ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by Odimar on 21/10/2021 at 23:09:41,98. Microsoft Windows 10 Home Single Language 10.0.19041 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Odimar\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitReaderUpdateService.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\DFX\DFX.exe C:\Program Files (x86)\DFX\Universal\Apps\DfxSharedApp32.exe C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\Odimar\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeUpdateService] - AdobeUpdateService - c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe R2 - [AGMService] - Adobe Genuine Monitor Service - c:\program files (x86)\common files\adobe\adobegcclient\agmservice.exe R2 - [AGSService] - Adobe Genuine Software Integrity Service - c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe R2 - [AtherosSvc] - AtherosSvc - c:\windows\system32\drivers\adminservice.exe R2 - [AVP21.3] - Serviço do Kaspersky Anti-Virus 21.3 - c:\program files (x86)\kaspersky lab\kaspersky security cloud 21.3\avp.exe R2 - [cplspcon] - Intel(R) Content Protection HDCP Service - c:\windows\system32\driverstore\filerepository\iigd_dch.inf_amd64_c34fd594e40bf436\intelcphdcpsvc.exe R2 - [DDVCollectorSvcApi] - Dell Data Vault Service API - c:\program files\dell\delldatavault\ddvcollectorsvcapi.exe R2 - [DDVDataCollector] - Dell Data Vault Collector - c:\program files\dell\delldatavault\ddvdatacollector.exe R2 - [DDVRulesProcessor] - Dell Data Vault Processor - c:\program files\dell\delldatavault\ddvrulesprocessor.exe R2 - [Dell Hardware Support] - Dell Hardware Support - c:\program files\dell\supportassistagent\pcd\supportassist\dsapi.exe R2 - [esifsvc] - Intel(R) Dynamic Platform and Thermal Framework service - c:\windows\system32\intel\dptf\esif_uf.exe R2 - [HPPrintScanDoctorService] - HP Print Scan Doctor Service - c:\program files\hpprintscandoctor\hpprintscandoctorservice.exe R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe R2 - [igccservice] - Intel(R) Graphics Command Center Service - c:\windows\system32\driverstore\filerepository\igcc_dch.inf_amd64_9cf4db1a1fd1b22d\oneapp.igcc.winservice.exe R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_7208949846a9b9dc\igfxcuiservice.exe R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\windows\system32\driverstore\filerepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe R2 - [KSDE5.3] - Serviço do Kaspersky VPN Secure Connection 5.3 - c:\program files (x86)\kaspersky lab\kaspersky vpn 5.3\ksde.exe R2 - [Product Registration] - Product Registration - c:\program files\dell\dell product registration\prsvc.exe R2 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - c:\program files (x86)\cyberlink\shared files\richvideo.exe R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\sgrmbroker.exe R2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe R2 - [SupportAssistAgent] - Dell SupportAssist - c:\program files\dell\supportassistagent\bin\supportassistagent.exe R2 - [TrueColorALS] - TrueColorALS - c:\program files\truecolor\truecolorals.exe R2 - [WavesSysSvc] - Waves Audio Services - c:\program files\waves\maxxaudio\wavessyssvc64.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\system32\driverstore\filerepository\iigd_dch.inf_amd64_c34fd594e40bf436\intelcphecisvc.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe R3 - [SecurityHealthService] - Serviço de Segurança do Windows - c:\windows\system32\securityhealthservice.exe S2 - [dbupdate] - Serviço Atualização do Dropbox (dbupdate) - c:\program files (x86)\dropbox\update\dropboxupdate.exe S2 - [Dell SupportAssist Remediation] - Dell SupportAssist Remediation - c:\program files\dell\saremediation\agent\dellsupportassistremedationservice.exe [x] S2 - [DellClientManagementService] - Dell Client Management Service - c:\program files (x86)\dell\updateservice\serviceshell.exe [x] S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [Intel(R) TPM Provisioning Service] - Intel(R) TPM Provisioning Service - c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\tpmprovisioningservice.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [dbupdatem] - Serviço Atualização do Dropbox (dbupdatem) - c:\program files (x86)\dropbox\update\dropboxupdate.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service (GoogleChromeElevationService) - c:\program files\google\chrome\application\95.0.4638.54\elevation_service.exe S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\socketheciserver.exe S3 - [klvssbridge64_21.3] - Kaspersky Volume Shadow Copy Service Bridge 21.3 - c:\program files (x86)\kaspersky lab\kaspersky security cloud 21.3\x64\vssbridge64.exe S3 - [kpm_launch_service] - Kaspersky Password Manager Service - c:\program files (x86)\kaspersky lab\kaspersky password manager 9.0.2\kpm_service.exe S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files\microsoft office\office14\groove.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [perceptionsimulation] - Serviço de Simulação de Percepção do Windows - c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [uSHAREitSvc] - SHAREit Hotspot Service - c:\program files (x86)\shareit technologies\shareit\shareit.service.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2101.9-0\nissrv.exe S3 - [WinDefend] - Serviço Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2101.9-0\msmpeng.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe S4 - [uhssvc] - Microsoft Update Health Service - c:\program files\microsoft update health tools\uhssvc.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-632995739-1691208015-462959796-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "CCXProcess"="C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" "Skype for Desktop"="C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" "Spotify"="C:\Users\Odimar\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" [HKEY_USERS\S-1-5-21-632995739-1691208015-462959796-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #1"="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe --appletVersion=1.0 --mode=LBS --helperBridgeName={AAE28F23-171C-436D-A137-8E48B1E1631E} --lbsWorkflowID={1E01F5C8-D6B0-4449-BF65-E2A564F2186B} --aamHelperPipeName={AAE28F23-171C-436D-A137-8E48B1E1631E} --acccUpdated=true --lbsInstallerWorkflowID={232CA530-2D90-41C1-809C-0A6666AE42CD} --mode=accLauncher --outGuidPath=C:\Users\Odimar\AppData\Local\Temp\{782663E2-95B2-4501-B4B7-2308DD83D56F}\CCLBS --selfDelete=C:\Users\Odimar\AppData\Local\Temp\F14F3523-433D-4E0E-A5DF-0C0AFD3377665\CreativeCloudSet-Up.exe --shouldLaunchACC=false --showwindow=false --userGuid=3FA8F72A59BE87D60A495CE0@AdobeID --workflowId={1E01F5C8-D6B0-4449-BF65-E2A564F2186B} /RestartByRestartManager:D9642F2A-AF90-436f-9935-93504E4DB647" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DFX"="C:\Program Files (x86)\DFX\DFX.exe -startup" "Adobe CCXProcess"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" "Adobe Creative Cloud"="C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "CCXProcess"="C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" "Skype for Desktop"="C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" "Spotify"="C:\Users\Odimar\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart #1"="C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe --appletVersion=1.0 --mode=LBS --helperBridgeName={AAE28F23-171C-436D-A137-8E48B1E1631E} --lbsWorkflowID={1E01F5C8-D6B0-4449-BF65-E2A564F2186B} --aamHelperPipeName={AAE28F23-171C-436D-A137-8E48B1E1631E} --acccUpdated=true --lbsInstallerWorkflowID={232CA530-2D90-41C1-809C-0A6666AE42CD} --mode=accLauncher --outGuidPath=C:\Users\Odimar\AppData\Local\Temp\{782663E2-95B2-4501-B4B7-2308DD83D56F}\CCLBS --selfDelete=C:\Users\Odimar\AppData\Local\Temp\F14F3523-433D-4E0E-A5DF-0C0AFD3377665\CreativeCloudSet-Up.exe --shouldLaunchACC=false --showwindow=false --userGuid=3FA8F72A59BE87D60A495CE0@AdobeID --workflowId={1E01F5C8-D6B0-4449-BF65-E2A564F2186B} /RestartByRestartManager:D9642F2A-AF90-436f-9935-93504E4DB647" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrueColor UI"="C:\Program Files\TrueColor\TrueColorUI.exe" "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "WavesSvc"="c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe -Jack" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\DropboxUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [13/08/2021 07:50] C:\WINDOWS\tasks\DropboxUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [13/08/2021 07:50] C:\WINDOWS\tasks\RunDLC.job --a-------- [Undetermined Task] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\AdobeAAMUpdater-1.0-DESKTOP-OV20K8E-Odimar" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\WINDOWS\SysNative\tasks\AdobeGCInvoker-1.0" [C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe] "C:\WINDOWS\SysNative\tasks\CCleaner Update" [C:\Program Files\CCleaner\CCUpdate.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC - Odimar" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe] "C:\WINDOWS\SysNative\tasks\CreateExplorerShellUnelevatedTask" [C:\WINDOWS\Explorer.exe] "C:\WINDOWS\SysNative\tasks\Dell Cleanup" [c:\windows\system32\oem\startmenufix.vbs] "C:\WINDOWS\SysNative\tasks\DropboxOEM" ["%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe"] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineCore" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\DropboxUpdateTaskMachineUA" [C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\SysNative\tasks\EOSv3 Scheduler onLogOn" [C:\Users\Odimar\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe] "C:\WINDOWS\SysNative\tasks\EOSv3 Scheduler onTime" [C:\Users\Odimar\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\Intel PTT EK Recertification" ["C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe"] "C:\WINDOWS\SysNative\tasks\klcp_update" ["C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-632995739-1691208015-462959796-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\PCDDataUploadTask" ["uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\PCDEventLauncherTask" ["C:\Program Files\Dell\SupportAssist\sessionchecker.exe"] "C:\WINDOWS\SysNative\tasks\SystemToolsDailyTest" ["uaclauncher.exe"] "C:\WINDOWS\SysNative\tasks\Agent Activation Runtime\S-1-5-21-632995739-1691208015-462959796-1001" [C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe] "C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] "C:\WINDOWS\SysNative\tasks\R@1n-KMS\Office14ProPlus" [wmic] "C:\WINDOWS\SysNative\tasks\R@1n-KMS\Office16ProPlus" [wmic] "C:\WINDOWS\SysNative\tasks\S-1-5-21-632995739-1691208015-462959796-1001\DataSenseLiveTileTask" [%SystemRoot%\System32\DataUsageLiveTileTask.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Odimar\AppData\Roaming\Mozilla\Firefox\Profiles\kvudmyif.default user_pref("browser.startup.homepage", "https://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-03-17 02:12:57&bName="); user_pref("browser.newtab.url", "https://securesearch.org/homepage?hp=2&pId=BT171004&iDate=2020-03-17 02:12:57&bName="); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi" [] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Odimar\AppData\Roaming\Mozilla\Firefox\Profiles\kvudmyif.default - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Odimar\AppData\Roaming\Mozilla\Firefox\Profiles\kvudmyif.default - C:\Program Files x86\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll - [?] - C:\Program Files x86\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll - [?] - C:\Users\Odimar\AppData\Roaming\Zoom\bin\npzoomplugin.dll - [?] - C:\PROGRA1\MICROS1\Office14\NPAUTHZ.DLL - [?] - C:\PROGRAM FILES X86\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll - [?] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ahkjpbeeocnddjkakilopmfdlnjdpcdm - https://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm[] dhancbnhabhandieicagelcddkdfgoif - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.23.6.7836\BVDChromeExt.crx[15/06/2021 15:43] Kaspersky Protection - Odimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm iCloud Bookmarks - Odimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah Chrome Web Store Payments - Odimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Slides - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Kaspersky Protection - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm Docs - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Sheets - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Odimar\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Slides - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Kaspersky Protection - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm Docs - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Foxit PDF Creator - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci Sheets - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Odimar\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Slides - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Kaspersky Protection - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm Docs - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Sheets - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Odimar\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Kaspersky Protection - Odimar\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm Rich Hints Agent - Odimar\Appdata\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://securesearch.org/homepage?hp=2&pId=BT171101&iDate=2020-07-30 02:08:48&bName=" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{F1B921F2-B80A-4CA5-8A22-CB01536190D9}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{F1B921F2-B80A-4CA5-8A22-CB01536190D9} - http://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE HKLM\Wow6432Node\SearchScopes "DefaultScope"="{F1B921F2-B80A-4CA5-8A22-CB01536190D9}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{F1B921F2-B80A-4CA5-8A22-CB01536190D9} - http://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 HKCU\SearchScopes\{F1B921F2-B80A-4CA5-8A22-CB01536190D9} - No_Url_Value ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{256e2bd6-e822-40f9-8b0a-56f0dd3d9374}: NameServer = 8.8.8.8,8.8.8.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{a4c1475b-3a31-4726-8e79-52a1815a7c13}: NameServer = 8.8.8.8,8.8.4.4 ==== EOF on 21/10/2021 at 23:15:57,76 ======================