ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by TovÆo on 19/01/2020 at 19:58:53,42. Microsoft Windows 10 Pro 10.0.10586 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\TOVO~1\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\dwm.exe C:\WINDOWS\System32\spoolsv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\taskhostw.exe C:\WINDOWS\system32\sihost.exe C:\WINDOWS\Explorer.EXE C:\Windows\System32\RuntimeBroker.exe C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Tovão\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\WINDOWS\system32\ApplicationFrameHost.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe C:\WINDOWS\system32\browser_broker.exe C:\Program Files\Windows Defender\MpCmdRun.exe C:\WINDOWS\system32\taskhostw.exe C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe C:\Program Files\Stellar Data Recovery Professional\StellarSMART.exe C:\WINDOWS\servicing\TrustedInstaller.exe C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_39c65e1db9443c5f\TiWorker.exe C:\WINDOWS\system32\vssvc.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\conhost.exe C:\Users\TOVO~1\AppData\Local\Temp\NirCmd.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k utcsvc C:\WINDOWS\system32\svchost.exe -k appmodel C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup C:\WINDOWS\System32\svchost.exe -k swprv ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [WinDefend] - Serviço Windows Defender - c:\program files\windows defender\msmpeng.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe R3 - [VSS] - Cópia sombra de volume - c:\windows\system32\vssvc.exe R3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender - c:\program files\windows defender\nissrv.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S3 - [ALG] - Serviço de gateway de camada de aplicação - c:\windows\system32\alg.exe S3 - [COMSysApp] - Aplicação de sistema COM+ - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Serviço de Recolha do Concentrador de Diagnóstico Padrão Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [IEEtwCollectorService] - Serviço Coletor ETW do Internet Explorer - c:\windows\system32\ieetwcollector.exe S3 - [MSDTC] - Coordenador de Transações Distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [RpcLocator] - Localizador de 'Chamada de procedimento remoto' (RPC) - c:\windows\system32\locator.exe S3 - [SensorDataService] - Serviço de Dados de Sensores - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - Trap SNMP - c:\windows\system32\snmptrap.exe S3 - [TieringEngineService] - Gestão de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [wbengine] - Serviço do Motor de Cópia de Segurança de Nível de Bloqueio - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Partilha de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-3571650742-596406982-1808504144-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\TovÆo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\TovÆo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 ==== EOF on 19/01/2020 at 20:02:00,72 ======================