ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by Dani Quil on 28/11/2019 at 23:28:02,01. Microsoft Windows 10 Pro 10.0.18362 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dani Quil\Downloads\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe C:\WINDOWS\SysWOW64\IoctlSvc.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files (x86)\Google\Update\1.3.35.342\GoogleCrashHandler.exe C:\Users\Dani Quil\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\DANIQU~1\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdAppMgrSvc] - Autodesk Desktop App Service - c:\program files (x86)\autodesk\autodesk desktop app\adappmgrsvc.exe R2 - [AGMService] - Adobe Genuine Monitor Service - c:\program files (x86)\common files\adobe\adobegcclient\agmservice.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\driverstore\filerepository\c0346830.inf_amd64_f723e13ffb3b2652\b345901\atiesrxx.exe R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\amd\ati.ace\fuel\fuel.service.exe R2 - [asComSvc] - ASUS Com Service - c:\program files (x86)\asus\axsp\4.00.01\atkexcomsvc.exe R2 - [AvgWscReporter] - AvgWscReporter - c:\program files\avg\antivirus\wsc_proxy.exe R2 - [BtSwitcherService] - Serviço do Bluetooth Switcher - c:\program files\csr\csr harmony wireless software stack\btswitcherservice.exe R2 - [cFosSpeedS] - cFosSpeed System Service - c:\program files\asrock\xfast lan\spd.exe R2 - [ClickToRunSvc] - Serviço Clique para Executar do Microsoft Office - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe R2 - [CSRBtAudioService] - Serviço de áudio do Bluetooth da CSR - c:\program files\csr\csr harmony wireless software stack\csrbtaudioservice.exe R2 - [CsrBtOBEXService] - CSR OBEX Service - c:\program files\csr\csr harmony wireless software stack\csrbtobexservice.exe R2 - [CsrBtService] - CSR Bluetooth Service - c:\program files\csr\csr harmony wireless software stack\csrbtservice.exe R2 - [HoudiniLicenseServer] - HoudiniLicenseServer - c:\windows\system32\sesinetd.exe R2 - [HoudiniServer] - HoudiniServer - c:\windows\system32\hserver.exe R2 - [PLFlash DeviceIoControl Service] - PLFlash DeviceIoControl Service - c:\windows\syswow64\ioctlsvc.exe R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\sgrmbroker.exe R2 - [TeamViewer] - TeamViewer 14 - c:\program files (x86)\teamviewer\teamviewer_service.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [avgbIDSAgent] - avgbIDSAgent - c:\program files\avg\antivirus\aswidsagent.exe R3 - [Disc Soft Lite Bus Service] - Disc Soft Lite Bus Service - c:\program files\daemon tools lite\discsoftbusservicelite.exe R3 - [NMIndexingService] - NMIndexingService - c:\program files (x86)\common files\ahead\lib\nmindexingservice.exe R3 - [SecurityHealthService] - Serviço de Segurança do Windows - c:\windows\system32\securityhealthservice.exe S2 - [FlexNet Licensing Service 64] - FlexNet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service - c:\program files (x86)\google\chrome\application\78.0.3904.108\elevation_service.exe S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [NBService] - NBService - c:\program files (x86)\nero\nero 7\nero backitup\nbservice.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [perceptionsimulation] - Serviço de Simulação de Percepção do Windows - c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [Sense] - Serviço Proteção Avançada contra Ameaças do Windows Defender - c:\program files\windows defender advanced threat protection\mssense.exe S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender Antivirus - c:\programdata\microsoft\windows defender\platform\4.18.1910.4-0\nissrv.exe S3 - [WinDefend] - Serviço Windows Defender Antivirus - c:\programdata\microsoft\windows defender\platform\4.18.1910.4-0\msmpeng.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [AdobeUpdateService] - AdobeUpdateService - c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe S4 - [AGSService] - Adobe Genuine Software Integrity Service - c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe S4 - [UevAgentService] - Serviço de User Experience Virtualization - c:\windows\system32\agentservice.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R0 - [avgbidsh] - avgbidsh - C:\WINDOWS\system32\Drivers\avgbidsh.sys R0 - [avgbuniv] - avgbuniv - C:\WINDOWS\system32\Drivers\avgbuniv.sys R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\WINDOWS\system32\Drivers\amdkmpfd.sys R0 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys R0 - [avgVmm] - avgVmm - C:\WINDOWS\system32\Drivers\avgVmm.sys R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys R0 - [disk] - Driver de disco - C:\WINDOWS\system32\Drivers\disk.sys R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys R0 - [iorate] - Driver do Filtro de Taxa de E/S de Disco - C:\WINDOWS\system32\Drivers\iorate.sys R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys R0 - [MsSecFlt] - Minifiltro do Componente de Eventos de Segurança da Microsoft - C:\WINDOWS\system32\Drivers\MsSecFlt.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys R0 - [partmgr] - Driver de partição - C:\WINDOWS\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys R0 - [pciide] - pciide - C:\WINDOWS\system32\Drivers\pciide.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys R0 - [SgrmAgent] - System Guard Runtime Monitor Agent - C:\WINDOWS\system32\Drivers\SgrmAgent.sys R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys R0 - [storahci] - Driver AHCI SATA Padrão da Microsoft - C:\WINDOWS\system32\Drivers\storahci.sys R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys R0 - [volsnap] - Driver de Cópia de Sombra de Volume - C:\WINDOWS\system32\Drivers\volsnap.sys R0 - [volume] - Driver do volume - C:\WINDOWS\system32\Drivers\volume.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys S0 - [avgArDisk] - avgArDisk - C:\WINDOWS\system32\Drivers\avgArDisk.sys S0 - [avgElam] - avgElam - C:\WINDOWS\system32\Drivers\avgElam.sys S0 - [avgRvrt] - avgRvrt - C:\WINDOWS\system32\Drivers\avgRvrt.sys S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-436818528-845323736-1107294709-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Dani Quil\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" "IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot" "CCXProcess"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Creative Cloud"="C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "Autodesk Desktop App"="C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe -tray" "TeamsMachineUninstallerLocalAppData"="%LOCALAPPDATA%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default" "TeamsMachineUninstallerProgramData"="%ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\Dani Quil\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" "IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot" "CCXProcess"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XFast LAN"="C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe" "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "CsrHCRPServer"="C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe" "CsrAudioguiCtrl"="C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe" "CsrSyncMLServer"="C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe" "vksts"="C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe" "HarmonyUserStartup"="C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe" "CSRHarmonySkypePlugin"="C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe" "TrayApplication"="C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "AVGUI.exe"="C:\Program Files\AVG\Antivirus\AvLaunch.exe /gui" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " ==== Startup Folders ====================== 2019-07-16 20:46:31 1169 ----a-w- C:\Users\Dani Quil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk 2019-07-16 15:50:26 2372 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\AdobeGCInvoker-1.0" [C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe] "C:\WINDOWS\SysNative\tasks\Antivirus Emergency Update" [C:\Program Files\AVG\Antivirus\AvEmUpdate.exe] "C:\WINDOWS\SysNative\tasks\ApowerREC" [C:\Program Files (x86)\Apowersoft\ApowerREC\ApowerREC.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-436818528-845323736-1107294709-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\StartCN" ["C:\Program Files\AMD\CNext\CNext\cncmd.exe"] "C:\WINDOWS\SysNative\tasks\StartDVR" ["C:\Program Files\AMD\CNext\CNext\RSServCmd.exe"] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{CDF73D0D-0F41-4CEB-A70B-E179759C9694}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\ASUS\ASUS Product Register Service" [C:\Program Files (x86)\ASUS\APRP\aprp.exe] "C:\WINDOWS\SysNative\tasks\AVG\Overseer" [C:\Program Files\Common Files\AVG\Overseer\overseer.exe] "C:\WINDOWS\SysNative\tasks\cFos\Registration Tasks\Open Browser" [c:\windows\system32\launchwinapp.exe] ==== Firefox XPI-files found: ====================== - Undetermined - C:\Program Files\Adobe\Adobe After Effects CC 2019\Support Files\Required\XMPFiles\MXF_Handler.xpi - Undetermined - C:\Program Files\Adobe\Adobe After Effects CC 2019\Support Files\Required\XMPFiles\REDHandler.xpi - Undetermined - C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MOVOEM_Handler.xpi - Undetermined - C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MP4OEM_Handler.xpi - Undetermined - C:\Program Files\Adobe\Adobe Media Encoder CC 2019\Plug-Ins\XMPFiles\MXFHandler.xpi - Undetermined - C:\Program Files\Adobe\Adobe Media Encoder CC 2019\Plug-Ins\XMPFiles\REDHandler.xpi - Undetermined - C:\Program Files\Adobe\Adobe Premiere Pro CC 2019\Plug-Ins\XMPFiles\MXFHandler.xpi - Undetermined - C:\Program Files\Adobe\Adobe Premiere Pro CC 2019\Plug-Ins\XMPFiles\REDHandler.xpi - IDM CC - C:\Program Files (x86)\Internet Download Manager\idmmzcc.xpi - IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi ==== Chromium Look ====================== Google Chrome Version: 78.0.3904.108 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[09/06/2016 13:48] Chrome Web Store Payments - Dani Quil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Chrome Media Router - Dani Quil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll ==== EOF on 28/11/2019 at 23:31:26,49 ======================