ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by Cliente on 27/11/2021 at 18:23:26,27. Microsoft Windows 10 Pro 10.0.19044 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Cliente\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe C:\Program Files\WindowsApps\12030rocksdanister.LivelyWallpaper_1.0.50.0_x86__97hta09mmv6hy\livelywpf\livelywpf.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Users\Cliente\AppData\Local\Temp\ZAScan.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" [HKEY_USERS\S-1-5-21-4251501590-2440355686-2544988780-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "Web Companion"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize " "utweb"="C:\Users\Cliente\AppData\Roaming\uTorrent Web\utweb.exe /MINIMIZED" "Discord"="C:\Users\Cliente\AppData\Local\Discord\Update.exe --processStart Discord.exe" "EpicGamesLauncher"="C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent" "Windscribe"="C:\Program Files (x86)\Windscribe\Windscribe.exe -os_restart" "Opera GX Browser Assistant"="C:\Users\Cliente\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe" "Spotify"="C:\Users\Cliente\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" "Opera Browser Assistant"="C:\Users\Cliente\AppData\Local\Programs\Opera\assistant\browser_assistant.exe" [HKEY_USERS\S-1-5-21-4251501590-2440355686-2544988780-1001\SOFTWARE\Classes\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" [HKEY_USERS\S-1-5-21-4251501590-2440355686-2544988780-1001_Classes\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" "Web Companion"="C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize " "utweb"="C:\Users\Cliente\AppData\Roaming\uTorrent Web\utweb.exe /MINIMIZED" "Discord"="C:\Users\Cliente\AppData\Local\Discord\Update.exe --processStart Discord.exe" "EpicGamesLauncher"="C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent" "Windscribe"="C:\Program Files (x86)\Windscribe\Windscribe.exe -os_restart" "Opera GX Browser Assistant"="C:\Users\Cliente\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe" "Spotify"="C:\Users\Cliente\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized" "GoogleDriveFS"="C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe --startup_mode" "Opera Browser Assistant"="C:\Users\Cliente\AppData\Local\Programs\Opera\assistant\browser_assistant.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\Avast Software\Avast\AvLaunch.exe /gui" "RtkAudUService"="C:\Windows\System32\RtkAudUService64.exe -background" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD Crash Defender Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BEService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DriverUpdSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EasyAntiCheat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EpicOnlineServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GoogleChromeElevationService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\KMS-R@1n] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RtkAudioUniversalService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WCAssistantService] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\Windows\explorer.exe [26/11/2021 17:29] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\AMDInstallLauncher" [C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe] "C:\Windows\SysNative\tasks\AMDLinkUpdate" [C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe] "C:\Windows\SysNative\tasks\AMDRyzenMasterSDKTask" ["C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe"] "C:\Windows\SysNative\tasks\Avast Emergency Update" [C:\Program Files\Avast Software\Avast\AvEmUpdate.exe] "C:\Windows\SysNative\tasks\CCleaner Update" [C:\Program Files\CCleaner\CCUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Opera GX scheduled assistant Autoupdate 1631534628" [C:\Users\Cliente\AppData\Local\Programs\Opera GX\launcher.exe] "C:\Windows\SysNative\tasks\Opera GX scheduled Autoupdate 1630351742" [C:\Users\Cliente\AppData\Local\Programs\Opera GX\launcher.exe] "C:\Windows\SysNative\tasks\Opera scheduled assistant Autoupdate 1623706573" [C:\Users\Cliente\AppData\Local\Programs\Opera\launcher.exe] "C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1623706571" [C:\Users\Cliente\AppData\Local\Programs\Opera\launcher.exe] "C:\Windows\SysNative\tasks\StartCN" ["C:\Program Files\AMD\CNext\CNext\cncmd.exe"] "C:\Windows\SysNative\tasks\StartDVR" ["C:\Program Files\AMD\CNext\CNext\RSServCmd.exe"] "C:\Windows\SysNative\tasks\Agent Activation Runtime\S-1-5-21-4251501590-2440355686-2544988780-1001" [C:\Windows\System32\AgentActivationRuntimeStarter.exe] "C:\Windows\SysNative\tasks\Avast Software\Overseer" [C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe] "C:\Windows\SysNative\tasks\R@1n-KMS\Windows64Professional" [wmic] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi" [] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi" [] ==== Firefox XPI-files found: ====================== - Web Companion Extension - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Extension\@wcextensionff.xpi ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions ahkjpbeeocnddjkakilopmfdlnjdpcdm - https://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm[] mfhcmdonhekjhfbjmeacdjbhlfgpjabp - No path found[] Kaspersky Protection - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm Dark - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Remote Desktop - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai Chrome Web Store Payments - Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Kaspersky Protection - Cliente\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm Rich Hints Agent - Cliente\Appdata\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk Safe Torrent Scanner - Cliente\Appdata\Roaming\Opera Software\Opera Stable\Extensions\gpabaecgmgbeapjghcfhohnbljcocknl ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\BHO\ie_to_edge_bho.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll ==== EOF on 27/11/2021 at 18:28:02,63 ======================