Zoek.exe Version 5.0.0.2 Updated 03-May-2018
Tool run by dymytry on 25/03/2021 at 12:55:19,55.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\dymytry\Desktop\zoek\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\dymytry\AppData\Roaming\Smart Clock\SmartClock.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\SafeIP\SafeIPs.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\dymytry\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
R2 - [TeamViewer] - TeamViewer - c:\program files (x86)\teamviewer\teamviewer_service.exe
R2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [Disc Soft Bus Service] - Disc Soft Bus Service - c:\program files (x86)\daemon tools pro\discsoftbusservice.exe
R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
R3 - [SafeIPS] - SafeIPS - c:\program files (x86)\safeip\safeips.exe
S2 - [brave] - Serviço do Brave Update (brave) - c:\program files (x86)\bravesoftware\update\braveupdate.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [bravem] - Serviço do Brave Update (bravem) - c:\program files (x86)\bravesoftware\update\braveupdate.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Serviço Receptor do Windows Media Center - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Serviço Agendador do Windows Media Center - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service - c:\program files (x86)\google\chrome\application\89.0.4389.90\elevation_service.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [ProtonVPN Service] - ProtonVPN Service - c:\program files (x86)\proton technologies\protonvpn\protonvpnservice.exe
S3 - [ProtonVPN Update Service] - ProtonVPN Update Service - c:\program files (x86)\proton technologies\protonvpn\protonvpn.updateservice.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Serviço de Tecnologias de Ativação do Windows - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [iqoptionupdater] - IQ Option Update Service - c:\program files (x86)\iq option\iqoptionupdater.exe [x]
S4 - [OverwolfUpdater] - Overwolf Updater Windows SCM - c:\program files (x86)\overwolf\overwolfupdater.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [storflt] - Driver de Filtro de Aceleração do Barramento da Máquina Virtual do Disco - C:\Windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [vmbus] - Barramento da Máquina Virtual - C:\Windows\system32\Drivers\vmbus.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-491344444-3582890924-2238278525-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CryptoTab Browser]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CryptoTab Browser"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\CryptoTab Browser\\Application\\browser.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^dymytry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IQTray.lnk]
"path"="C:\\Users\\dymytry\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\IQTray.lnk"
"backup"="C:\\Windows\\pss\\IQTray.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\IQOPTI~1\\IQTray.exe "
"item"="IQTray"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cryptobrowser]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cryptobrowserm]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iqoptionupdater]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\OverwolfUpdater]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer]


==== Startup Folders ======================

2021-03-16 15:57:03	965	----a-w-	C:\Users\dymytry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartClock.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player NPAPI Notifier" [C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\BraveSoftwareUpdateTaskMachineCore" [C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe]
"C:\Windows\SysNative\tasks\BraveSoftwareUpdateTaskMachineUA" [C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Overwolf Updater Task" [C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{C8845123-D49A-4FC1-B627-7008F7924487}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{0322D7E6-8B71-4713-8FE8-199CC6A7BBA1}" [C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe]
"C:\Windows\SysNative\tasks\{0F9487A6-9236-4CBE-8E2B-1DC58F23AF6E}" [C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe]
"C:\Windows\SysNative\tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" [C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Services\Diagnostic" ["C:\Users\dymytry\AppData\Local\Disk\AutoIt3\AutoIt3_x64.exe"]

==== Firefox Extensions ======================

ProfilePath: C:\Users\dymytry\AppData\Roaming\Mozilla\Firefox\Profiles\wkhcog0h.default
- short_ tab-auto-refresh - %ProfilePath%\extensions\{7fee47a1-8299-4576-90bf-5fd88d756926}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\dymytry\AppData\Roaming\Mozilla\Firefox\Profiles\wkhcog0h.default
90189EE3C0DBAFD0668CD7F686314CFB	- C:\Program Files\VideoLAN\VLC\npvlc.dll -	VLC Web Plugin
- C:\PROGRA1\MICROS1\Office15\NPSPWRAP.DLL - [?]
124FA95972259D35F25B6133DD4DC425	- c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll -	Silverlight Plug-In
29D9DD280A871C15C8517D30969A65D5	- c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrlui.dll -	Microsoft� Silverlight
E8E768BA50C91D62E7E87B6B7D2DAA07	- C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npdeployJava1.dll -	Java Deployment Toolkit 8.0.2710.9
05F8076F203068FFBB03102CBBA33D9C	- C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll -	Java(TM) Platform SE 8 U271


==== Chromium Look ======================

Google Chrome Version: 89.0.4389.90


Origin - dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Data - dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj
Dark - dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Screen Recorder - dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden
Méliuz Cashback e cupons em suas compras - dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg
Video DownloadHelper - dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk
MetaMask - dymytry\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn
Slides - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
DocHub - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj
Docs - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Sheets - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
IQ Option Web - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gailmlilefhlnpnochoapcmiogbhodii
This information is used only for diagnosing the problem you are reporting is available only to someone investigating your report and is retained for no more than 30 days. - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp
Google Docs Offline - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Super Simple Auto Refresh - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gljclgacfalmnebgmhknodlplmngmfpi
Screen Recorder - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden
Méliuz Cashback e cupons em suas compras - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg
Zanox - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifnbabhcefpiimlpjddfnkaloijpehh
FBS Cabinet - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgliaimiepenmdmbgphfckhfklcphkjp
Video DownloadHelper - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk
Screenshot Master: Full Page Capture - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfaljlepkegmfnidgahckeidofinndof
Gmail - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - dymytry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Slides - Kekynha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Docs - Kekynha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Kekynha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Kekynha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Sheets - Kekynha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Kekynha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Gmail - Kekynha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\safeips.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\safeips.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\safeips.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\safeips.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\safeips.dll

==== EOF on 25/03/2021 at 12:58:13,91 ======================