
ZA-Scan V1.0.0.5 Updated 19-September-2016
Tool run by Keliene on 11/12/2016 at  2:33:02,36.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Keliene\Desktop\ZA-Scan.exe [Z-Analyse Scan]

==== Hosts Hijacker detected ======================

C:\Windows\sysnative\abis\cuuf\fah.dat

==== File Information Results ======================


--- C:\windows\SysNative\dnsapi.dll ---
Company: Microsoft Corporation
File Description: DLL da API de cliente DNS
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Sistema Operacional Microsoft® Windows®
Copyright: © Microsoft Corporation. Todos os direitos reservados.
Original Filename: dnsapi
File type: ----a-w-
File size: 357888
Created time: 2013-09-02 18:50:15
Modified time: 2011-03-03 06:24:15
MD5: 492D07D79E7024CA310867B526D9636D
SHA1: 9C816377412CCCFCE3BC66C2CC36CF2406B7E19C


--- C:\Windows\syswow64\dnsapi.dll ---
Company: Microsoft Corporation
File Description: DLL da API de cliente DNS
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Sistema Operacional Microsoft® Windows®
Copyright: © Microsoft Corporation. Todos os direitos reservados.
Original Filename: dnsapi
File type: ----a-w-
File size: 270336
Created time: 2013-09-02 18:50:15
Modified time: 2011-03-03 05:38:01
MD5: B40420876B9288E0A1C8CCA8A84E5DC9
SHA1: F83F02AF049859B8ADDDDEA24614E74B92F9E67D


==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Users\Keliene\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
D:\Razer Cortex\RzKLService.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Users\Keliene\AppData\Roaming\UPUpdata\cleaner.exe
C:\Users\Keliene\Desktop\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\amuleC1\ed2k.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Keliene\AppData\Local\Temp\ZAScan.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [CSCrySec] - InfoWatch Encrypt Sector Library driver - C:\Windows\system32\Drivers\CSCrySec.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hpdskflt] - HP Filter - C:\Windows\system32\Drivers\hpdskflt.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys
R0 - [iusb3hcs] - Driver de comutaÃ§Ã£o do controlador host Intel(R) USB 3.0 - C:\Windows\system32\Drivers\iusb3hcs.sys
R0 - [kl1] - kl1 - C:\Windows\system32\Drivers\kl1.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de PartiÃ§Ãµes - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [RapportHades64] - RapportHades64 - C:\Windows\system32\Drivers\RapportHades64.sys
R0 - [RapportKE64] - RapportKE64 - C:\Windows\system32\Drivers\RapportKE64.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Driver de Filtro de AceleraÃ§Ã£o do Barramento da MÃ¡quina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume DinÃ¢mico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - ServiÃ§o de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
S0 - [gbpddreg] - Gbpddreg svc - C:\Windows\system32\Drivers\gbpddreg.sys [x]
S0 - [GbpKm] - Gbp KernelMode - C:\Windows\system32\Drivers\GbpKm.sys [x]

==== Files Found C:\Windows\*dnsapi.dll* ======================

2010-11-21 03:24:15	357888	----a-w-	A52B6CC24063CC83C78C0E6F24DEEC01	C:\Windows\winsxs\AMCF33~1.175\dnsapi.dll	---	C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
2010-11-21 03:24:26	270336	----a-w-	59DF156711A76BCB993253EC6C9BBF41	C:\Windows\winsxs\WOE69B~1.175\dnsapi.dll	---	C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnsapi.dll
2011-01-27 23:28:33	15872	----a-w-	EB3E425417C7A1D8F7149A17167A4276	C:\Windows\System32\pt-BR\dnsapi.dll.mui	---	C:\Windows\System32\pt-BR\dnsapi.dll.mui
2011-01-27 23:28:33	15872	----a-w-	EB3E425417C7A1D8F7149A17167A4276	C:\Windows\winsxs\AM2F5C~1.163\DNSAPI~1.MUI	---	C:\Windows\winsxs\amd64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1a8f95f565492470\dnsapi.dll.mui
2011-01-27 23:28:37	15872	----a-w-	05F4432354784267EDF65746B9420B3D	C:\Windows\SysWOW64\pt-BR\dnsapi.dll.mui	---	C:\Windows\SysWOW64\pt-BR\dnsapi.dll.mui
2011-01-27 23:28:37	15872	----a-w-	05F4432354784267EDF65746B9420B3D	C:\Windows\winsxs\WO2B8D~1.163\DNSAPI~1.MUI	---	C:\Windows\winsxs\wow64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_24e4404799a9e66b\dnsapi.dll.mui
2011-01-27 23:29:18	15872	----a-w-	EB3E425417C7A1D8F7149A17167A4276	C:\Windows\winsxs\Backup\AM345E~1.MUI	---	C:\Windows\winsxs\Backup\amd64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_1a8f95f565492470_dnsapi.dll.mui_97465f8a
2011-01-27 23:29:19	15872	----a-w-	05F4432354784267EDF65746B9420B3D	C:\Windows\winsxs\Backup\WOA417~1.MUI	---	C:\Windows\winsxs\Backup\wow64_microsoft-windows-dns-client.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_24e4404799a9e66b_dnsapi.dll.mui_97465f8a
2011-03-03 05:12:25	270336	----a-w-	1F79F611109C2B97260B68FD6B4FC7DD	C:\Windows\winsxs\WOW64_~3.216\dnsapi.dll	---	C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll
2011-03-03 05:38:01	270336	----a-w-	B40420876B9288E0A1C8CCA8A84E5DC9	C:\Windows\SysWOW64\dnsapi.dll	---	C:\Windows\SysWOW64\dnsapi.dll
2011-03-03 05:38:01	270336	----a-w-	B40420876B9288E0A1C8CCA8A84E5DC9	C:\Windows\winsxs\WOC8D6~1.175\dnsapi.dll	---	C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnsapi.dll
2011-03-03 06:12:54	357888	----a-w-	DCC0888655823103F19EF8FFD330080D	C:\Windows\winsxs\AME967~1.216\dnsapi.dll	---	C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsapi.dll
2011-03-03 06:24:15	357888	----a-w-	492D07D79E7024CA310867B526D9636D	C:\Windows\System32\dnsapi.dll	---	C:\Windows\System32\dnsapi.dll
2011-03-03 06:24:15	357888	----a-w-	492D07D79E7024CA310867B526D9636D	C:\Windows\winsxs\AM59C1~1.175\dnsapi.dll	---	C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsapi.dll
2013-09-03 22:07:47	357888	----a-w-	492D07D79E7024CA310867B526D9636D	C:\Windows\winsxs\Backup\AMD19B~1.DLL	---	C:\Windows\winsxs\Backup\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6_dnsapi.dll_c81f5791
2013-09-03 22:07:48	270336	----a-w-	B40420876B9288E0A1C8CCA8A84E5DC9	C:\Windows\winsxs\Backup\WO65AD~1.DLL	---	C:\Windows\winsxs\Backup\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1_dnsapi.dll_c81f5791

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"script_fcbd"="D:\Far Cry 3 Blood Dragon\fcbd.bat"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-216053568-2158724592-1545597568-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"EADM"="D:\Origin\Origin.exe -AutoStart"
"gflauncher"="D:\Warface\GFACE Launcher\live\gflauncher.exe --autostart"
"Steam"="D:\Steam\steam.exe -silent"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"script_fcbd"="D:\Far Cry 3 Blood Dragon\fcbd.bat"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"RazerCortex"="D:\Razer Cortex\CortexLauncher.exe -autorun"
"cleaner"="C:\Users\Keliene\AppData\Roaming\UPUpdata\cleaner.exe"
"DLLSuite2016"="D:\DLL Suite\DLLSuite.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"EADM"="D:\Origin\Origin.exe -AutoStart"
"gflauncher"="D:\Warface\GFACE Launcher\live\gflauncher.exe --autostart"
"Steam"="D:\Steam\steam.exe -silent"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe"
"PTC PtcPlayer"="C:\Program Files\PTC\PTC Jukebox Player\PtcPlayer.exe -ProviderTag=95cb234f-3f59-4908-bc9c-4c4c21d8f9ec /NoSplashScreen /CheckAutoStart"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RapportMgmtService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Razer Game Scanner Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RegSrvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RzKLService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SolidWorks Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\StreamingCore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SystemUsageReportSvc_WILLAMETTE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrueKey]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrueKeyScheduler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrueKeyServiceHelper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\USER_ESRV_SVC_WILLAMETTE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\valWBFPolicyService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkAcSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\zdengine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ZeroConfigService]


==== Startup Folders ======================

2016-08-07 02:35:24	984	----a-w-	C:\Users\Keliene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
2014-09-24 19:58:20	836	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2016-11-19 21:53:13	295	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\fcbd.bat

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 00:36]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 00:36]
C:\Windows\tasks\ToolsUpdatePlatform_ScheduledTask.job --a------ C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe []
C:\Windows\tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job --a------ C:\Program Files (x86)\WeatherTool\1.2.2.10256\InstallHelper.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\ChelfNotify Task" ["C:\ProgramData\ChelfNotify\BrowserUpdate.exe"]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Keliene)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Iiynyl" ["C:\Program Files\shopperz270820151656\Mioen.bat"]
"C:\Windows\SysNative\tasks\Noalurefre" ["C:\ProgramData\Noalurefre\1.0.5.1\nredsaae.exe"]
"C:\Windows\SysNative\tasks\Red Giant Link" ["C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe"]
"C:\Windows\SysNative\tasks\updengine" [C:\Program Files (x86)\OtherSearch\updengine.exe]
"C:\Windows\SysNative\tasks\USER_ESRV_SVC_WILLAMETTE" ["C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"]
"C:\Windows\SysNative\tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}" [C:\Program Files (x86)\WeatherTool\1.2.2.10256\InstallHelper.exe]
"C:\Windows\SysNative\tasks\{747B3387-55C0-40D8-92B9-7CFE4EE064E4}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\{76753D9E-8B59-43F8-B02A-6E52B48851D5}" [C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe]
"C:\Windows\SysNative\tasks\{7740CFCC-8BD8-44CD-8D7D-9D0447079A29}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\{7FFC5E19-2D0F-40FE-B02C-A714287D896D}" ["c:\program files (x86)\google\chrome\application\chrome.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"deskCutv2@gmail.com"="C:\Users\Keliene\AppData\Roaming\Mozilla\Firefox\Profiles\6ge8jo6j.default\extensions\deskCutv2@gmail.com" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Keliene\AppData\Roaming\Profiles\Qerhuse.default
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- MEGA - %ProfilePath%\extensions\firefox@mega.co.nz.xpi
- Bantuan SaveFrom.net - %ProfilePath%\extensions\helper-sig@savefrom.net.xpi
- YahooToolsProtected - %ProfilePath%\extensions\yahooprotected@gmail.com.xpi

ProfilePath: C:\Users\Keliene\AppData\Roaming\Mozilla\Firefox\Profiles\6ge8jo6j.default
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- MEGA - %ProfilePath%\extensions\firefox@mega.co.nz.xpi
- Bantuan SaveFrom.net - %ProfilePath%\extensions\helper-sig@savefrom.net.xpi
- YahooToolsProtected - %ProfilePath%\extensions\yahooprotected@gmail.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype extension for Firefox - %AppDir%\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Keliene\AppData\Roaming\Mozilla\Firefox\Profiles\6ge8jo6j.default
0015C790161C5698FDDC22613C19533B	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll -	Shockwave for Director / Shockwave for Director
7C67580DFE143EF19E7418B0F054B5F6	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll -	Shockwave Flash
3D0018BE7F81B476AF94819D8ED51E2E	- C:\Users\Keliene\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player
8A50F912AA307932D90E4225AF076FC1	- C:\Users\Keliene\AppData\Local\TNT2\2.0.0.1995\npTNT2.dll -	npAPI Plugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaboojhahjgdjeknnemneiajjhhddi - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaboojhahjgdjeknnemneiajjhhddi.crx[]
aaaaccjgkjbhfmpcfnbhihbaojflfaji - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaccjgkjbhfmpcfnbhihbaojflfaji.crx[]
bloohffpflacklbmnbocakipnknelpnf - No path found[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
lpoimibckejjdjcfbdnajaicnklhfplh - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh[]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]
pilplloabdedfmialnfchjomjmpjcoej - No path found[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]
Ž˜ - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Keliene\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[07/03/2015 00:02]
bbjllphbppobebmjpjcijfbakobcheof - No path found[]
fcfenmboojpjinhpgggodefccipikbpd - No path found[]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]
pilplloabdedfmialnfchjomjmpjcoej - No path found[]
Ž˜ - No path found[]

Google Slides - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Kaspersky URL Advisor - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Google Sheets - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Whitelisted domains - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
AirDroid - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd
Parental Control: Porn Blocker - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmillccnmojidmkhhjngjlalnbhpobcl
Channel Sub Box for YouTubeâ„¢ - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc
Kaspersky Protection - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Chrome Web Store Payments - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
Chrome Media Router - Keliene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Search Page"="http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}"
"Search Bar"="http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}"
"SearchAssistant"="http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyCyBtBtD0DtCtD0AtD0DtBtDtC0BtN0D0Tzu0StCyCtAtCtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCyBzy0E0FtA0A0AtGtC0Fzz0AtGyC0AyCyBtGyD0EyE0CtG0FyDzyzzyB0E0E0F0FtC0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0AyCyCzy0BtCtG0E0C0FtDtGyEtA0FyBtG0BzzyBtAtG0A0CzyyEyBzz0E0FtDtBtDyD2QtN0A0LzuyE%26cr%3D604628554%26a%3Dwncy_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_24&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyCyBtBtD0DtCtD0AtD0DtBtDtC0BtN0D0Tzu0StCyCtAtCtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCyBzy0E0FtA0A0AtGtC0Fzz0AtGyC0AyCyBtGyD0EyE0CtG0FyDzyzzyB0E0E0F0FtC0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0AyCyCzy0BtCtG0E0C0FtDtGyEtA0FyBtG0BzzyBtAtG0A0CzyyEyBzz0E0FtDtBtDyD2QtN0A0LzuyE%26cr%3D604628554%26a%3Dwncy_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{1C09FFBD-43FF-1DD3-9920-09DFEB2BC003}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyCyBtBtD0DtCtD0AtD0DtBtDtC0BtN0D0Tzu0StCyCtAtCtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCyBzy0E0FtA0A0AtGtC0Fzz0AtGyC0AyCyBtGyD0EyE0CtG0FyDzyzzyB0E0E0F0FtC0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0AyCyCzy0BtCtG0E0C0FtDtGyEtA0FyBtG0BzzyBtAtG0A0CzyyEyBzz0E0FtDtBtDyD2QtN0A0LzuyE%26cr%3D604628554%26a%3Dwncy_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
HKLM\SearchScopes\{54615574-533D-2411-04DC-4073DEF221A1} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{ielnksrch}"
HKLM\Wow6432Node\SearchScopes\ielnksrch - http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes\{1C09FFBD-43FF-1DD3-9920-09DFEB2BC003} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_24&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyCyBtBtD0DtCtD0AtD0DtBtDtC0BtN0D0Tzu0StCyCtAtCtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCyBzy0E0FtA0A0AtGtC0Fzz0AtGyC0AyCyBtGyD0EyE0CtG0FyDzyzzyB0E0E0F0FtC0F0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0AyCyCzy0BtCtG0E0C0FtDtGyEtA0FyBtG0BzzyBtAtG0A0CzyyEyBzz0E0FtDtBtDyD2QtN0A0LzuyE%26cr%3D604628554%26a%3Dwncy_ir_16_24%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
HKCU\SearchScopes "DefaultScope"="{1C09FFBD-43FF-1DD3-9920-09DFEB2BC003}"
HKCU\SearchScopes\{1C09FFBD-43FF-1DD3-9920-09DFEB2BC003} - http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
HKCU\SearchScopes\{54615574-533D-2411-04DC-4073DEF221A1} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{D3FC4A2A-91CF-4F76-A8B3-2396653E6BEB} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{ielnksrch} - http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47uv_UZghIZN_9Ju4IjCIgC1l2MGwtbSSelfFKMBfEJKA-yRgtVpyB4Jejdd6mHyW-KYKlh64kCXkbTOJXNYBMu7bXog-CYV7HoqHEqYcK10Ik9uYzReFsd-I4P-x1hxDHr8CABHRBG1h8ikclS&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://nonestops.org/wpad.dat?6b8560263a63cad7d1dcb3ac09d473b818681472
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\zdengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\zdengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\zdengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\zdengine.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\zdengine.dll

==== EOF on 11/12/2016 at  3:27:29,09 ======================