ï»¿Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) VersÃ£o: 18-01-2017
Executado por Bruno Jean (administrador) em BRUNOJEAN-PC (21-01-2017 15:18:46)
Executando a partir de C:\Users\Bruno Jean\Downloads\Programs
Perfis Carregados: Bruno Jean (Perfis DisponÃ­veis: Bruno Jean)
Platform: Windows 7 Ultimate (X64) Idioma: PortuguÃªs (Brasil)
Internet Explorer VersÃ£o 8 (Navegador padrÃ£o: Chrome)
Modo da InicializaÃ§Ã£o: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluÃ­da na fixlist, o processo serÃ¡ fechado. O arquivo nÃ£o serÃ¡ movido.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\KMS-R@1n.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(IntelÂ® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Windows\KMS-R@1nhook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(BitTorrent Inc.) C:\Users\Bruno Jean\AppData\Roaming\uTorrent\uTorrent.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(BitTorrent Inc.) C:\Users\Bruno Jean\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(BitTorrent Inc.) C:\Users\Bruno Jean\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(BitTorrent Inc.) C:\Users\Bruno Jean\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SumRando) C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\KMS-R@1nhook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluÃ­da na fixlist, o Ã­tem no Registro serÃ¡ restaurado para o padrÃ£o ou removido. O arquivo nÃ£o serÃ¡ movido.)

HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2016-06-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2016-06-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-21] (Oracle Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [DLLSuite2016] => C:\Users\Bruno Jean\AppData\Local\Temp\Rar$EXa0.253\App\DLLSuite.exe [5981200 2016-07-08] (VskSoft Crack UZ1) <===== ATENÃÃO
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2329536203-455655832-3415707955-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2329536203-455655832-3415707955-1000\...\Run: [uTorrent] => C:\Users\Bruno Jean\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-15] (BitTorrent Inc.)
HKU\S-1-5-21-2329536203-455655832-3415707955-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2016-07-02] (Tonec Inc.)
HKU\S-1-5-21-2329536203-455655832-3415707955-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nhook.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nhook.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2017-01-20]
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
Startup: C:\Users\Bruno Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-12-19]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(Se um Ã­tem for incluÃ­do na fixlist, sendo um Ã­tem do Registro, serÃ¡ removido ou restaurado para o padrÃ£o.)

Winsock: Catalog9 01 C:\Windows\system32\sslsp105.dll [75520 2016-08-26] (SumRando)
Winsock: Catalog9 02 C:\Windows\system32\sslsp105.dll [75520 2016-08-26] (SumRando)
Winsock: Catalog9 14 C:\Windows\system32\sslsp105.dll [75520 2016-08-26] (SumRando)
Winsock: Catalog9-x64 01 C:\Windows\system32\sslsp105.dll [75520 2016-08-26] (SumRando)
Winsock: Catalog9-x64 02 C:\Windows\system32\sslsp105.dll [75520 2016-08-26] (SumRando)
Winsock: Catalog9-x64 14 C:\Windows\system32\sslsp105.dll [75520 2016-08-26] (SumRando)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{06A2E5DF-24E1-4601-A0A1-AA2E272271C4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F3445BBB-F828-46DC-861C-5F14C27F01AD}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{F5C64A49-609E-48BA-9C08-9A5556BCAAC1}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-06-28] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-06-28] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2kn33mx7.default
FF ProfilePath: C:\Users\Bruno Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2kn33mx7.default [2017-01-21]
FF Extension: (Firefox Hotfix) - C:\Users\Bruno Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2kn33mx7.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-02]
FF Extension: (iMacros for Firefox) - C:\Users\Bruno Jean\AppData\Roaming\Mozilla\Firefox\Profiles\2kn33mx7.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-11-02]
FF HKU\S-1-5-21-2329536203-455655832-3415707955-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-11-09]
FF HKU\S-1-5-21-2329536203-455655832-3415707955-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Bruno Jean\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Bruno Jean\AppData\Roaming\IDM\idmmzcc5 [2017-01-21] [nÃ£o assinado]
FF HKU\S-1-5-21-2329536203-455655832-3415707955-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-06-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-06-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.facebook.com/bruno.jcsiva
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default [2017-01-21]
CHR Extension: (Facebook Video Downloader) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-09-03]
CHR Extension: (Google Docs) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-29]
CHR Extension: (Google Drive) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-30]
CHR Extension: (TVPlusNewtab) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekdinolamdcbedibgdgmnpngkdpbbah [2016-12-04]
CHR Extension: (YouTube) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-29]
CHR Extension: (Bola 8) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2016-12-21]
CHR Extension: (Adblock Plus) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Pesquisa do Google) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-28]
CHR Extension: (iMacros for Chrome) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp [2016-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Toolkit For Facebook) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcachklhcihfinmagjnlomehfdhndhep [2016-12-07]
CHR Extension: (Documentos Google off-line) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (Facebook - Delete All Messages) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2017-01-05]
CHR Extension: (Mogicons.com) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkdlcejbjnnmjgajjjfenejacioiimpp [2016-10-24]
CHR Extension: (GBBD GuardiÃ£o - ItaÃº 30 horas) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2016-06-30]
CHR Extension: (IDM Integration Module) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\Bruno Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-11-09]

==================== ServiÃ§os (Whitelisted) ====================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [384512 2016-06-27] (Digital Wave Ltd.) [Arquivo nÃ£o assinado]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-11-11] (ESET)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-06-29] () [Arquivo nÃ£o assinado]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [621632 2011-03-04] ()
R3 SumRandoVPNService; C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe [107776 2016-08-26] (SumRando)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2016-06-29] () [Arquivo nÃ£o assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (IntelÂ® Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-11-11] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [199680 2016-05-12] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-11-11] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-11-11] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-11-11] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-11-11] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-11-11] (ESET)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [407768 2015-09-10] (Realsil Semiconductor Corporation)
R3 tun3326; C:\Windows\System32\DRIVERS\tun3326.sys [32368 2013-03-22] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)


==================== Um MÃªs Criados arquivos e pastas ========

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2017-01-21 15:18 - 2017-01-21 15:18 - 00000000 ____D C:\FRST
2017-01-21 12:32 - 2017-01-21 12:32 - 01034556 _____ C:\Users\Bruno Jean\Downloads\Windows6.1-KB2999226-x64_2.msu
2017-01-21 12:29 - 2017-01-21 12:29 - 00629006 _____ C:\Users\Bruno Jean\Downloads\Windows6.1-KB2999226-x86.msu
2017-01-21 12:20 - 2017-01-21 12:20 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\VSK
2017-01-21 12:20 - 2017-01-21 12:20 - 00000000 ____D C:\ProgramData\VSK
2017-01-21 12:04 - 2017-01-21 12:04 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\Ralink
2017-01-21 12:04 - 2017-01-21 12:04 - 00000000 ____D C:\ProgramData\Ralink
2017-01-21 00:57 - 2017-01-21 01:00 - 00000000 ____D C:\Windows\system32\MRT
2017-01-21 00:57 - 2017-01-21 00:57 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-21 00:54 - 2011-04-09 04:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-21 00:53 - 2016-06-25 14:03 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2017-01-21 00:53 - 2011-04-09 04:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-21 00:53 - 2011-04-09 04:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-01-21 00:53 - 2011-04-09 04:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-01-21 00:53 - 2011-04-09 03:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-21 00:51 - 2017-01-21 00:51 - 05911327 _____ C:\Users\Bruno Jean\Downloads\Windows6.1-KB2670838-x86.msu
2017-01-21 00:46 - 2017-01-21 00:46 - 00603348 _____ C:\Users\Bruno Jean\Downloads\Windows8.1-KB2999226-x86.msu
2017-01-21 00:24 - 2017-01-21 00:24 - 01034556 _____ C:\Users\Bruno Jean\Downloads\Windows6.1-KB2999226-x64.msu
2017-01-21 00:19 - 2017-01-21 00:19 - 00003222 _____ C:\Windows\System32\Tasks\{88724F56-1E24-41AA-AF1A-B3925D2B91D7}
2017-01-21 00:09 - 2017-01-21 00:09 - 00000000 ____D C:\Users\Bruno Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-01-21 00:08 - 2017-01-21 00:09 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-01-20 19:39 - 2017-01-20 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless
2017-01-20 19:38 - 2017-01-20 19:38 - 00000000 ____D C:\Windows\system32\RaLanguages
2017-01-20 19:38 - 2017-01-20 19:38 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\Ralink Driver
2017-01-20 19:38 - 2017-01-20 19:38 - 00000000 ____D C:\ProgramData\Ralink Driver
2017-01-20 19:38 - 2017-01-20 19:38 - 00000000 ____D C:\Program Files (x86)\Ralink
2017-01-20 19:38 - 2011-05-04 13:57 - 02403392 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2017-01-20 19:38 - 2011-05-04 13:56 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\SysWOW64\RaCertMgr.dll
2017-01-20 19:38 - 2011-05-04 13:55 - 01121856 _____ (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAIHV.dll
2017-01-20 19:38 - 2011-05-04 13:55 - 01121856 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2017-01-20 19:38 - 2011-04-28 14:20 - 01617472 _____ (Ralink Technology Corp.) C:\Windows\system32\Drivers\netr28ux.sys
2017-01-20 19:38 - 2011-04-28 14:17 - 00327008 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2017-01-20 19:38 - 2011-04-28 14:17 - 00014119 _____ C:\Windows\SysWOW64\RaCoInst.dat
2017-01-20 19:38 - 2011-04-28 14:17 - 00014119 _____ C:\Windows\system32\RaCoInst.dat
2017-01-20 19:38 - 2010-07-01 17:45 - 00128864 _____ (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAEXTUI.dll
2017-01-20 19:38 - 2010-07-01 17:45 - 00128864 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2017-01-20 19:38 - 2010-06-29 10:35 - 00792416 _____ C:\Windows\SysWOW64\DiagFunc.dll
2017-01-20 19:38 - 2010-06-29 10:35 - 00792416 _____ C:\Windows\system32\DiagFunc.dll
2017-01-20 19:38 - 2010-01-27 12:47 - 00000451 _____ C:\Windows\system32\DiagFunc.ini
2017-01-20 19:38 - 2010-01-27 11:54 - 00000451 _____ C:\Windows\SysWOW64\DiagFunc.ini
2017-01-15 10:27 - 2013-06-09 16:56 - 04063744 _____ C:\Users\Bruno Jean\Desktop\wr741ndv4_br_3_16_6_up_boot(130603).bin
2017-01-11 18:18 - 2017-01-21 01:32 - 00000000 ____D C:\Users\Bruno Jean\AppData\LocalLow\uTorrent
2017-01-08 14:04 - 2017-01-08 14:04 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\Baidu
2017-01-08 14:04 - 2017-01-08 14:04 - 00000000 ____D C:\Users\Public\Documents\Baidu
2017-01-08 14:04 - 2017-01-08 14:04 - 00000000 ____D C:\ProgramData\Baidu
2017-01-08 14:02 - 2017-01-08 14:02 - 00001198 _____ C:\Users\Bruno Jean\Desktop\Format Factory.lnk
2017-01-08 14:02 - 2017-01-08 14:02 - 00000000 ____D C:\Users\Bruno Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2017-01-08 14:02 - 2017-01-08 14:02 - 00000000 ____D C:\Program Files (x86)\FreeTime
2017-01-07 15:21 - 2017-01-07 15:21 - 07733304 _____ C:\Users\Bruno Jean\Downloads\Globalsat_GS111_V4.04_29112016.bin
2017-01-07 15:09 - 2017-01-07 15:10 - 07733304 _____ C:\Users\Bruno Jean\Desktop\rom.bin
2017-01-03 10:48 - 2017-01-03 10:48 - 00000000 _____ C:\Users\Bruno Jean\Desktop\Novo Documento de Texto (2).txt
2016-12-29 10:57 - 2016-12-29 10:57 - 00000000 _____ C:\Users\Bruno Jean\Desktop\Novo Documento de Texto.txt
2016-12-29 02:01 - 2016-12-29 02:01 - 00031443 _____ C:\Users\Bruno Jean\Downloads\12143081_704969066306356_3555732915843710510_n.jpg
2016-12-28 17:48 - 2016-12-28 17:48 - 01048576 ___SH C:\Users\Bruno Jean\NTUSER.DAT{8c8fbf90-ccb0-11e6-a6b4-0cd292935229}.TxR.2.regtrans-ms
2016-12-28 17:48 - 2016-12-28 17:48 - 01048576 ___SH C:\Users\Bruno Jean\NTUSER.DAT{8c8fbf90-ccb0-11e6-a6b4-0cd292935229}.TxR.1.regtrans-ms
2016-12-28 17:48 - 2016-12-28 17:48 - 01048576 ___SH C:\Users\Bruno Jean\NTUSER.DAT{8c8fbf90-ccb0-11e6-a6b4-0cd292935229}.TxR.0.regtrans-ms
2016-12-28 17:48 - 2016-12-28 17:48 - 00065536 ___SH C:\Users\Bruno Jean\NTUSER.DAT{8c8fbf90-ccb0-11e6-a6b4-0cd292935229}.TxR.blf
2016-12-28 14:56 - 2016-12-24 09:16 - 00802358 ____N C:\Users\Bruno Jean\Desktop\PHOTO_20161224_091658.jpg
2016-12-28 11:58 - 2017-01-02 00:52 - 00000000 ____D C:\Users\Bruno Jean\Desktop\forrÃ³
2016-12-28 01:49 - 2016-12-28 01:49 - 00524288 ___SH C:\Users\Bruno Jean\NTUSER.DAT{8c8fbf91-ccb0-11e6-a6b4-0cd292935229}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 01:49 - 2016-12-28 01:49 - 00524288 ___SH C:\Users\Bruno Jean\NTUSER.DAT{8c8fbf91-ccb0-11e6-a6b4-0cd292935229}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 01:49 - 2016-12-28 01:49 - 00065536 ___SH C:\Users\Bruno Jean\NTUSER.DAT{8c8fbf91-ccb0-11e6-a6b4-0cd292935229}.TM.blf
2016-12-27 19:58 - 2017-01-21 15:18 - 00000000 ____D C:\Users\Bruno Jean\Downloads\Programs

==================== Um MÃªs Modificados arquivos e pastas ========

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2017-01-21 15:18 - 2016-07-02 12:50 - 00000000 ____D C:\Users\Bruno Jean\AppData\Roaming\uTorrent
2017-01-21 14:58 - 2016-12-17 22:17 - 00000000 ____D C:\Users\Bruno Jean\Downloads\Video
2017-01-21 14:27 - 2009-07-14 02:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-21 14:27 - 2009-07-14 02:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-21 12:18 - 2016-07-02 17:09 - 00000000 ____D C:\Users\Bruno Jean\Downloads\Compressed
2017-01-21 12:08 - 2009-07-29 14:08 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2017-01-21 12:08 - 2009-07-29 14:08 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2017-01-21 12:08 - 2009-07-14 03:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 12:08 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2017-01-21 01:32 - 2016-07-02 14:45 - 00000000 ___SD C:\Users\Bruno Jean\AppData\LocalLow\Temp
2017-01-21 01:31 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-21 01:24 - 2016-07-02 17:09 - 00000000 ____D C:\Users\Bruno Jean\AppData\Roaming\DMCache
2017-01-21 00:16 - 2016-06-29 10:16 - 00000000 ____D C:\Users\Todos os UsuÃ¡rios\Package Cache
2017-01-21 00:16 - 2016-06-29 10:16 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-20 20:37 - 2016-06-28 16:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 19:38 - 2016-06-29 10:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-14 19:26 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-12 23:03 - 2016-06-28 16:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-03 11:36 - 2016-08-28 12:02 - 00000000 ____D C:\Users\Bruno Jean\AppData\Roaming\PhotoScape
2016-12-31 00:32 - 2016-09-07 23:38 - 00000000 ____D C:\Users\Bruno Jean\Downloads\Music
2016-12-28 23:33 - 2016-08-14 21:46 - 00030515 ___SH C:\Users\Bruno Jean\Downloads\Folder.jpg
2016-12-28 23:33 - 2016-08-14 21:46 - 00008496 ___SH C:\Users\Bruno Jean\Downloads\AlbumArtSmall.jpg
2016-12-28 19:21 - 2016-09-09 18:03 - 00000000 ____D C:\Users\Bruno Jean\AppData\Roaming\Audacity
2016-12-28 17:48 - 2016-06-28 15:07 - 00262144 ___SH C:\Users\Bruno Jean\ntuser.dat.LOG2
2016-12-28 17:48 - 2016-06-28 15:07 - 00000000 ____D C:\Users\Bruno Jean

==================== Arquivos na raiz de alguns diretÃ³rios =======

2016-09-17 00:19 - 2016-09-17 00:19 - 0154283 ____H () C:\Users\Bruno Jean\AppData\Roaming\Bruno Jean-wchelper.dll
2016-07-05 16:32 - 2016-07-05 16:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Arquivos para serem movidos ou deletados:
====================
C:\Users\Bruno Jean\AppData\Local\Temp\Rar$EXa0.253\App\DLLSuite.exe


Alguns arquivos em TEMP:
====================
C:\Users\Bruno Jean\AppData\Local\Temp\ICReinstall_Baixaki_photoscape.exe
C:\Users\Bruno Jean\AppData\Local\Temp\temp~.DLL
C:\Users\Bruno Jean\AppData\Local\Temp\temp~.EXE


==================== Bamital & volsnap ======================

(NÃ£o hÃ¡ correÃ§Ã£o automÃ¡tica para arquivos que nÃ£o passaram na verificaÃ§Ã£o.)

C:\Windows\system32\winlogon.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\explorer.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\services.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\User32.dll
[2009-07-13 21:38] - [2016-06-29 09:22] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2009-07-13 21:24] - [2016-06-29 09:22] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo Ã© assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo Ã© assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo Ã© assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo Ã© assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo Ã© assinado digitalmente

LastRegBack: 2017-01-13 01:11

==================== Fim de FRST.txt ============================