ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by del_bone on 20/01/2022 at 17:13:36,04. Microsoft Windows 10 Pro 10.0.19043 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\rabar\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\Avira\Antivirus\sched.exe C:\Program Files (x86)\Avira\Antivirus\avguard.exe C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe C:\Program Files (x86)\scpbrad\scpbradserv.exe C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe C:\Program Files (x86)\scpbrad\scpbradguard.exe C:\Program Files (x86)\Avira\Antivirus\avgnt.exe C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe C:\Program Files (x86)\Avira\Antivirus\avgnt.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\rabar\AppData\Local\Temp\ZAScan.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-652207974-1608278505-3514412468-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Lync"="C:\Program Files\Microsoft Office\root\Office16\lync.exe /fromrunkey" [HKEY_USERS\S-1-5-21-652207974-1608278505-3514412468-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OPENVPN-GUI"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" "OneDrive"="C:\Users\ligia\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "MicrosoftEdgeAutoLaunch_8034C7563A62DB6EE0E2548078706C1A"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5" [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Avira System Speedup User Starter"="C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" "PDFPrint"="C:\Program Files (x86)\PDF24\pdf24.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Lync"="C:\Program Files\Microsoft Office\root\Office16\lync.exe /fromrunkey" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtkAudUService"="C:\WINDOWS\System32\RtkAudUService64.exe -background" "SACMonitor"="C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\AviraSystemSpeedupUpdate" ["C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe"] "C:\WINDOWS\SysNative\tasks\Avira_Antivirus_Systray" ["C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"] "C:\WINDOWS\SysNative\tasks\Avira_Security_Maintenance" [C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe] "C:\WINDOWS\SysNative\tasks\Avira_Security_Service_SCM_Watchdog" [C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe] "C:\WINDOWS\SysNative\tasks\Avira_Security_Systray" [C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe] "C:\WINDOWS\SysNative\tasks\Avira_Security_Update" ["C:\WINDOWS\system32\net.exe"] "C:\WINDOWS\SysNative\tasks\CCleaner Update" [C:\Program Files\CCleaner\CCUpdate.exe] "C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\klcp_update" ["C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"] "C:\WINDOWS\SysNative\tasks\OneDrive Reporting Task-S-1-5-21-652207974-1608278505-3514412468-1006" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-1957338896-3609531215-2521684942-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-652207974-1608278505-3514412468-1002" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-652207974-1608278505-3514412468-1006" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-652207974-1608278505-3514412468-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\Online_KMS_Activation_Script-Renewal" [%windir%\Online_KMS_Activation_Script\Online_KMS_Activation_Script-Renewal.cmd] "C:\WINDOWS\SysNative\tasks\Avira\System Speedup\TestScheduler" ["C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"] "C:\WINDOWS\SysNative\tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" [C:\Program Files\Mozilla Firefox\default-browser-agent.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\rabar\AppData\Roaming\Mozilla\Firefox\Profiles\gbzqbqas.default-release - Undetermined - %ProfilePath%\extensions\staged - Dark Reader - %ProfilePath%\extensions\addon@darkreader.org.xpi - short_ SteamDB - %ProfilePath%\extensions\firefox-extension@steamdb.info.xpi - __MSG_extensionName__ - %ProfilePath%\extensions\jid1-93WyvpgvxzGATw@jetpack.xpi - Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi - theme: images: theme_frame: tbox-groovy_blue.jpg colors: frame: 6699ff tab_background_text: 07188d version: 2.0 Groovy Blue manifest_version: 2 - %ProfilePath%\extensions\{6149213c-39c0-4bad-8ffa-f0bff06e96f8}.xpi - NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - theme: images: theme_frame: 1232849758499.jpg colors: frame: 000000 tab_background_text: ffffff version: 2.0 Dark Fox manifest_version: 2 description: My dark version of the Firefox logo. - %ProfilePath%\extensions\{e7fe4ffe-f256-4f85-906d-072fdd698585}.xpi ProfilePath: C:\Users\rabar\AppData\Roaming\Mozilla\Firefox\Profiles\pv583qgr.default - Undetermined - %ProfilePath%\extensions\passwordmanager@avira.com ==== Firefox Plugins ====================== Profilepath: C:\Users\rabar\AppData\Roaming\Mozilla\Firefox\Profiles\gbzqbqas.default-release E844DCA9A2E757AF9E3EB7BE673C2F59 - C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL - Microsoft Office 50191EDEB9FB6DD67CE393D0DF7E07DE - C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U231 DDC2719698132823FEB37746D3EEAAD6 - C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.2310.11 ==== Chromium Look ====================== Google Chrome Version: 97.0.4692.71 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions caljgklbbfbcjjanaijlacgncafpegll - No path found[] ccbpbkebodcjkknkfkpmfeciinhidaeh - No path found[] Slides - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Docs - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Avira Password Manager - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll Avira Safe Shopping - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh Sheets - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - ligia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Slides - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Docs - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Avira Safe Shopping - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh Escorrega O Preço - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecikoeehpobhkjagenjmldoehmcmeioo Sheets - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - rabar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Avira Browser Safety - rabar\Appdata\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo Avira Password Manager - rabar\Appdata\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg Free Avira Phantom VPN Unblock Websites - rabar\Appdata\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.62\BHO\ie_to_edge_bho.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll ==== EOF on 20/01/2022 at 17:18:33,61 ======================