ZA-Scan V1.0.0.5 Updated 30-09-2015 Tool run by Sergio on 22/11/2017 at 15:17:34.77. Microsoft Windows 10 Enterprise 10.0.15063 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Sergio\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe C:\Users\Sergio\AppData\Roaming\JivoSite Inc\JivoSite\JivoSite.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe C:\WINDOWS\Window.exe C:\Users\Sergio\AppData\Roaming\JivoSite Inc\JivoSite\JivoSite.exe C:\Users\Sergio\AppData\Roaming\JivoSite Inc\JivoSite\JivoSite.exe C:\Users\Sergio\AppData\Roaming\JivoSite Inc\JivoSite\JivoSite.exe C:\Users\Sergio\AppData\Roaming\JivoSite Inc\JivoSite\JivoSite.exe C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe C:\Users\Sergio\Desktop\ZA-Scan.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\Sergio\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [ClickToRunSvc] - Serviço Clique para Executar do Microsoft Office - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe R2 - [IMFservice] - IMF Service - c:\program files (x86)\iobit\iobit malware fighter\imfsrv.exe R2 - [IObitUnSvr] - IObit Uninstaller Service - c:\program files (x86)\iobit\iobit uninstaller\iuservice.exe R2 - [MSMQ] - Enfileiramento de Mensagens - c:\windows\system32\mqsvc.exe R2 - [PSI_SVC_2_x64] - Corel License Validation Service V2 x64, Powered by arvato - c:\program files\common files\protexis\license service\psiservice_2.exe R2 - [SecurityHealthService] - Serviço da Central de Segurança do Windows Defender - c:\windows\system32\securityhealthservice.exe R2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [0039511509741014mcinstcleanup] - McAfee Application Installer Cleanup (0039511509741014) - c:\users\sergio\appdata\local\temp\0039511509741014mcinst.exe [x] S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [KMS-R@1n] - KMS-R@1n - c:\windows\kms-r@1n.exe S2 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [Sense] - Serviço Proteção Avançada contra Ameaças do Windows Defender - c:\program files\windows defender advanced threat protection\mssense.exe S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender Antivirus - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Serviço Windows Defender Antivirus - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S4 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S4 - [fmLdSYk] - fmLdSYk - c:\programdata\fhrtqvk\fmldsyk.exe S4 - [iFunSoftUpdaterSvc] - iFunSoft Updater - c:\program files (x86)\ifunsoft\ifunsoft updater\ifunsoftupdater.exe S4 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe S4 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe S4 - [Service KMSELDI] - Service KMSELDI - c:\program files\kmspico\service_kms.exe S4 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S4 - [SwitchBoard] - SwitchBoard - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe S4 - [UevAgentService] - Serviço de User Experience Virtualization - c:\windows\system32\agentservice.exe S4 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys R0 - [Disk] - Driver de disco - C:\WINDOWS\system32\Drivers\Disk.sys R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys R0 - [iorate] - Driver do Filtro de Taxa de E/S de Disco - C:\WINDOWS\system32\Drivers\iorate.sys R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys R0 - [partmgr] - Driver de partição - C:\WINDOWS\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys R0 - [SmartDefragDriver] - SmartDefragDriver - C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys R0 - [storahci] - Driver AHCI SATA Padrão da Microsoft - C:\WINDOWS\system32\Drivers\storahci.sys R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volume Shadow Copy driver - C:\WINDOWS\system32\Drivers\volsnap.sys R0 - [volume] - Driver do volume - C:\WINDOWS\system32\Drivers\volume.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3180140889-1241889259-889651704-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Sergio\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe" "Advanced SystemCare 10"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "WinThrusterReminder"="C:\Program Files (x86)\WinThruster\WinThruster.exe -rem" "WinSweep"="C:\Program Files (x86)\WinSweeper\WinSweeper.exe" [HKEY_USERS\S-1-5-21-3180140889-1241889259-889651704-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #1"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-experimental-canvas-features --enable-fast-unload --disable-quic --num-raster-threads=4 --touch-events=enabled --flag-switches-end --restore-last-session -- https://get3.adobe.com/br/flashplayer/update/ppapi" "FlashPlayerUpdate"="C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe -update pepperplugin" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart" "HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" "CommonToolkitTray_Solvusoft"="C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\Sergio\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe" "Advanced SystemCare 10"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto" "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "WinThrusterReminder"="C:\Program Files (x86)\WinThruster\WinThruster.exe -rem" "WinSweep"="C:\Program Files (x86)\WinSweeper\WinSweeper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #1"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-experimental-canvas-features --enable-fast-unload --disable-quic --num-raster-threads=4 --touch-events=enabled --flag-switches-end --restore-last-session -- https://get3.adobe.com/br/flashplayer/update/ppapi" "FlashPlayerUpdate"="C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe -update pepperplugin" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "SecurityHealth"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AML Registry Cleaner] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AML Registry Cleaner" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\AML Products\\Registry Cleaner\\regclean.exe /min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ApplePhotoStreams" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APSDaemon" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Diebold - Warsaw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Diebold - Warsaw" "hkey"="HKLM" "command"="C:\\Program Files\\Diebold\\Warsaw\\core.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIMBaixando a sua atualiza‡Æo...1425077801437] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DIMBaixando a sua atualiza‡Æo...1425077801437" "hkey"="HKCU" "command"="\"C:\\Program Files\\Corel\\CorelDRAW Graphics Suite X7\\Draw\\DIM.EXE\" \"c:\\programdata\\corel\\downloads\\540229932_410003\\1425077801437\\dim_params.xml\" -Launch=3 -uibase=\"c:\\users\\sergio\\appdata\\roaming\\corel\\messages\\540229932_410003\\br\\messagecache2\\workflow\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="GoogleDriveSync" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iCloudServices" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSC" "hkey"="HKLM" "command"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QuickTime Task" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wininit] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Wininit" "hkey"="HKLM" "command"="C:\\Users\\Sergio\\AppData\\Roaming\\flex\\cliente.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Sergio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] "path"="C:\\Users\\Sergio\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk" "backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\Users\\Sergio\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup" "item"="Dropbox" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\c2cautoupdatesvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\c2cpnrsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\fmLdSYk] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\fydujusu] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iFunSoftUpdaterSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IMFservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IObitUnSvr] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSI_SVC_2_x64] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RtkAudioService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Service KMSELDI] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SwitchBoard] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrueKey] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrueKeyScheduler] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TrueKeyServiceHelper] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UNS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WeatherLiteService] ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Uninstaller_SkipUac_Sergio.job --a-------- C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [15/09/2017 14:34] C:\WINDOWS\tasks\WinThruster64-Sergio-Notification.job --a-------- C:\Program Files\Solvusoft\WinThruster\Sync.exe [09/11/2017 00:35] C:\WINDOWS\tasks\WinThruster64-Sergio-Startup.job --a-------- C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe [09/11/2017 00:35] C:\WINDOWS\tasks\WinThruster_DEFAULT.job --a-------- C:\Program Files (x86)\WinThruster\WinThruster.exe [25/11/2015 13:01] C:\WINDOWS\tasks\WinThruster_UPDATES.job --a-------- C:\Program Files (x86)\WinThruster\WinThruster.exe [25/11/2015 13:01] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\AdobeAAMUpdater-1.0-Sergio-PC-Sergio" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\WINDOWS\SysNative\tasks\ASC10_PerformanceMonitor" [C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe] "C:\WINDOWS\SysNative\tasks\ASC10_SkipUac_Sergio" ["C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /SkipUac] "C:\WINDOWS\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\Driver Booster SkipUAC (Sergio)" [C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3180140889-1241889259-889651704-1000Core" [C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3180140889-1241889259-889651704-1000UA" [C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\IObitSelfCheckTask" [C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-3180140889-1241889259-889651704-1000" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\SmartDefrag_AutoAnalyze" [C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe] "C:\WINDOWS\SysNative\tasks\SmartDefrag_Startup" [C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe] "C:\WINDOWS\SysNative\tasks\SmartDefrag_Update" [C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe] "C:\WINDOWS\SysNative\tasks\Uninstaller_SkipUac_Sergio" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{3FAEBDB4-CC9A-434F-B00B-58A40179D9AF}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\WinThruster64-Sergio-Notification" [C:\Program Files\Solvusoft\WinThruster\Sync.exe] "C:\WINDOWS\SysNative\tasks\WinThruster64-Sergio-Startup" [C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe] "C:\WINDOWS\SysNative\tasks\WinThruster_DEFAULT" [C:\Program Files (x86)\WinThruster\WinThruster.exe] "C:\WINDOWS\SysNative\tasks\WinThruster_UPDATES" [C:\Program Files (x86)\WinThruster\WinThruster.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\R@1n-KMS\Office16ProPlus" [wmic] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\98a9aibc.default-1456802926494 user_pref("browser.startup.homepage", "https://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_10¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzztB0FtByEtA0EtC0C0BtN0D0Tzu0StCyDtAtDtN1L2XzutAtFtCyBtFtCyEtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEyC0E0FtAyCtCtGtA0Dzz0FtGyEzz0E0DtGtC0Czz0DtGtAtC0C0EyD0E0EyEyBtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDyD0DyCzzyDtCtGtA0EtA0DtGyEzyzytBtGzztAzy0AtGtC0E0CzyyB0CtCyB0D0ByDtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByEtA%26cr%3D2040804310%26a%3Djmb_dnldastr_16_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise"); user_pref("browser.newtab.url", "about:newtab"); user_pref("browser.search.defaultenginename", "Search Provided by Yahoo"); user_pref("browser.search.selectedEngine", "Search Provided by Yahoo"); ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\o6evbqd9.default user_pref("browser.startup.homepage", "https://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_10¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzztB0FtByEtA0EtC0C0BtN0D0Tzu0StCyDtAtDtN1L2XzutAtFtCyBtFtCyEtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEyC0E0FtAyCtCtGtA0Dzz0FtGyEzz0E0DtGtC0Czz0DtGtAtC0C0EyD0E0EyEyBtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDyD0DyCzzyDtCtGtA0EtA0DtGyEzyzytBtGzztAzy0AtGtC0E0CzyyB0CtCyB0D0ByDtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByEtA%26cr%3D2040804310%26a%3Djmb_dnldastr_16_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise"); user_pref("browser.newtab.url", "about:newtab"); user_pref("browser.search.defaultenginename", "Search Provided by Yahoo"); user_pref("browser.search.selectedEngine", "Search Provided by Yahoo"); ==== Firefox Extensions Registry ====================== [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "fdm_ffext@freedownloadmanager.org"="C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13" [03/10/2016 14:39] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\98a9aibc.default-1456802926494 - Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF - IObit Surfing Protection amp; Ads Removal - %ProfilePath%\extensions\ascsurfingprotectionnew@iobit.com.xpi ProfilePath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\o6evbqd9.default - IObit Surfing Protection amp; Ads Removal - %ProfilePath%\extensions\ascsurfingprotectionnew@iobit.com.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Sergio\AppData\Roaming\Mozilla\Firefox\Profiles\98a9aibc.default-1456802926494 F6419D3B99616C80C947B9D7B427348B - C:\Users\Sergio\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas B8CFF778A75C685AAC275BFC00BB8FD8 - C:\Users\Sergio\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome Found Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome SxS Found Fake profile C:\Users\Administrador\AppData\Local\Comodo\Dragon Found Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome Found Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome SxS Found Fake profile C:\Users\Convidado\AppData\Local\Comodo\Dragon Found Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome Found Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS Found Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon Found Fake profile C:\Users\Sergio\AppData\Local\Google\Chrome SxS Found Fake profile C:\Users\Sergio\AppData\Local\Comodo\Dragon Found ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ahmpjcflkgiildlgicmcieglgoilbfdp - No path found[] bahkljhhdeciiaodlkppoonappfnheoi - No path found[] efaidnbmnnnibpcajpcglclefindmkaj - No path found[] pilplloabdedfmialnfchjomjmpjcoej - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions apdfllckaahabafndbhieahigkjlhalf - C:\Users\Sergio\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx[19/02/2014 14:08] bahkljhhdeciiaodlkppoonappfnheoi - No path found[] nahhmpbckpgdidfnmfkfgiflpjijilce - No path found[] pilplloabdedfmialnfchjomjmpjcoej - No path found[] Slides - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Free Download Manager Chrome extension - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp Docs - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Web PKI - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcngeagmmhegagicpcmpinaoklddcgon Adobe Acrobat - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj Sheets - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Tag Assistant - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk Search Manager - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce Chrome Web Store Payments - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Google Slides - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Drive App Launcher - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Google Wallet - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sergio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Drive - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Calendar - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn Create your own QR Codes This App generates QR Codes from free text URLs phone numbers SMS messages or contacts vcard. - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gcmhlmapohffdglflokbgknlknnmogbb GBBD Banco Santander (Brasil) S.A. - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf Tag Assistant - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk Cheapstamatic - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lamcdjgcnmmghjceofmdaghmgoehlkbn Google Wallet - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Google Drive - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Calendar - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn Create your own QR Codes This App generates QR Codes from free text URLs phone numbers SMS messages or contacts vcard. - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gcmhlmapohffdglflokbgknlknnmogbb GBBD Banco Santander (Brasil) S.A. - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf GBBD Banco do Brasil - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll GBBD Guardião - Itaú 30 horas - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\kgmpojlddncminmkddkpoegdjhojjipg Chrome Hotword Shared Module - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lccekmodgklaepjeofjdjpbminllajkg GBBD Banco do Brasil - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp Chrome Web Store Payments - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Sergio\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Free Download Manager Chrome extension - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp Google Drive - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Cast - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\boadgeojelhgndaghljhdicfkmllpafd Google Search - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Who Deleted Me - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll Google Calendar - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn Video Downloader professional - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\elicpjhcidhpjomhibiffojpinpmmpil Create your own QR Codes This App generates QR Codes from free text URLs phone numbers SMS messages or contacts vcard. - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gcmhlmapohffdglflokbgknlknnmogbb Chrome Web Store Payments - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Simet - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nnokjffnngdgfplfmimjioknefmkjfgc Gmail - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Sergio\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Startpages ====================== C:\Users\Sergio\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences "homepage": "http://www.google.com/", ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://e-com.club/admin/aplicativos" "Search Page"="http://www.google.com" "Default_Search_URL"="http://www.google.com/ie" "Default_Page_URL"="http://www.google.com" "Search Bar"="http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_33¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzztB0FtByEtA0EtC0C0BtN0D0Tzu0StBtDyDtBtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StC0FyD0CyEzz0AtAtGyDtDtD0AtGyDyE0E0FtGyB0FtD0EtG0B0EtByByE0Azy0Azyzz0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDyD0DyCzzyDtCtGtA0EtA0DtGyEzyzytBtGzztAzy0AtGtC0E0CzyyB0CtCyB0D0ByDtC2QtN0A0LzutB%26cr%3D2130833772%26a%3Dwncy_iobitfs_17_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_33¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzztB0FtByEtA0EtC0C0BtN0D0Tzu0StBtDyDtBtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StC0FyD0CyEzz0AtAtGyDtDtD0AtGyDyE0E0FtGyB0FtD0EtG0B0EtByByE0Azy0Azyzz0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDyD0DyCzzyDtCtGtA0EtA0DtGyEzyzytBtGzztAzy0AtGtC0E0CzyyB0CtCyB0D0ByDtC2QtN0A0LzutB%26cr%3D2130833772%26a%3Dwncy_iobitfs_17_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Search Provided by Yahoo Url="https://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzztB0FtByEtA0EtC0C0BtN0D0Tzu0StCyDtAtDtN1L2XzutAtFtCyBtFtCyEtFtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEyC0E0FtAyCtCtGtA0Dzz0FtGyEzz0E0DtGtC0Czz0DtGtAtC0C0EyD0E0EyEyBtAtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDyD0DyCzzyDtCtGtA0EtA0DtGyEzyzytBtGzztAzy0AtGtC0E0CzyyB0CtCyB0D0ByDtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByEtA%26cr%3D2040804310%26a%3Djmb_dnldastr_16_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}" {2211d4a5-48d0-47f5-a7cd-81e861470f7f} Gooefo Url="http://www.google.com/search?q={searc}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Yahoo! Powered Url="https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_17_33¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBzztB0FtByEtA0EtC0C0BtN0D0Tzu0StBtDyDtBtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StC0FyD0CyEzz0AtAtGyDtDtD0AtGyDyE0E0FtGyB0FtD0EtG0B0EtByByE0Azy0Azyzz0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztDyD0DyCzzyDtCtGtA0EtA0DtGyEzyzytBtGzztAzy0AtGtC0E0CzyyB0CtCyB0D0ByDtC2QtN0A0LzutB%26cr%3D2130833772%26a%3Dwncy_iobitfs_17_33%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}" {73cd434e-8e1e-46b6-bb8d-7dd935140717} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {CD5DDC47-3BD1-4573-91A2-0C9190236E43} Yahoo Search Url="https://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle" ==== HijackThis Entries ====================== R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8082 F2 - REG:system.ini: UserInit= O1 - Hosts: ::1 localhost O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll O2 - BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{b0c5bbf8-f231-4a5e-a577-c4f767238229}: NameServer = 198.153.192.1,198.153.194.1 ==== EOF on 22/11/2017 at 15:31:17.23 ======================