Branco\Desktop\GrandFantasiaPT.lnk 2016-02-28 15:15 - 2016-02-28 15:15 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2016-02-28 15:03 - 2016-02-28 15:03 - 00000000 ____D C:\Users\Branco\AppData\Local\Aeria Games 2016-02-28 12:27 - 2016-02-28 12:27 - 00000000 ____D C:\Users\Todos os Usuários\Aeria Games 2016-02-28 12:27 - 2016-02-28 12:27 - 00000000 ____D C:\ProgramData\Aeria Games 2016-02-28 12:21 - 2016-02-28 16:58 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin 2016-02-28 12:21 - 2016-02-28 12:21 - 00001986 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk 2016-02-28 12:21 - 2016-02-28 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2016-02-28 12:21 - 2016-02-28 12:21 - 00000000 ____D C:\Program Files\Aeria Games 2016-02-28 12:20 - 2016-02-28 12:20 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Aeria Games & Entertainment 2016-02-28 11:43 - 2016-02-28 12:21 - 00000000 ____D C:\AeriaGames 2016-02-28 11:43 - 2016-02-28 11:43 - 00500832 _____ (Aeria Games & Entertainment) C:\Users\Branco\Downloads\grandfantasia_pt_downloader.exe 2016-02-26 23:06 - 2016-02-26 23:06 - 00000000 ____D C:\Users\Branco\Documents\NEKO WORKs 2016-02-26 23:01 - 2016-02-26 23:01 - 00001669 _____ C:\Users\Branco\Desktop\nekopara_vol1 - Atalho.lnk 2016-02-26 22:59 - 2016-02-26 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEKO WORKs 2016-02-26 22:54 - 2016-02-26 22:54 - 00000000 ____D C:\Program Files\NEKO WORKs 2016-02-26 22:45 - 2016-03-07 09:25 - 00000000 ____D C:\Users\Branco\Downloads\nekopara_vol1 2016-02-26 22:06 - 2016-02-26 22:06 - 00001017 _____ C:\Users\Branco\Desktop\MEGAsync.lnk 2016-02-26 22:06 - 2016-02-26 22:06 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync 2016-02-26 22:03 - 2016-03-20 10:34 - 00000000 ____D C:\Users\Branco\AppData\Local\MEGAsync 2016-02-26 22:00 - 2016-02-26 22:02 - 10397616 _____ (MEGA Limited) C:\Users\Branco\Downloads\MEGAsyncSetup.exe 2016-02-26 00:23 - 2016-02-26 00:23 - 00000000 ____D C:\Users\Branco\AppData\Local\CEF 2016-02-26 00:22 - 2016-02-26 00:22 - 00000000 ____D C:\Users\Branco\AppData\Local\Steam 2016-02-25 23:42 - 2016-03-12 13:11 - 00000000 ____D C:\Program Files\Steam 2016-02-25 23:42 - 2016-03-12 13:08 - 00000000 ____D C:\Program Files\Common Files\Steam 2016-02-25 23:42 - 2016-02-25 23:42 - 00000921 _____ C:\Users\Public\Desktop\Steam.lnk 2016-02-25 23:42 - 2016-02-25 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-02-25 23:40 - 2016-02-25 23:41 - 01380712 _____ C:\Users\Branco\Downloads\SteamSetup.exe 2016-02-25 22:50 - 2016-02-25 22:50 - 00000000 ____D C:\Users\Branco\AppData\Roaming\NekoWorks 2016-02-25 22:27 - 2016-02-25 22:57 - 00000000 ____D C:\Program Files\NEKOPARA Vol. 2 2016-02-25 22:27 - 2016-02-25 22:27 - 00000832 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEKOPARA Vol. 2.lnk 2016-02-25 22:27 - 2016-02-25 22:27 - 00000820 _____ C:\Users\Public\Desktop\NEKOPARA Vol. 2.lnk 2016-02-25 22:25 - 2016-02-25 22:26 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2016-02-25 22:25 - 2016-02-25 22:25 - 00001926 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2016-02-25 22:25 - 2016-02-25 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2016-02-25 22:17 - 2016-02-25 22:17 - 00000000 ____D C:\Users\Branco\AppData\Local\Disc_Soft_Ltd 2016-02-25 22:06 - 2016-02-25 22:06 - 00040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2016-02-25 22:06 - 2016-02-25 22:06 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2016-02-25 22:01 - 2016-02-25 22:17 - 00000000 ____D C:\Users\Branco\AppData\Roaming\DAEMON Tools Lite 2016-02-25 22:01 - 2016-02-25 22:01 - 00026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2016-02-25 21:59 - 2016-02-25 22:00 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite 2016-02-25 21:59 - 2016-02-25 22:00 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite 2016-02-25 21:49 - 2016-02-25 21:49 - 00689160 _____ (Disc Soft Ltd.) C:\Users\Branco\Downloads\DTLiteInstaller.exe 2016-02-25 21:14 - 2016-03-23 11:02 - 00000000 ___SD C:\Users\Branco\AppData\LocalLow\Temp 2016-02-25 21:13 - 2016-02-25 21:13 - 00002606 _____ C:\Users\Branco\Desktop\µTorrent.lnk 2016-02-25 21:13 - 2016-02-25 21:13 - 00002606 _____ C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-02-25 21:12 - 2016-03-23 11:02 - 00000000 ____D C:\Users\Branco\AppData\Roaming\uTorrent 2016-02-25 21:11 - 2016-02-25 21:11 - 02094080 _____ (BitTorrent Inc.) C:\Users\Branco\Downloads\uTorrent.exe ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-23 11:22 - 2016-02-17 18:54 - 00000000 ____D C:\Program Files\baidu 2016-03-23 11:16 - 2016-02-20 11:03 - 00000000 ____D C:\Users\Todos os Usuários\BCloudScan_exe 2016-03-23 11:16 - 2016-02-20 11:03 - 00000000 ____D C:\ProgramData\BCloudScan_exe 2016-03-23 11:10 - 2016-02-14 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster 2016-03-23 11:03 - 2016-02-14 16:04 - 00002175 ____R C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-23 11:03 - 2009-07-13 23:04 - 00000580 _____ C:\Windows\win.ini 2016-03-23 07:16 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2016-03-22 22:14 - 2016-02-17 12:29 - 00000378 _____ C:\Windows\Tasks\update-sys.job 2016-03-22 21:27 - 2016-02-17 12:29 - 00000378 _____ C:\Windows\Tasks\update-S-1-5-21-219047011-488505859-3757021965-1000.job 2016-03-22 20:58 - 2016-02-14 15:57 - 00000000 ____D C:\Users\Branco\Downloads\Ta kawaii ta desu 2016-03-22 20:01 - 2016-02-17 12:30 - 00000000 ____D C:\Users\Branco\Documents\Lightshot 2016-03-22 16:04 - 2016-02-20 23:34 - 00000000 ____D C:\Users\Branco\Downloads\Osu beatmap 2016-03-22 15:16 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\registration 2016-03-21 11:11 - 2016-02-14 15:51 - 00000000 ____D C:\Users\Branco 2016-03-20 12:00 - 2016-02-14 15:51 - 00000000 ____D C:\Users\Branco\AppData\Local\VirtualStore 2016-03-20 11:45 - 2016-02-15 11:20 - 00000000 ____D C:\Users\Branco\AppData\Local\Razer 2016-03-20 11:44 - 2016-02-15 11:15 - 00002021 _____ C:\Users\Public\Desktop\Razer Cortex.lnk 2016-03-20 11:43 - 2016-02-15 11:13 - 00000000 ____D C:\Users\Todos os Usuários\Razer 2016-03-20 11:43 - 2016-02-15 11:13 - 00000000 ____D C:\ProgramData\Razer 2016-03-20 11:42 - 2016-02-15 11:13 - 00000000 ____D C:\Program Files\Razer 2016-03-16 22:34 - 2016-02-14 15:56 - 00000000 ____D C:\Users\Branco\Downloads\Menes 2016-03-16 15:02 - 2016-02-14 18:47 - 00000000 ____D C:\Users\Branco\AppData\Roaming\Adobe 2016-03-16 08:43 - 2016-02-17 18:53 - 00000000 ____D C:\Users\Branco\AppData\Local\MiniService 2016-03-16 08:12 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-03-15 11:18 - 2009-07-14 01:33 - 00461696 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-14 22:51 - 2016-02-14 16:04 - 00002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-14 20:36 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-03-14 15:44 - 2013-11-08 16:54 - 00000000 ____D C:\Users\Branco\Downloads\WP8 SDK Tools Lite Setup Av1.0 2016-03-14 15:12 - 2015-12-05 14:13 - 00000000 ____D C:\XapcnDownLoad 2016-03-14 15:09 - 2009-07-14 01:52 - 00000000 ____D C:\Program Files\MSBuild 2016-03-14 14:15 - 2016-02-14 16:01 - 00115392 _____ C:\Users\Branco\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-14 12:38 - 2016-02-15 11:14 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-03-14 12:38 - 2016-02-15 11:14 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-13 22:38 - 2016-02-14 16:02 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-11 09:09 - 2016-02-14 15:52 - 00001389 _____ C:\Users\Branco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-08 19:13 - 2011-02-05 15:01 - 00000000 ____D C:\Windows\ShellNew 2016-03-08 19:06 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\System 2016-03-05 23:35 - 2016-02-15 18:52 - 00000000 ____D C:\Users\Branco\Downloads\Musica de uns animo massa 2016-02-27 10:42 - 2016-02-14 18:15 - 00007609 _____ C:\Users\Branco\AppData\Local\Resmon.ResmonCfg 2016-02-25 22:50 - 2016-02-14 17:01 - 00000000 ____D C:\Users\Todos os Usuários\Steam 2016-02-25 22:50 - 2016-02-14 17:01 - 00000000 ____D C:\ProgramData\Steam 2016-02-22 19:15 - 2016-02-20 22:45 - 00000000 ____D C:\Users\Branco\AppData\Local\osu! ==================== Arquivos na raiz de alguns diretórios ======= 2016-03-14 11:50 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\Branco\AppData\Roaming\service.exe 2016-03-14 13:08 - 2016-03-14 15:44 - 0000104 ____H () C:\Users\Branco\AppData\Roaming\WPVXAP.setting 2016-02-14 18:15 - 2016-02-27 10:42 - 0007609 _____ () C:\Users\Branco\AppData\Local\Resmon.ResmonCfg 2016-02-17 12:29 - 2016-02-17 12:29 - 0000003 _____ () C:\Users\Branco\AppData\Local\updater.log 2016-02-17 12:29 - 2016-02-17 12:29 - 0000412 _____ () C:\Users\Branco\AppData\Local\UserProducts.xml 2016-03-15 11:08 - 2016-03-15 11:08 - 0000000 _____ () C:\Users\Branco\AppData\Local\{EC0EB707-A8AC-4AF6-819D-DF690771905D} 2016-02-14 16:21 - 2016-02-14 16:21 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-03-16 08:11 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe 2016-02-14 18:39 - 2016-02-14 18:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-02-14 17:54 - 2016-02-14 17:54 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js 2016-03-16 08:11 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe 2016-03-16 08:10 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2016-03-16 08:10 - 2016-03-02 10:49 - 1888256 _____ () C:\ProgramData\msiql.exe 2016-03-14 11:50 - 2016-01-11 15:49 - 1734656 _____ () C:\ProgramData\service.exe 2016-03-16 08:10 - 2016-03-23 11:02 - 0015482 _____ () C:\ProgramData\webad.xml 2016-03-16 08:11 - 2016-03-23 10:28 - 0897677 _____ () C:\ProgramData\YSIns.exe Arquivos para serem movidos ou deletados: ==================== C:\Users\Branco\AppData\Local\Temp\CU6BHY8P8\CU6BHY8P8.exe C:\Windows\TEMP\is-IOVE3.tmp\print.exe C:\ProgramData\delCalendarReg.exe C:\ProgramData\Duplicaterecord.js C:\ProgramData\HomePage.exe C:\ProgramData\LightGate.exe C:\ProgramData\msiql.exe C:\ProgramData\service.exe C:\ProgramData\YSIns.exe C:\Users\Todos os Usuários\delCalendarReg.exe C:\Users\Todos os Usuários\Duplicaterecord.js C:\Users\Todos os Usuários\HomePage.exe C:\Users\Todos os Usuários\LightGate.exe C:\Users\Todos os Usuários\msiql.exe C:\Users\Todos os Usuários\service.exe C:\Users\Todos os Usuários\YSIns.exe Alguns arquivos em TEMP: ==================== C:\Users\Branco\AppData\Local\Temp\bitool.dll C:\Users\Branco\AppData\Local\Temp\downloader_3.2.1504.1_347BR_366_20160310_1815.exe C:\Users\Branco\AppData\Local\Temp\LJ2D4R9TYA.exe C:\Users\Branco\AppData\Local\Temp\Notes_0017201_01.exe C:\Users\Branco\AppData\Local\Temp\ose00000.exe C:\Users\Branco\AppData\Local\Temp\qqpcmgr_v11.3.17201.218_73686_Silence.exe C:\Users\Branco\AppData\Local\Temp\Setup__2140_il56741.exe C:\Users\Branco\AppData\Local\Temp\spark_install(1).exe C:\Users\Branco\AppData\Local\Temp\spark_install.exe C:\Users\Branco\AppData\Local\Temp\ZVQ9DPA8W2.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-03-11 12:07 ==================== Fim de FRST.txt ============================