
ZA-Scan V1.0.0.5 Updated 31-December-2015
Tool run by pc on 31/05/2016 at 13:32:20,91.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\pc\Downloads\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files (x86)\Viva\viva.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\pc\AppData\Local\Akamai\netsession_win.exe
C:\Users\pc\AppData\Local\Google\Update\1.3.30.3\GoogleCrashHandler.exe
C:\Users\pc\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\pc\Downloads\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\pc\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

Paused2 - [HiPatchService] - Hi-Rez Studios Authenticate and Update Service - c:\program files (x86)\hi-rez studios\hipatchservice.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [BstHdUpdaterSvc] - BlueStacks Updater Service - c:\program files (x86)\bluestacks\hd-updaterservice.exe
R2 - [COMLiveService] - COM+ Live Service - c:\program files (x86)\viva\viva.exe
R2 - [hshld] - Hotspot Shield Service - c:\program files (x86)\hotspot shield\bin\cmw_srv.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - c:\windows\system32\nvvsvc.exe
R2 - [PnkBstrB] - PnkBstrB - c:\windows\system32\pnkbstrb.exe [x]
R2 - [Razer Game Scanner Service] - Razer Game Scanner - c:\program files (x86)\razer\razer services\gss\gamescannerservice.exe
R2 - [RzKLService] - RzKLService - c:\program files (x86)\razer\razer game booster\rzklservice.exe
R2 - [RzSurroundVADStreamingService] - RzSurroundVADStreamingService - c:\programdata\razer\synapse\devices\razer surround\driver\rzsurroundvadstreamingservice.exe
R2 - [TeamViewer] - TeamViewer 10 - c:\program files (x86)\teamviewer\teamviewer_service.exe
R2 - [Update service] - Update service - c:\program files (x86)\popcorn time\updater.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
S2 - [BstHdAndroidSvc] - BlueStacks Android Service - c:\program files (x86)\bluestacks\hd-service.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [GfExperienceService] - NVIDIA GeForce Experience Service - c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe [x]
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [LiveUpdateSvc] - LiveUpdate - c:\program files (x86)\iobit\liveupdate\liveupdate.exe
S2 - [NvNetworkService] - NVIDIA Network Service - c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe [x]
S2 - [NvStreamSvc] - NVIDIA Streamer Service - c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe [x]
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [HssTrayService] - Hotspot Shield Tray Service - c:\program files (x86)\hotspot shield\bin\hsstrayservice.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.11.309\mcchsvc.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NMIndexingService] - NMIndexingService - c:\program files (x86)\common files\ahead\lib\nmindexingservice.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
S3 - [Origin Client Service] - Origin Client Service - c:\program files (x86)\origin\originclientservice.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe
S3 - [rpcapd] - Remote Packet Capture Protocol v.0 (experimental) - c:\program files (x86)\winpcap\rpcapd.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Serviço de Tecnologias de Ativação do Windows - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [Apache2.2] - Apache2.2 - c:\appserv\apache2.2\bin\httpd.exe
S4 - [BASSVC] - Baidu MoboMarket Service - c:\program files (x86)\baidu security\mobomarket\1.3.7.5841\bassvc.exe
S4 - [BstHdLogRotatorSvc] - BlueStacks Log Rotator Service - c:\program files (x86)\bluestacks\hd-logrotatorservice.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [Desura Install Service] - Desura Install Service - c:\program files (x86)\common files\desura\desura_service.exe
S4 - [LMIGuardianSvc] - LMIGuardianSvc - c:\program files (x86)\logmein hamachi\lmiguardiansvc.exe
S4 - [mysql] - mysql - c:\appserv\mysql\bin\mysqld --defaults-file=c:\appserv\mysql\my.ini mysql
S4 - [NBService] - NBService - c:\program files (x86)\nero\nero 7\nero backitup\nbservice.exe
S4 - [TunngleService] - TunngleService - c:\program files (x86)\tunngle\tnglctrl.exe
S4 - [winzipersvc] - WinZiper service - c:\program files (x86)\winzipper\winzipersvc.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amd_sata] - amd_sata - C:\Windows\system32\Drivers\amd_sata.sys
R0 - [amd_xata] - amd_xata - C:\Windows\system32\Drivers\amd_xata.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2573288723-3207927353-2187202909-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
"Google Update"="C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"BitTorrent"="C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe  /MINIMIZED"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"Lightshot"="C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\pc\AppData\Local\Akamai\netsession_win.exe"
"Google Update"="C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Steam"="C:\Program Files (x86)\Steam\steam.exe -silent"
"BitTorrent"="C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe  /MINIMIZED"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~2\\gsb779~1.ena"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Aeria Ignite"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Akamai NetSession Interface"
"hkey"="HKCU"
"command"="\"C:\\Users\\pc\\AppData\\Local\\Akamai\\netsession_win.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitTorrent"
"hkey"="HKCU"
"command"="\"C:\\Users\\pc\\AppData\\Roaming\\BitTorrent\\BitTorrent.exe\"  /MINIMIZED"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlueStacks Agent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BlueStacks Agent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\BlueStacks\\HD-Agent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Facebook Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\pc\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarenaPlus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarenaPlus"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garena Plus\\GarenaMessenger.exe\" -autolaunch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightShot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightShot"
"hkey"="HKCU"
"command"="C:\\Users\\pc\\AppData\\Local\\Skillbrains\\lightshot\\LightShot.exe Flags: uninsdeletevalue"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ManyCam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManyCam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\ManyCam\\ManyCam.exe\" --silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvBackend"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ragnarok Online 2 - Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ragnarok Online 2 - Downloader"
"hkey"="HKCU"
"command"="C:\\Users\\pc\\Downloads\\ragnarokonline2_us_downloader.exe auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ShadowPlay"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\system32\\nvspcap64.dll,ShadowPlayOnSystemStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WTFast Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WTFast Tray"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\WTFast\\WTFast.exe\" trayonly"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\LOLRecorder.lnk"
"backup"="C:\\Windows\\pss\\LOLRecorder.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\LOLREP~1\\LOLREC~1.EXE -minimize"
"item"="LOLRecorder"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Orbit.lnk"
"backup"="C:\\Windows\\pss\\Orbit.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\ORBITD~1\\orbitdm.exe /H"
"item"="Orbit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
"path"="C:\\Users\\pc\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Orbit.lnk"
"backup"="C:\\Windows\\pss\\Orbit.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files (x86)\\Orbitdownloader\\orbitdm.exe "
"item"="Orbit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de tela e Iniciador do OneNote 2007.lnk]
"path"="C:\\Users\\pc\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Recorte de tela e Iniciador do OneNote 2007.lnk"
"backup"="C:\\Windows\\pss\\Recorte de tela e Iniciador do OneNote 2007.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE /tsr"
"item"="Recorte de tela e Iniciador do OneNote 2007"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AODService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apache2.2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BASSVC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdAndroidSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdLogRotatorSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdUpdaterSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Desura Install Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hshld]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssTrayService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssWd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IePluginService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMIGuardianSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mysql]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NBService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PnkBstrA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer9]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TunngleService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\winzipersvc]


==== Startup Folders ======================

2016-05-10 17:55:36	1117	----a-w-	C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
2015-06-20 12:48:36	1964	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/08/2015 12:29]
C:\Windows\tasks\bench-sys.job --a------ [Undetermined Task]
C:\Windows\tasks\bench-Updater removing.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000Core.job --a------ C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/03/2014 23:29]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000UA.job --a------ C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [12/03/2014 23:29]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/02/2015 23:08]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0e2ae25af7627.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/02/2015 23:08]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/02/2015 23:08]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d0e2ae25dca150.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/02/2015 23:08]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000Core.job --a------ C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [14/07/2015 12:04]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000Core1d0e13067c1fd64.job --a------ C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [14/07/2015 12:04]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000UA.job --a------ C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [14/07/2015 12:04]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000UA1d0e13067e4a116.job --a------ C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [14/07/2015 12:04]
C:\Windows\tasks\update-S-1-5-21-2573288723-3207927353-2187202909-1000.job --a------ C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [25/03/2014 18:44]
C:\Windows\tasks\update-sys.job --a------ C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [25/03/2014 18:44]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\bench-sys" [C:\Program Files (x86)\Bench\Updater\updater.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (pc)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000Core" [C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000UA" [C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0e2ae25af7627" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d0e2ae25dca150" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000Core" [C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000Core1d0e13067c1fd64" [C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000UA" [C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2573288723-3207927353-2187202909-1000UA1d0e13067e4a116" [C:\Users\pc\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\update-S-1-5-21-2573288723-3207927353-2187202909-1000" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe]
"C:\Windows\SysNative\tasks\update-sys" [C:\Program Files (x86)\Skillbrains\Updater\Updater.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{E280A777-CBE0-466C-A08C-F898B6200ADA}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{C130F46E-D8C2-4E93-B90B-0323873F3E19}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xd8mkumn.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaulturl", "https://www.google.com/search");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("keyword.URL", "https://www.google.com/search");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"quick_start@gmail.com"="C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xd8mkumn.default\extensions\quick_start@gmail.com" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xd8mkumn.default
- Rocket New Tab - %ProfilePath%\extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
- Check4Change - %ProfilePath%\extensions\check4change-owner@mozdev.org.xpi
- Fast Video Download - %ProfilePath%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\xd8mkumn.default
41BB839E8E187C518441334506229ED5	- C:\Users\pc\AppData\Roaming\RCTW\plugins\nprcplugin.dll -	Raidcall plugin
DE85813201ACE03E7909F618B56B4600	- C:\Users\pc\AppData\Roaming\raidcall\plugins\nprcplugin.dll -	Raidcall plugin
FD82108FD60B63010325D9AF6F00AF99	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll -	Shockwave Flash
4C07B5286D129DFD25C24B4A31B9B888	- C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll -	Happy Cloud Plugin
65C1D9F74004E775F9A8598476ABE5EE	- C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -	Unity Player
C426F7E678D6E539041847556059D5E8	- C:\Users\pc\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll -	Google Update
3CD19649B2C3023D65E67C056457A2BC	- C:\Users\pc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -	Facebook Video Calling Plugin


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrador\AppData\Local\Torch Found
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\Administrador\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\Convidado\AppData\Local\Torch Found
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\Convidado\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\Default\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Default User\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Leonan\AppData\Local\Google\Chrome Found
Fake profile C:\Users\pc\AppData\Local\Torch Found
Fake profile C:\Users\pc\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\pc\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\USURIO~1\AppData\Local\Google\Chrome Found

==== Chromium Look ======================

Google Chrome Version: 31.0.1650.63

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29/06/2015 11:28]
ibnjmihbbanannlbobkbmnmckjnmdnom - No path found[]
ifohbjbgfchkkfhphahclmkpgejiplfo - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx[25/02/2014 03:13]
mfkamignjaneflbgdjegpidckhjdiibj - C:\Program Files (x86)\Storimbo\mfkamignjaneflbgdjegpidckhjdiibj.crx[10/01/2014 16:50]
nlbejmccbhkncgokjcmghpfloaajcffj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ibnjmihbbanannlbobkbmnmckjnmdnom - No path found[]

greautsaaveR - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - Administrador\AppData\Local\Torch\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Administrador\AppData\Local\Torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Administrador\AppData\Local\Torch\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Administrador\AppData\Local\Torch\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Administrador\AppData\Local\Torch\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - Convidado\AppData\Local\Torch\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - Convidado\AppData\Local\Torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - Convidado\AppData\Local\Torch\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - Convidado\AppData\Local\Torch\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - Convidado\AppData\Local\Torch\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
greautsaaveR - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - pc\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
EditThisCookie - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
AdBlock - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Inactive Friends Removal - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncenoanglaejadhdkidihneieemafgm
Chrome Web Store Payments - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Chrome Media Router (Canary) - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
greautsaaveR - pc\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - pc\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - pc\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - pc\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - pc\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
Rocket - pc\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Google Wallet - pc\AppData\Local\Rocket\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
greautsaaveR - pc\AppData\Local\Torch\User Data\Default\Extensions\bdljnnciickmlbipdjcgdmeledhjehji
Closed tabs - pc\AppData\Local\Torch\User Data\Default\Extensions\eonffnnfmbfnmjpaiigdclmfelolemah
YTBooKMMArek - pc\AppData\Local\Torch\User Data\Default\Extensions\gmepcibcjklgbkcidhhfemaomnfocmni
SNT - pc\AppData\Local\Torch\User Data\Default\Extensions\noijblakpelfcldlmieahjjlcpmjhlcp
YoutubeAdblocker - pc\AppData\Local\Torch\User Data\Default\Extensions\pflnoboiookhhmgcnfiblmcmlfjihgoo
undetermined - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
undetermined - pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&ts=1393410462&type=default&q={searchTerms}"
"Default_Page_URL"="http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&ts=1393410462"
"Default_Search_URL"="http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&ts=1393410462&type=default&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.nationzoom.com/web/?type=ds&ts=1389406153&from=tugs&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&q={searchTerms}
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.nationzoom.com/web/?type=ds&ts=1389406153&from=tugs&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - http://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=34&r=2014/02/09&hid=11067677320287148083&lg=EN&cc=BR&unqvl=48
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&ts=1393410462&type=default&q={searchTerms}
HKCU\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} - http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_28_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0CyDtC0EyEtCzz0DtByEtN0D0Tzu0SzytCzztN1L2XzutBtFtBtCtFtCtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0A0Azyzz0CyDtAtGtCtDzy0EtGzzyB0A0CtG0EtBtB0FtGyEtCtAyC0E0Ezyzy0CtA0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0Czy0EtAtAtCzytGyC0CyByBtGyB0DtDyEtGtDtByB0FtGyC0F0CyBtByDzz0EtD0DyB0B2Q&cr=1637049724&ir=
HKCU\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} - http://websearch.webisgreat.info/?l=1&q={searchTerms}&pid=34&r=2014/02/09&hid=11067677320287148083&lg=EN&cc=BR&unqvl=48

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&ts=1393410462
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&ts=1393410462&type=default&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST1000DM003-1CH162_Z1D4NBB8XXXXZ1D4NBB8&ts=1393410462&type=default&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 192.169.90.112 fsroseon.com
O1 - Hosts: 192.169.90.112 www.fsroseon.com
O1 - Hosts: 192.169.90.112 mail.fsroseon.com
O1 - Hosts: 192.169.90.112 ftp.fsroseon.com
O1 - Hosts: 206.248.168.147 patch.tera.enmasse-game.com
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: GreatSave4U - {441E8907-87A9-EC3F-B043-02BF93EB3CE7} - (no file)
O2 - BHO: CheapMe - {59668A59-B9D2-3B4E-8A14-14E5F3ACD115} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conex�o de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O2 - BHO: Storimbo - {ddac750c-59da-4bb6-9ee7-ead55ebe0b64} - C:\Program Files (x86)\Storimbo\Storimbobho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{91DD161B-C24F-47ED-AF26-CD4F356111F9}: NameServer = 8.8.8.8,8.8.4.4

==== EOF on 31/05/2016 at 13:41:17,55 ======================