ZA-Scan V1.0.0.6 Updated 03-May-2018(Online Version) Tool run by Guizzle on 22/09/2021 at 14:50:10,19. Microsoft Windows 10 Pro 10.0.19043 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Guizzle\Desktop\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\SysWOW64\cmd.exe C:\Users\Guizzle\AppData\Local\Temp\ZAScan.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [ClickToRunSvc] - Serviço Clique para Executar do Microsoft Office - c:\program files\common files\microsoft shared\clicktorun\officeclicktorun.exe R2 - [DSAService] - Intel(R) Driver & Support Assistant - c:\program files (x86)\intel\driver and support assistant\dsaservice.exe R2 - [EpsonScanSvc] - Epson Scanner Service - c:\windows\system32\escsvc64.exe R2 - [ESRV_SVC_QUEENCREEK] - Energy Server Service queencreek - c:\program files\intel\sur\queencreek\x64\esrv_svc.exe R2 - [fpCsEvtSvc] - fpCsEvtSvc - c:\windows\system32\fpcsevtsvc.exe R2 - [HPAppHelperCap] - HP App Helper HSA Service - c:\program files\hp\hp enabling services\apphelpercap.exe R2 - [HPDiagsCap] - HP Diagnostics HSA Service - c:\program files\hp\hp enabling services\diagscap.exe R2 - [HPNetworkCap] - HP Network HSA Service - c:\program files\hp\hp enabling services\networkcap.exe R2 - [HPSysInfoCap] - HP System Info HSA Service - c:\program files\hp\hp enabling services\sysinfocap.exe R2 - [IAStorDataMgrSvc] - Intel(R) Rapid Storage Technology - c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe R2 - [ibtsiva] - Intel Bluetooth Service - c:\windows\system32\ibtsiva R2 - [igfxCUIService2.0.0.0] - Intel(R) HD Graphics Control Panel Service - c:\windows\system32\igfxcuiservice.exe R2 - [jhi_service] - Intel(R) Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [Service KMSELDI] - Service KMSELDI - c:\program files\kmspico\service_kms.exe R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\sgrmbroker.exe R2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe R2 - [SwiService] - Sierra Wireless Service - c:\program files (x86)\sierra wireless inc\utils\swiservice.exe R2 - [SynTPEnhService] - SynTPEnh Caller Service - c:\program files\synaptics\syntp\syntpenhservice.exe R2 - [SystemUsageReportSvc_QUEENCREEK] - Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - c:\program files\intel\sur\queencreek\sursvc.exe R2 - [valWBFPolicyService] - Synaptics FP WBF Policy Service - c:\windows\system32\valwbfpolicyservice.exe R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe R2 - [WinDefend] - Serviço Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2108.7-0\msmpeng.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [DSAUpdateService] - Intel(R) Driver & Support Assistant Updater - c:\program files (x86)\intel\driver and support assistant\dsaupdateservice.exe R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe R3 - [SecurityHealthService] - Serviço de Segurança do Windows - c:\windows\system32\securityhealthservice.exe S2 - [edgeupdate] - Serviço Microsoft Edge Update (edgeupdate) - c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [BEService] - BattlEye Service - c:\program files (x86)\common files\battleye\beservice.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [cphs] - Intel(R) Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [edgeupdatem] - Serviço Microsoft Edge Update (edgeupdatem) - c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe S3 - [EpicOnlineServices] - Epic Online Services - c:\program files (x86)\epic games\epic online services\service\epiconlineserviceshost.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [GoogleChromeElevationService] - Google Chrome Elevation Service (GoogleChromeElevationService) - c:\program files (x86)\google\chrome\application\93.0.4577.82\elevation_service.exe S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [hpqcaslwmiex] - HP CASL Framework Service - c:\program files (x86)\hp\shared\hpqwmiex.exe S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe S3 - [Intel(R) Capability Licensing Service TCP IP Interface] - Intel(R) Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe S3 - [Intel(R) SUR QC SAM] - Intel(R) SUR QC Software Asset Manager - c:\program files\intel\sur\queencreek\updater\bin\intelsoftwareassetmanagerservice.exe S3 - [MicrosoftEdgeElevationService] - Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - c:\program files (x86)\microsoft\edge\application\93.0.961.52\elevation_service.exe S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe S3 - [ose64] - Office 64 Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [perceptionsimulation] - Serviço de Simulação de Percepção do Windows - c:\windows\system32\perceptionsimulation\perceptionsimulationservice.exe S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [Sense] - Serviço Proteção Avançada contra Ameaças do Windows Defender - c:\program files\windows defender advanced threat protection\mssense.exe S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\spectrum.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [USER_ESRV_SVC_QUEENCREEK] - User Energy Server Service queencreek - c:\program files\intel\sur\queencreek\x64\esrv_svc.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Microsoft Defender Antivírus - c:\programdata\microsoft\windows defender\platform\4.18.2108.7-0\nissrv.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe S4 - [EvtEng] - Intel(R) PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe S4 - [RegSrvc] - Intel(R) PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-agent.exe S4 - [UevAgentService] - Serviço de User Experience Virtualization - c:\windows\system32\agentservice.exe S4 - [uhssvc] - Microsoft Update Health Service - c:\program files\microsoft update health tools\uhssvc.exe S4 - [ZeroConfigService] - Intel(R) PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe ==== Drivers(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1525340926-1912069763-4131825724-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT EPLTarget\P0000000000000000 /M L355 Series" "Wechat"="C:\Program Files (x86)\Tencent\WeChat\WeChat.exe -autorun" "21FAF7C85B3BFD11F91B256D33757826BD3315EC._service_run"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --type=service /prefetch:8" "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "EpicGamesLauncher"="C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent" [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe 60" "QLBController"="C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start" "Intel Driver & Support Assistant"="C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPLTarget\P0000000000000000"="C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT EPLTarget\P0000000000000000 /M L355 Series" "Wechat"="C:\Program Files (x86)\Tencent\WeChat\WeChat.exe -autorun" "21FAF7C85B3BFD11F91B256D33757826BD3315EC._service_run"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --type=service /prefetch:8" "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "EpicGamesLauncher"="C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60" "SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe " ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\WINDOWS\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"] "C:\WINDOWS\SysNative\tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132" ["C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe"] "C:\WINDOWS\SysNative\tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon" ["C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe"] "C:\WINDOWS\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe] "C:\WINDOWS\SysNative\tasks\KMSpico Automatic Update Scheduler" ["C:\Program Files\KMSpico\KMSUPD.exe"] "C:\WINDOWS\SysNative\tasks\Optimize Thumbnail Cache" ["C:\Program Files (x86)\Common Files\installshield\engine\8\intel 32\isupdate.exe"] "C:\WINDOWS\SysNative\tasks\USER_ESRV_SVC_QUEENCREEK" ["C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"] "C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe] "C:\WINDOWS\SysNative\tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" [C:\Program Files\Mozilla Firefox\default-browser-agent.exe] "C:\WINDOWS\SysNative\tasks\S-1-5-21-1525340926-1912069763-4131825724-1001\DataSenseLiveTileTask" [%SystemRoot%\System32\DataUsageLiveTileTask.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\b4qa5xzr.default user_pref("browser.newtab.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__190805"); ProfilePath: C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release user_pref("browser.newtab.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__190805"); user_pref("browser.search.defaultenginename", "Default Search Engine"); user_pref("browser.search.selectedEngine", "Default Search Engine"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release - MEGA - %ProfilePath%\extensions\firefox@mega.co.nz.xpi - M\u00e9liuz: Cashback e cupons em suas compras - %ProfilePath%\extensions\jid1-NI2sWc3cvsAJsg@jetpack.xpi - h264ify - %ProfilePath%\extensions\jid1-TSgSxBhncsPBWQ@jetpack.xpi - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi - short_ uBlock\u2080 - %ProfilePath%\extensions\uBlock0@raymondhill.net.xpi - Native HLS Playback - %ProfilePath%\extensions\{478a6f63-10b3-41e4-8216-ec5e7b3486fc}.xpi - Open in VLC media player - %ProfilePath%\extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi - Matte Black Red - %ProfilePath%\extensions\{a7589411-c5f6-41cf-8bdc-f66527d9d930}.xpi - Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Guizzle\AppData\Roaming\Mozilla\Firefox\Profiles\v0i3w7es.default-release 3EF95A14071D861A722DF6ED066C54A1 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin 472CB62C5FFFCF68E543B1B527B4E41F - C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL - Microsoft Office ==== Chromium Look ====================== Google Chrome Version: 93.0.4577.82 MEGA - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod YouTube - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo DownAlbum - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok uBlock₀ - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm Share on Rabbit - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplabnbcafdgpcjmibgkekpaejlfhnkl Native HLS Playback - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\emnphkkblegpebimobpbekeedfgemhof Video DownloadHelper - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk Chrome Web Store Payments - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Guizzle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__190805" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B} - https://securesearch.org?q={searchTerms} ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit= O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\93.0.961.52\BHO\ie_to_edge_bho.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll ==== EOF on 22/09/2021 at 15:01:48,14 ======================