Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version) Tool run by FBFE on 05/07/2019 at 10:09:49,50. Microsoft Windows 10 Home 10.0.18362 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\fabri\AppData\Local\Temp\Temp1_zoek.zip\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe C:\Users\fabri\AppData\Local\Discord\app-0.0.305\Discord.exe C:\Users\fabri\AppData\Local\Discord\app-0.0.305\Discord.exe C:\Users\fabri\AppData\Local\Discord\app-0.0.305\Discord.exe C:\Users\fabri\AppData\Local\Discord\app-0.0.305\Discord.exe C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe D:\Program Files\Nox\bin\nox_adb.exe D:\Program Files\Nox\bin\Nox.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\fabri\AppData\Local\Temp\NirCmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AVP19.0.0] - Serviço do Kaspersky Anti-Virus 19.0.0 - c:\program files (x86)\kaspersky lab\kaspersky free 19.0.0\avp.exe R2 - [KSDE3.0.0] - Serviço do Kaspersky Secure Connection 3.0.0 - c:\program files (x86)\kaspersky lab\kaspersky secure connection 3.0\ksde.exe R2 - [LogiRegistryService] - Logitech Gaming Registry Service - c:\program files\logitech gaming software\drivers\aposervice\logiregistryservice.exe R2 - [NvContainerLocalSystem] - NVIDIA LocalSystem Container - c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe R2 - [NVDisplay.ContainerLocalSystem] - NVIDIA Display Container LS - c:\program files\nvidia corporation\display.nvcontainer\nvdisplay.container.exe R2 - [NvTelemetryContainer] - NVIDIA Telemetry Container - c:\program files\nvidia corporation\nvtelemetry\nvtelemetrycontainer.exe R2 - [RtkAudioUniversalService] - Realtek Audio Universal Service - c:\windows\system32\rtkauduservice64.exe R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\sgrmbroker.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe R3 - [SecurityHealthService] - Serviço de Segurança do Windows - c:\windows\system32\securityhealthservice.exe R3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe R3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service - c:\program files (x86)\google\chrome\application\75.0.3770.100\elevation_service.exe S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [klvssbridge64_19.0.0] - klvssbridge64_19.0.0 - c:\program files (x86)\kaspersky lab\kaspersky free 19.0.0\x64\vssbridge64.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [NvContainerNetworkService] - NVIDIA NetworkService Container - c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe S3 - [perceptionsimulation] - Serviço de Simulação de Percepção do Windows - c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender Antivirus - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Serviço Windows Defender Antivirus - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1418657651-1466659309-284076109-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\fabri\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Discord"="C:\Users\fabri\AppData\Local\Discord\app-0.0.305\Discord.exe" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "NoxDaemon"="C:\Users\fabri\AppData\Roaming\NoxSrv\NoxSrv.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\fabri\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" "Discord"="C:\Users\fabri\AppData\Local\Discord\app-0.0.305\Discord.exe" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "NoxDaemon"="C:\Users\fabri\AppData\Roaming\NoxSrv\NoxSrv.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" "RtkAudUService"="C:\WINDOWS\System32\RtkAudUService64.exe -background" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\SysNative\tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe] "C:\WINDOWS\SysNative\tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe] "C:\WINDOWS\SysNative\tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" ["C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"] "C:\WINDOWS\SysNative\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe] "C:\WINDOWS\SysNative\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe] "C:\WINDOWS\SysNative\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe] "C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe] "C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe] "C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe] "C:\WINDOWS\SysNative\tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" [C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe] "C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-1418657651-1466659309-284076109-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\WINDOWS\SysNative\tasks\Opera scheduled Autoupdate 1562251747" [C:\Users\fabri\AppData\Local\Programs\Opera\launcher.exe] "C:\WINDOWS\SysNative\tasks\WiperSoft Startup" ["C:\Program Files\WiperSoft\wipersoft.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi" [04/07/2019 11:10] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi" [04/07/2019 11:10] ==== Firefox XPI-files found: ====================== - __MSG_ExtensionName__ - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi ==== Chromium Look ====================== Google Chrome Version: 75.0.3770.100 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions amkpcclbbgegoafihnpgomddadjhcadd - https://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd[] Slides - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Kaspersky Protection - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd Docs - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Sheets - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - fabri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= ==== EOF on 05/07/2019 at 10:11:52,44 ======================