
ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version)
Tool run by erica on 13/05/2021 at 14:01:36,26.
Microsoft Windows 10 Home Single Language 10.0.19042  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\erica\Desktop\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\WINDOWS\windefender.exe
C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
C:\Users\erica\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\WINDOWS\rss\csrss.exe
C:\Users\erica\AppData\Local\Temp\csrss\ww31.exe
C:\Users\erica\AppData\Local\Temp\csrss\mg20201223-1.exe
C:\Users\erica\AppData\Local\Temp\csrss\ml20201223.exe
C:\WINDOWS\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
C:\WINDOWS\Lenovo\iMController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Users\erica\AppData\Local\Temp\NirCmd.exe

==== Services(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [ClickToRunSvc] - Serviço Clique para Executar do Microsoft Office - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe
R2 - [cplspcon] - Intel(R) Content Protection HDCP Service - c:\windows\system32\driverstore\filerepository\iigd_dch.inf_amd64_a634af1513618033\intelcphdcpsvc.exe
R2 - [DolbyDAXAPI] - Dolby DAX API Service - c:\windows\system32\dolbyaposvc\dax3api.exe
R2 - [esifsvc] - Intel(R) Dynamic Tuning service - c:\windows\system32\driverstore\filerepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe
R2 - [ETDService] - ELAN Service - c:\windows\system32\etdservice.exe
R2 - [FMAPOService] - Fortemedia APO Control Service - c:\windows\system32\fmservice64.exe
R2 - [igccservice] - Intel(R) Graphics Command Center Service - c:\windows\system32\driverstore\filerepository\igcc_dch.inf_amd64_a9a2dde7124f013f\oneapp.igcc.winservice.exe
R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxcuiservicen.exe
R2 - [ImControllerService] - System Interface Foundation Service - c:\windows\lenovo\imcontroller\service\lenovo.modern.imcontroller.exe
R2 - [IntelAudioService] - Intel(R) Audio Service - c:\windows\system32\cavs\ias\intelaudioservice.exe
R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\windows\system32\driverstore\filerepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
R2 - [LITSSVC] - Lenovo Notebook ITS Service - c:\windows\system32\lnbitssvc.exe
R2 - [RstMwService] - Intel(R) Storage Middleware Service - c:\windows\system32\driverstore\filerepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\rstmwservice.exe
R2 - [RtkAudioUniversalService] - Realtek Audio Universal Service - c:\windows\system32\rtkauduservice64.exe
R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\sgrmbroker.exe
R2 - [WinDefend] - Serviço Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2104.9-0\msmpeng.exe
R2 - [WinDefender] - Windows Defender Helper Service - c:\windows\windefender.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [SecurityHealthService] - Serviço de Segurança do Windows - c:\windows\system32\securityhealthservice.exe
R3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S2 - [edgeupdate] - Serviço Microsoft Edge Update (edgeupdate) - c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
S2 - [Intel(R) TPM Provisioning Service] - Intel(R) TPM Provisioning Service - c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\tpmprovisioningservice.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe
S3 - [edgeupdatem] - Serviço Microsoft Edge Update (edgeupdatem) - c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\socketheciserver.exe
S3 - [MicrosoftEdgeElevationService] - Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - c:\program files (x86)\microsoft\edge\application\90.0.818.56\elevation_service.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [perceptionsimulation] - Serviço de Simulação de Percepção do Windows - c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe
S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2104.9-0\nissrv.exe
S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe
S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe
S4 - [uhssvc] - Microsoft Update Health Service - c:\program files\microsoft update health tools\uhssvc.exe

==== Drivers(whitelist) ======================
Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]


==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-1796238325-1381038867-2487577432-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\erica\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"RedRiver"="C:\WINDOWS\rss\csrss.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\erica\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"RedRiver"="C:\WINDOWS\rss\csrss.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtkAudUService"="C:\WINDOWS\System32\RtkAudUService64.exe -background"
"SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe "

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\csrss" [C:\WINDOWS\rss\csrss.exe]
"C:\WINDOWS\SysNative\tasks\Firefox Default Browser Agent 300C4C217599D3EA" [C:\Users\erica\AppData\Roaming\sweewwr]
"C:\WINDOWS\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-1796238325-1381038867-2487577432-1001" [%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Time Trigger Task" [C:\Users\erica\AppData\Local\244b5e33-af2c-40f8-9302-febdaa9e26f4\2D3B.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance" ["%ProgramData%\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\Lenovo iM Controller Monitor" ["%windir%\system32\ImController.InfInstaller.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" ["%windir%\system32\sc.exe" START ImControllerService]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" [%windir%\System32\reg.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\TimeBasedEvents\557bf1cd-8adb-42f9-b85b-063a599c196f" ["C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\TimeBasedEvents\7b8e27f3-dffd-42e3-9a69-b754f796c9af" ["C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\TimeBasedEvents\bd2e12c5-1af2-4a45-a202-9634667c90ab" ["C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\ImController\TimeBasedEvents\c02b4e26-4573-46ca-800a-d7bcc97fa1ae" ["C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission" [C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe]
"C:\WINDOWS\SysNative\tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" [C:\Program Files\Mozilla Firefox\default-browser-agent.exe]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

Slides - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Docs - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Foxit PDF Creator - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci
Sheets - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=LCTE"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{62774768-11E8-4022-A9AE-324B8318B16E}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{62774768-11E8-4022-A9AE-324B8318B16E} - http://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{62774768-11E8-4022-A9AE-324B8318B16E}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{62774768-11E8-4022-A9AE-324B8318B16E} - http://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.56\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll

==== EOF on 13/05/2021 at 14:05:27,17 ======================