ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by piqua on 16/11/2019 at 11:22:48,90. Microsoft Windows 10 Pro 10.0.17763 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\piqua\OneDrive\Įrea de Trabalho\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\fontdrvhost.exe C:\WINDOWS\System32\spoolsv.exe C:\Program Files\Elantech\ETDService.exe C:\WINDOWS\system32\dashost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\WinLogon.exe C:\WINDOWS\System32\dwm.exe C:\WINDOWS\System32\fontdrvhost.exe C:\WINDOWS\system32\sihost.exe C:\WINDOWS\system32\taskhostw.exe C:\Program Files\Elantech\ETDCtrl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Elantech\ETDCtrlHelper.exe C:\WINDOWS\system32\DllHost.exe C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.91.0_x86__kzf8qxf38zg5c\SkypeApp.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe C:\WINDOWS\system32\ApplicationFrameHost.exe C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.91.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19102.525.0_x86__8wekyb3d8bbwe\YourPhone.exe C:\Windows\System32\RuntimeBroker.exe C:\WINDOWS\system32\SettingSyncHost.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\System32\smartscreen.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\piqua\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\piqua\AppData\Local\Microsoft\OneDrive\19.174.0902.0013\FileCoAuth.exe C:\Windows\System32\RuntimeBroker.exe C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.91.0_x86__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.9.0_x86__8wekyb3d8bbwe\WinStore.App.exe C:\Windows\System32\RuntimeBroker.exe C:\WINDOWS\system32\taskhostw.exe C:\WINDOWS\system32\AUDIODG.EXE C:\WINDOWS\system32\DllHost.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe C:\WINDOWS\system32\browser_broker.exe C:\Windows\System32\MicrosoftEdgeCP.exe C:\WINDOWS\system32\MicrosoftEdgeSH.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\conhost.exe C:\Users\piqua\AppData\Local\Temp\ZAScan.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p C:\WINDOWS\system32\svchost.exe -k RPCSS -p C:\WINDOWS\system32\svchost.exe -k netsvcs -p C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p C:\WINDOWS\system32\svchost.exe -k LocalService -p C:\WINDOWS\system32\svchost.exe -k appmodel -p C:\WINDOWS\System32\svchost.exe -k NetworkService -p C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p C:\WINDOWS\system32\svchost.exe -k LocalService -p C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [ETDService] - Elan Service - c:\program files\elantech\etdservice.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [gupdate] - ServiƧo do Google Update (gupdate) - c:\program files\google\update\googleupdate.exe S2 - [sppsvc] - ProteĆ§Ć£o de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - ServiƧo Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\system32\intelcphecisvc.exe S3 - [diagnosticshub.standardcollector.service] - ServiƧo Coletor de PadrƵes de Hub de DiagnĆ³stico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service - c:\program files\google\chrome\application\78.0.3904.97\elevation_service.exe S3 - [gupdatem] - ServiƧo do Google Update (gupdatem) - c:\program files\google\update\googleupdate.exe S3 - [MSDTC] - Coordenador de transaƧƵes distribuĆ­das - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [perceptionsimulation] - ServiƧo de SimulaĆ§Ć£o de PercepĆ§Ć£o do Windows - c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [SensorDataService] - ServiƧo de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - InterceptaĆ§Ć£o SNMP - c:\windows\system32\snmptrap.exe S3 - [spectrum] - ServiƧo de PercepĆ§Ć£o do Windows - c:\windows\system32\spectrum.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Instalador de MĆ³dulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - CĆ³pia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - ServiƧo de Mecanismo de Backup em NĆ­vel de Bloco - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - ServiƧo de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe S4 - [UevAgentService] - ServiƧo de User Experience Virtualization - c:\windows\system32\agentservice.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys R0 - [Disk] - Driver de disco - C:\WINDOWS\system32\Drivers\Disk.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys R0 - [intelpep] - Driver Intel(R) Power Engine Plug-in - C:\WINDOWS\system32\Drivers\intelpep.sys R0 - [iorate] - Driver do Filtro de Taxa de E/S de Disco - C:\WINDOWS\system32\Drivers\iorate.sys R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys R0 - [MsSecFlt] - Minifiltro do Componente de Eventos de SeguranƧa da Microsoft - C:\WINDOWS\system32\Drivers\MsSecFlt.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys R0 - [partmgr] - Driver de partiĆ§Ć£o - C:\WINDOWS\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys R0 - [spaceport] - Driver de EspaƧos de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys R0 - [storahci] - Driver AHCI SATA PadrĆ£o da Microsoft - C:\WINDOWS\system32\Drivers\storahci.sys R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume DinĆ¢mico - C:\WINDOWS\system32\Drivers\volmgrx.sys R0 - [volsnap] - Driver de CĆ³pia de Sombra de Volume - C:\WINDOWS\system32\Drivers\volsnap.sys R0 - [volume] - Driver do volume - C:\WINDOWS\system32\Drivers\volume.sys R0 - [Wdf01000] - ServiƧo de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys R0 - [WindowsTrustedRTProxy] - ServiƧo de ProteĆ§Ć£o de Tempo de ExecuĆ§Ć£o ConfiĆ”vel do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys S0 - [WdBoot] - Driver de InicializaĆ§Ć£o do Windows Defender Antivirus - C:\WINDOWS\system32\Drivers\WdBoot.sys S3 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-894518286-3901564530-2163801740-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\piqua\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " "ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\piqua\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" ==== Other Scheduled Tasks ====================== "C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task-S-1-5-21-894518286-3901564530-2163801740-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe] ==== Chromium Look ====================== Slides - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Docs - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Sheets - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - piqua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 ==== EOF on 16/11/2019 at 11:26:27,92 ======================