Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version) Tool run by gusta on 16/11/2021 at 14:15:53,90. Microsoft Windows 10 Pro 10.0.19043 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\gusta\Desktop\zoek\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Windows\system32\PnkBstrA.exe C:\Program Files (x86)\scpbrad\scpbradserv.exe D:\Program Files (x86)\Origin\OriginWebHelperService.exe C:\Program Files (x86)\scpbrad\scpbradguard.exe D:\Program Files (x86)\3RVX\3RVX.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\gusta\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AMD Crash Defender Service] - AMD Crash Defender Service - c:\windows\system32\amdfendrsr.exe R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\driverstore\filerepository\u0372232.inf_amd64_1e947f831d2ae36a\b372131\atiesrxx.exe R2 - [LGHUBUpdaterService] - LGHUB Updater Service - c:\program files\lghub\lghub_updater.exe R2 - [Origin Web Helper Service] - Origin Web Helper Service - d:\program files (x86)\origin\originwebhelperservice.exe R2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe R2 - [scpbradserv] - Componente de Segurança Bradesco - c:\program files (x86)\scpbrad\scpbradserv.exe R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\sgrmbroker.exe R2 - [WinDefend] - Serviço Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2110.6-0\msmpeng.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [SecurityHealthService] - Serviço de Segurança do Windows - c:\windows\system32\securityhealthservice.exe S2 - [edgeupdate] - Serviço Microsoft Edge Update (edgeupdate) - c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [BEService] - BattlEye Service - c:\program files (x86)\common files\battleye\beservice.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [EasyAntiCheat] - EasyAntiCheat - c:\program files (x86)\easyanticheat\easyanticheat.exe S3 - [EasyAntiCheat_EOS] - Easy Anti-Cheat (Epic Online Services) - c:\program files (x86)\easyanticheat_eos\easyanticheat_eos.exe S3 - [edgeupdatem] - Serviço Microsoft Edge Update (edgeupdatem) - c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [MicrosoftEdgeElevationService] - Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - c:\program files (x86)\microsoft\edge\application\95.0.1020.53\elevation_service.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [Origin Client Service] - Origin Client Service - d:\program files (x86)\origin\originclientservice.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [perceptionsimulation] - Serviço de Simulação de Percepção do Windows - c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [Rockstar Service] - Rockstar Game Library Service - c:\program files\rockstar games\launcher\rockstarservice.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [Sense] - Serviço Proteção Avançada contra Ameaças do Windows Defender - c:\program files\windows defender advanced threat protection\mssense.exe S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common files\steam\steamservice.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2110.6-0\nissrv.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe S4 - [UevAgentService] - Serviço de User Experience Virtualization - c:\windows\system32\agentservice.exe S4 - [uhssvc] - Microsoft Update Health Service - c:\program files\microsoft update health tools\uhssvc.exe [x] ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-2175380699-2852125328-1652107485-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" "3RVX"="D:\Program Files (x86)\3RVX\3RVX.exe" "EADM"="D:\Program Files (x86)\Origin\Origin.exe -AutoStart" "LGHUB"="C:\Program Files\LGHUB\lghub.exe --background" "EpicGamesLauncher"="D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent" "Opera GX Browser Assistant"="C:\Users\gusta\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe" "InputMapper"="C:\Program Files (x86)\DSDCS\InputMapper 1.7\InputMapper.exe" "Spotify"="C:\Users\gusta\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe CCXProcess"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" "3RVX"="D:\Program Files (x86)\3RVX\3RVX.exe" "EADM"="D:\Program Files (x86)\Origin\Origin.exe -AutoStart" "LGHUB"="C:\Program Files\LGHUB\lghub.exe --background" "EpicGamesLauncher"="D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent" "Opera GX Browser Assistant"="C:\Users\gusta\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe" "InputMapper"="C:\Program Files (x86)\DSDCS\InputMapper 1.7\InputMapper.exe" "Spotify"="C:\Users\gusta\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " ==== Startup Folders ====================== 2021-06-17 02:20:01 1911 ----a-w- C:\Users\gusta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Peace.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\Windows\explorer.exe [02/10/2021 11:43] C:\Windows\tasks\{E42A4987-1F86-4E8F-A708-60CAAC1E3DA7}.job --ah------- C:\Users\gusta\Desktop\InputMapper1.7.7452.13622 1.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\AMDInstallLauncher" [C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe] "C:\Windows\SysNative\tasks\AMDLinkUpdate" [C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe] "C:\Windows\SysNative\tasks\AMDRyzenMasterSDKTask" ["C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe"] "C:\Windows\SysNative\tasks\Intelligent StandbyList Cleaner" [C:\Users\gusta\Desktop\ISLC v1.0.2.5\Intelligent standby list cleaner ISLC.exe] "C:\Windows\SysNative\tasks\Nahimic2Svc32Run" ["C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe"] "C:\Windows\SysNative\tasks\Nahimic2Svc64Run" ["C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe"] "C:\Windows\SysNative\tasks\Nahimic2UILauncherRun" ["C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe"] "C:\Windows\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-2175380699-2852125328-1652107485-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\Windows\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-2464130120-637945719-2359423561-500" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] "C:\Windows\SysNative\tasks\Opera GX scheduled assistant Autoupdate 1615929884" [C:\Users\gusta\AppData\Local\Programs\Opera GX\launcher.exe] "C:\Windows\SysNative\tasks\Opera GX scheduled Autoupdate 1607401374" [C:\Users\gusta\AppData\Local\Programs\Opera GX\launcher.exe] "C:\Windows\SysNative\tasks\StartCN" ["C:\Program Files\AMD\CNext\CNext\cncmd.exe"] "C:\Windows\SysNative\tasks\StartCNBM" ["C:\Program Files\AMD\CNext\CNext\cncmd.exe"] "C:\Windows\SysNative\tasks\StartDVR" ["C:\Program Files\AMD\CNext\CNext\RSServCmd.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{856D7BDD-6A27-4F68-8F4E-56AD56C65AAF}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{E42A4987-1F86-4E8F-A708-60CAAC1E3DA7}" [C:\Users\gusta\Desktop\InputMapper1.7.7452.13622 (1).exe] ==== Chromium Look ====================== Slides - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Docs - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo uBlock₀ - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm Dark Reader - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh Sheets - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.53\BHO\ie_to_edge_bho.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL ==== EOF on 16/11/2021 at 14:16:58,98 ======================