Ir ao conteúdo
  • Cadastre-se
Nilcéia Aparecida Cavalari

Pasta invisível "apppatch"

Recommended Posts

Há alguns dias, pude perceber que meu computador pegou vírus, ou algum malware, isso porque existe uma pasta invisível chamada de AppPatch; pude notá-la através de um executável que inicializa-se com meu computador, o log4net.dll. Cheguei a colocar para poder aparecer todos os aplicativos e pastas ocultas, mas nada adianta. Ele está no seguinte destino: C:\Users\...\AppData\Roaming\AppPatch, ressalvo que ela está invisível, ou seja, não dá para encontrá-la na pasta do Roaming e, quando você acessa a pasta AppPatch, aparece que ela está vazia, contudo, em uma verificação realizada por meu antivírus, consta que possui três arquivos nela (um eu sei que é .exe, e outro é .dll). Gostaria de pedir a ajuda de vocês, pois já estou ficando preocupada. Meu Windows é o 10.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, desculpa por não ter enviado anteriormente. Aí está!

 


ZA-Scan V1.0.0.5 Updated 19-September-2016
Tool run by Sergio on 28/10/2016 at 12:52:41,41.
Microsoft Windows 10 Pro 10.0.14393  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sergio\Downloads\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\WINDOWS\system32\lsass.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\Windows\system32\EscSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\ProgramData\yahoochrome\desktop25.exe
C:\Program Files\WeatherTool\2.0.1.11073\WeatherService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\WinLogon.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x86__kzf8qxf38zg5c\SkypeHost.exe
C:\Users\Sergio\Downloads\ZA-Scan.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\Sergio\AppData\Local\Temp\ZAScan.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
R2 - [AVP17.0.0] - Serviço do Kaspersky Anti-Virus 17.0.0 - c:\program files\kaspersky lab\kaspersky internet security 17.0.0\avp.exe
R2 - [EpsonCustomerResearchParticipation] - EpsonCustomerResearchParticipation - c:\program files\epson\epsoncustomerresearchparticipation\epcp.exe
R2 - [EpsonScanSvc] - Epson Scanner Service - c:\windows\system32\escsvc.exe
R2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files\google\update\googleupdate.exe
R2 - [MSMQ] - Enfileiramento de Mensagens - c:\windows\system32\mqsvc.exe
R2 - [SQLWriter] - SQL Server VSS Writer - c:\program files\microsoft sql server\90\shared\sqlwriter.exe
R2 - [TheDesktopWeatherService] - The Desktop Weather Service - c:\program files\weathertool\2.0.1.11073\weatherservice.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [yahoochrometechnology] - yahoochrome technology limit - c:\programdata\yahoochrome\desktop25.exe
S2 - [hshld] - Hotspot Shield Service - c:\program files\hotspot shield\bin\cmw_srv.exe
S2 - [iSafeService] - YAC Service - c:\program files\elex-tech\yac\isafesvc.exe
S2 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe
S2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe
S2 - [MSSQL$SQLEXPRESS] - SQL Server (SQLEXPRESS) - c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\sqlservr.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S2 - [TeamViewer] - TeamViewer 11 - c:\users\public\temp\teamviewer\teamviewer_service.exe
S2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S2 - [WsAppService] - Wondershare Application Framework Service - c:\program files\wondershare\waf\2.2.3.2\wsappservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [fussvc] - Windows App Certification Kit Fast User Switching Utility Service - c:\program files\windows kits\8.0\app certification kit\fussvc.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files\google\update\googleupdate.exe
S3 - [HssTrayService] - Hotspot Shield Tray Service - c:\program files\hotspot shield\bin\hsstrayservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [Sense] - Serviço Proteção Avançada contra Ameaças do Windows Defender - c:\program files\windows defender advanced threat protection\mssense.exe
S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Serviço Windows Defender - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe
S4 - [MSSQLServerADHelper100] - SQL Active Directory Helper Service - c:\program files\microsoft sql server\100\shared\sqladhlp.exe
S4 - [SQLAgent$SQLEXPRESS] - SQL Server Agent (SQLEXPRESS) - c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\sqlagent.exe
S4 - [SQLBrowser] - SQL Server Browser - c:\program files\microsoft sql server\90\shared\sqlbrowser.exe
S4 - [UevAgentService] - Serviço de User Experience Virtualization - c:\windows\system32\agentservice.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys
R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
R0 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys
R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
R0 - [cm_km] - AO Kaspersky Lab Cryptographic Module x86 (56 bit) - C:\WINDOWS\system32\Drivers\cm_km.sys
R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
R0 - [disk] - Driver de disco - C:\WINDOWS\system32\Drivers\disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys
R0 - [intelide] - intelide - C:\WINDOWS\system32\Drivers\intelide.sys
R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys
R0 - [iorate] - iorate - C:\WINDOWS\system32\Drivers\iorate.sys
R0 - [kl1] - kl1 - C:\WINDOWS\system32\Drivers\kl1.sys
R0 - [klbackupdisk] - Kaspersky Lab klbackupdisk - C:\WINDOWS\system32\Drivers\klbackupdisk.sys
R0 - [klupd_klif_arkmon] - klupd_klif_arkmon - C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
R0 - [klupd_klif_klbg] - klupd_klif_klbg - C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys
R0 - [partmgr] - Driver de partição - C:\WINDOWS\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volume Shadow Copy driver - C:\WINDOWS\system32\Drivers\volsnap.sys
R0 - [volume] - Driver do volume - C:\WINDOWS\system32\Drivers\volume.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys
R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
S0 - [Bhbase] - Baidu Hook Base - C:\WINDOWS\system32\Drivers\Bhbase.sys
S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
S0 - [klelam] - klelam - C:\WINDOWS\system32\Drivers\klelam.sys
S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x]

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2033243565-1053980174-341340805-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Sergio\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe  /MINIMIZED"
"Google Update"="C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATINYE.EXE /EPT EPLTarget\P0000000000000000 /M L365 Series"
"Spotify Web Helper"="C:\Users\Sergio\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"OneDrive"="C:\Users\Sergio\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"kpm.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe -autoStart"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"
"Zone Thermal ACPI"="C:\Users\Sergio\AppData\Roaming\AppPatch\csrss.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
"EEventManager"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
"Family Tree Builder Update"="C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe"
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Users\Sergio\AppData\Roaming\uTorrent\updates\3.4.8_42449.exe  /MINIMIZED"
"Google Update"="C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATINYE.EXE /EPT EPLTarget\P0000000000000000 /M L365 Series"
"Spotify Web Helper"="C:\Users\Sergio\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"OneDrive"="C:\Users\Sergio\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"kpm.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Password Manager 8.0.4\kpm.exe -autoStart"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe /MONITOR"
"Zone Thermal ACPI"="C:\Users\Sergio\AppData\Roaming\AppPatch\csrss.exe "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EA Core"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ein49]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ein49"
"hkey"="HKCU"
"command"="C:\\directory\\Microsoft\\plugin\\Microsoft\\Blocodenotas.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Sergio\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroFilterCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtHDVCpl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skytel"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\Skytel.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuperTela]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuperTela"
"hkey"="HKCU"
"command"="C:\\Users\\Sergio\\AppData\\Roaming\\SuperTela\\SuperTela.exe --minimize"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\Sergio\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Win35]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Win35"
"hkey"="HKLM"
"command"="C:\\directory\\Microsoft\\plugin\\Microsoft\\Blocodenotas.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wondershare Helper Compact.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wondershare Helper Compact.exe"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Wondershare\\Wondershare Helper Compact\\WSHelper.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MCAFEE~1\\385C9A~1.150\\SSSCHE~1.EXE "
"item"="McAfee Security Scan Plus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Monitor Apache Servers.lnk"
"backup"="C:\\Windows\\pss\\Monitor Apache Servers.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\WEBSER~1\\Apache2.2\\bin\\APACHE~1.EXE "
"item"="Monitor Apache Servers"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apache2.4]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\chromoting]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v4.0.30319_32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\idsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IEEtwCollectorService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMIGuardianSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McComponentHostService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PSI_SVC_2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RzKLService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TabletInputService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WSearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wuauserv]


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [24/09/2016 14:05]
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22/10/2016 12:55]
C:\WINDOWS\tasks\AutoKMS.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\EPSON L365 Series Update {33B6D0A0-B99D-435C-A4AD-B456640ED049}.job --a-------- C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNYE.exe [22/11/2013 01:30]
C:\WINDOWS\tasks\EPSON L365 Series Update {7E14051D-89DC-46BE-AE49-B5CF863D07F3}.job --a-------- C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNYE.exe [22/11/2013 01:30]
C:\WINDOWS\tasks\EPSON L365 Series Update {A26013D1-F6CA-4DB3-81EC-B30B6E5F344D}.job --a-------- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNYE.exe [22/11/2013 01:30]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2016 19:14]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files\Google\Update\GoogleUpdate.exe [02/09/2016 19:14]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2033243565-1053980174-341340805-1000Core.job --a-------- C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe [27/08/2015 21:40]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2033243565-1053980174-341340805-1000UA.job --a-------- C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe [27/08/2015 21:40]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\system32\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe]
"C:\WINDOWS\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\system32\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\WINDOWS\system32\tasks\Browser Updater Task(Core)" [""C:\Program Files\TXQQBrowser\Update\C4E92D673876EB5D2ECEB6C8731130A1\Update\BrowserUpdate.exe""]
"C:\WINDOWS\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\system32\tasks\ceQeekgBrowserUpdateCore" [C:\Program Files\ceQeekg\ceQeekg\bin\ceQeekg_server.exe]
"C:\WINDOWS\system32\tasks\ceQeekgBrowserUpdateUA" [C:\Program Files\ceQeekg\ceQeekg\bin\ceQeekg_server.exe]
"C:\WINDOWS\system32\tasks\ceQeekgCheckTask" [C:\Program Files\ceQeekg\ceQeekg\bin\ceQeekg_server.exe]
"C:\WINDOWS\system32\tasks\ChelfNotify Task" ["C:\ProgramData\ChelfNotify\BrowserUpdate.exe"]
"C:\WINDOWS\system32\tasks\EPSON L365 Series Update {33B6D0A0-B99D-435C-A4AD-B456640ED049}" [C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNYE.EXE]
"C:\WINDOWS\system32\tasks\EPSON L365 Series Update {7E14051D-89DC-46BE-AE49-B5CF863D07F3}" [C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TTSNYE.EXE]
"C:\WINDOWS\system32\tasks\EPSON L365 Series Update {A26013D1-F6CA-4DB3-81EC-B30B6E5F344D}" [C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSNYE.EXE]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2033243565-1053980174-341340805-1000Core" [C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-2033243565-1053980174-341340805-1000UA" [C:\Users\Sergio\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\system32\tasks\Nimeckreelule Log" ["C:\Program Files\Nimeckreelule\Nmclogtask.exe"]
"C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task" [C:\Users\Sergio\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\system32\tasks\Opera scheduled Autoupdate 1439245841" [C:\Program Files\Opera\launcher.exe]
"C:\WINDOWS\system32\tasks\UncheckitTaskMN" [""C:\Program Files\Uncheckit\cktSvc.exe""]
"C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{F3A6F7A9-09C3-41BA-94DE-BD2E773C9946}" [C:\WINDOWS\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [28/06/2016 00:19]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fhoibnponjcgjgcnfacekaijdbbplhib - https://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gebpdbfmpedcnopofelmhndhincfkhki - https://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki[]

Avast SafePrice - Sergio\AppData\Local\Bangboat\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Kaspersky Password Manager - Sergio\AppData\Local\Bangboat\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki
Whitelisted domains - Sergio\AppData\Local\Bangboat\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - Sergio\AppData\Local\Bangboat\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype - Sergio\AppData\Local\Bangboat\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome Web Store Payments - Sergio\AppData\Local\Bangboat\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Sergio\AppData\Local\Bangboat\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Slides - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Avast Online Security - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome Web Store Payments - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sergio\AppData\Local\ceQeekg\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Adr - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpiopmneeadfapifejkfpahpljkicpik
selector is not a valid CSS selector - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Whitelisted domains - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Sergio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Whitelisted domains - Sergio\AppData\Local\Hotjob\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
xmlfeed - Sergio\AppData\Local\Hotjob\User Data\Default\Extensions\gmnmefifbeginfkndcckjchobjbndclk
Chrome Adr - Sergio\AppData\Local\Hotjob\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil
Chrome Web Store Payments - Sergio\AppData\Local\Hotjob\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DozenSearch - Sergio\AppData\Local\Hotjob\User Data\Default\Extensions\odhjlphbhamhgplegmaamhehbhdpealn
Whitelisted domains - Sergio\AppData\Local\Infun\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Web Store Payments - Sergio\AppData\Local\Infun\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Sergio\AppData\Local\Infun\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Avast SafePrice - Sergio\AppData\Local\Redjane\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Kaspersky Password Manager - Sergio\AppData\Local\Redjane\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki
Whitelisted domains - Sergio\AppData\Local\Redjane\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - Sergio\AppData\Local\Redjane\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype - Sergio\AppData\Local\Redjane\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome Web Store Payments - Sergio\AppData\Local\Redjane\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router - Sergio\AppData\Local\Redjane\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Slides - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
a - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji
Google Sheets - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
xmlfeed - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\gmnmefifbeginfkndcckjchobjbndclk
Searchvvay - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn
Chrome Adr - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil
Chrome Web Store Payments - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sergio\AppData\Local\Toolrain\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
a - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\ekbmlhopnonkbfompbndcifmljkljhji
Google Sheets - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
xmlfeed - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\gmnmefifbeginfkndcckjchobjbndclk
Searchvvay - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\kfkbcinhkmlddafdkffeahafeecnghpn
Chrome Adr - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\knbdkcpkcpmiakimkhhmlgkjmchgahil
Chrome Web Store Payments - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Sergio\AppData\Local\Zootony\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Sergio\AppData\Local\Zootony\User Data\Default\Preferences
"homepage": "http://www.searchvvay.com/?tp=hp",
"homepage": "http://www.google.com.br/",


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131217185697198707&GUID=D2F4DDBE-780A-427B-9C20-46B0D35D4556"
"Search Page"="http://www.nuesearch.com/search/?type=ds&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}"
"Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304"
"Default_Search_URL"="http://www.nuesearch.com/search/?type=ds&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}"
"Search Bar"="https://br.yahoo.com/?fr=hp-avast&type=avastbcl"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.nuesearch.com/?type=hp&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304"
"Default_Search_URL"="http://www.nuesearch.com/search/?type=ds&ts=1466021921&z=c1458ae20fef3bb4a0165f5gez6q9q3eeodg2t9obg&from=wpm0614&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}"
"Search Page"="http://www.nuesearch.com/search/?type=ds&ts=1466021921&z=c1458ae20fef3bb4a0165f5gez6q9q3eeodg2t9obg&from=wpm0614&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}"
"Search Bar"="https://br.yahoo.com/?fr=hp-avast&type=avastbcl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKLM\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} - https://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKCU\SearchScopes\Web - http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - No_Url_Value
HKCU\SearchScopes\{671CDCE2-8D6A-4763-85C1-91E8A441B4D2} - https://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} - https://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nuesearch.com/search/?type=ds&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nuesearch.com/search/?type=ds&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nuesearch.com/?type=hp&ts=1471628279&z=46d24f96ccd2cdbfcc059c0gdzcm6g7q4o2bbc1cdc&from=wpm0616&uid=SAMSUNGXHD502HI_S1ZVJ50S944304
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nuesearch.com/search/?type=ds&ts=1466021921&z=c1458ae20fef3bb4a0165f5gez6q9q3eeodg2t9obg&from=wpm0614&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nuesearch.com/search/?type=ds&ts=1466021921&z=c1458ae20fef3bb4a0165f5gez6q9q3eeodg2t9obg&from=wpm0614&uid=SAMSUNGXHD502HI_S1ZVJ50S944304&q={searchTerms}
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll

==== EOF on 28/10/2016 at 12:59:19,34 ======================
 

ZA-Scan.txt

Editado por Nilcéia Aparecida Cavalari

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara @Nilcéia Aparecida Cavalari

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

 

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

# Etapa nº 1 #
 
Baixe o AdwCleaner e salve em sua Área de trabalho (Desktop)

Execute o arquivo adwcleaner.exe

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • Clique na aba Opções e deixe marcado apenas "Restaurar Políticas do IE" e "Restaurar Políticas do Chrome"
  • Clique no botão Verificar e aguarde o exame finalizar.
  • Clique no botão Limpar.
  • Abrirá um bloco de notas com o resultado.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.
  • O log também será salvo em C:\AdwCleaner


NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar.
 
# Etapa nº 2 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o Junkware Removal Tool (JRT) e salve em sua Área de trabalho (Desktop)

 

Clique duas vezes para executar o jrt.exe.
 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png 

  • A ferramenta começará o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Ao final um log se abrirá. Será salvo no desktop com o nome de JRT.txt.
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

 
# Etapa nº 3 #
 
Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ZHPCleaner e salve em sua Área de trabalho (Desktop)

 

Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×