ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by celoc on 20/11/2021 at 23:16:33,15. Microsoft Windows 11 Home Single Language 10.0.22000 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\celoc\Downloads\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe C:\Program Files\Samsung\sService\sServiceKeyMonitor.exe C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe C:\Tweaks\RoundedTB_R3\RoundedTB.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\celoc\AppData\Local\Temp\ZAScan.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3942932795-2033351287-3184112979-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\celoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "LGHUB"="C:\Program Files\LGHUB\lghub.exe --background" "com.squirrel.slack.slack"="C:\Users\celoc\AppData\Local\slack\slack.exe --process-start-args --startup" "Amazon Music Helper"="C:\Users\celoc\AppData\Local\Amazon Music\Amazon Music Helper.exe" "Opera Browser Assistant"="C:\Users\celoc\AppData\Local\Programs\Opera\assistant\browser_assistant.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-21-3942932795-2033351287-3184112979-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Delete Cached Update Binary"="C:\WINDOWS\system32\cmd.exe /q /c del /q C:\Users\celoc\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" "Delete Cached Standalone Update Binary"="C:\WINDOWS\system32\cmd.exe /q /c del /q C:\Users\celoc\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" "Uninstall 21.205.1003.0005"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\celoc\AppData\Local\Microsoft\OneDrive\21.205.1003.0005" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\celoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "LGHUB"="C:\Program Files\LGHUB\lghub.exe --background" "com.squirrel.slack.slack"="C:\Users\celoc\AppData\Local\slack\slack.exe --process-start-args --startup" "Amazon Music Helper"="C:\Users\celoc\AppData\Local\Amazon Music\Amazon Music Helper.exe" "Opera Browser Assistant"="C:\Users\celoc\AppData\Local\Programs\Opera\assistant\browser_assistant.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Delete Cached Update Binary"="C:\WINDOWS\system32\cmd.exe /q /c del /q C:\Users\celoc\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" "Delete Cached Standalone Update Binary"="C:\WINDOWS\system32\cmd.exe /q /c del /q C:\Users\celoc\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" "Uninstall 21.205.1003.0005"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\celoc\AppData\Local\Microsoft\OneDrive\21.205.1003.0005" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}"="C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\Installer\setup.exe --msedgewebview --delete-old-versions --system-level --verbose-logging --on-logon" ==== Startup Folders ====================== 2021-09-06 18:50:19 1771 ----a-w- C:\Users\celoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk 2021-10-27 17:37:48 1679 ----a-w- C:\Users\celoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RoundedTB.lnk ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\ColorEngine" ["C:\Program Files\Samsung\ColorEngine\ColorEngine.exe"] "C:\WINDOWS\SysNative\tasks\ColorSettings" ["C:\Program Files\Samsung\ColorEngine\SetParam3264.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-3942932795-2033351287-3184112979-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-3942932795-2033351287-3184112979-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-615813026-2011834896-3341451427-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-834016555-1465169623-4214689632-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\Opera scheduled assistant Autoupdate 1633808223" [C:\Users\celoc\AppData\Local\Programs\Opera\launcher.exe] "C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1633808216" [C:\Users\celoc\AppData\Local\Programs\Opera\launcher.exe] "C:\WINDOWS\SysNative\tasks\RtkAudUService64_BG" [""C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_12da6ad5ef67a6ed\RtkAudUService64.exe""] "C:\WINDOWS\SysNative\tasks\Agent Activation Runtime\S-1-5-21-3942932795-2033351287-3184112979-1001" [C:\Windows\System32\AgentActivationRuntimeStarter.exe] "C:\WINDOWS\SysNative\tasks\Samsung\Recovery8\BulletUserModeWorker" ["C:\Program Files\Samsung\Recovery\BulletUserModeWorker.exe"] "C:\WINDOWS\SysNative\tasks\Samsung\SamsungPCCleaner\SecurityCheck" ["%programfiles%\Samsung\Samsung PC Cleaner 2 Service\SecurityAppChecker.exe"] ==== Chromium Look ====================== Slides - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Just Black - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab BTTV - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped Sheets - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Vysor - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm Dark - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom nightTab - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpcadigjkbcpnlcpbcohpafiaefanki Méliuz Cashback e cupons em suas compras - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg Volume Master - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jghecgabfgfdldnmbfkhmffcabddioke Chrome Web Store Payments - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Enhancer for YouTube™ - celoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle BTTV - celoc\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb BTTV - celoc\Appdata\Roaming\Opera Software\Opera Stable\Extensions\ajopnjidmegmdimjlfnijceegpefgped Rich Hints Agent - celoc\Appdata\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk Amazon Assistant Promotion - celoc\Appdata\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk Install Chrome Extensions - celoc\Appdata\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi Enhancer for YouTube™ - celoc\Appdata\Roaming\Opera Software\Opera Stable\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/?pc=SMTE" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{791EFDD8-2D09-4605-8A97-61B71535963A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\SearchScopes\{791EFDD8-2D09-4605-8A97-61B71535963A} - http://www.bing.com/search?q={searchTerms}&form=PRSMS1&src=IE11TR&pc=SMTE HKLM\Wow6432Node\SearchScopes "DefaultScope"="{791EFDD8-2D09-4605-8A97-61B71535963A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes\{791EFDD8-2D09-4605-8A97-61B71535963A} - http://www.bing.com/search?q={searchTerms}&form=PRSMS1&src=IE11TR&pc=SMTE ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.53\BHO\ie_to_edge_bho.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll ==== EOF on 20/11/2021 at 23:17:54,39 ======================