Scribd
Upload
68 views5 pages

ZA Scan

This summary provides an overview of the key information from the document: 1) The document contains the results of a scan run on a Windows 10 Pro system, identifying running processes, services, drivers, startup registry entries and scheduled tasks. 2) Several applications like Origin, Epic Games Launcher and Spotify are configured to run automatically at startup. 3) The scan detected a variety of processes, services and drivers relating to applications, Windows functions and security software.

Uploaded by

Levi de Sousa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
68 views5 pages

ZA Scan

This summary provides an overview of the key information from the document: 1) The document contains the results of a scan run on a Windows 10 Pro system, identifying running processes, services, drivers, startup registry entries and scheduled tasks. 2) Several applications like Origin, Epic Games Launcher and Spotify are configured to run automatically at startup. 3) The scan detected a variety of processes, services and drivers relating to applications, Windows functions and security software.

Uploaded by

Levi de Sousa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

Zoek.exe v5.0.0.

2 Updated 03-May-2018(Online Version)


Tool run by gusta on 16/11/2021 at 14:15:53,90.
Microsoft Windows 10 Pro 10.0.19043 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\gusta\Desktop\zoek\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\scpbrad\scpbradserv.exe
D:\Program Files (x86)\Origin\OriginWebHelperService.exe
C:\Program Files (x86)\scpbrad\scpbradguard.exe
D:\Program Files (x86)\3RVX\3RVX.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\gusta\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================


Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

R2 - [AMD Crash Defender Service] - AMD Crash Defender Service - c:\windows\


system32\amdfendrsr.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\
system32\driverstore\filerepository\u0372232.inf_amd64_1e947f831d2ae36a\b372131\
atiesrxx.exe
R2 - [LGHUBUpdaterService] - LGHUB Updater Service - c:\program files\lghub\
lghub_updater.exe
R2 - [Origin Web Helper Service] - Origin Web Helper Service - d:\program files
(x86)\origin\originwebhelperservice.exe
R2 - [PnkBstrA] - PnkBstrA - c:\windows\system32\pnkbstra.exe
R2 - [scpbradserv] - Componente de Segurança Bradesco - c:\program files (x86)\
scpbrad\scpbradserv.exe
R2 - [SgrmBroker] - System Guard Runtime Monitor Broker - c:\windows\system32\
sgrmbroker.exe
R2 - [WinDefend] - Serviço Microsoft Defender Antivírus - c:\programdata\microsoft\
windows defender\platform\4.18.2110.6-0\msmpeng.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [SecurityHealthService] - Serviço de Segurança do Windows - c:\windows\
system32\securityhealthservice.exe
S2 - [edgeupdate] - Serviço Microsoft Edge Update (edgeupdate) - c:\program files
(x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [BEService] - BattlEye Service - c:\program files (x86)\common files\battleye\
beservice.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub
de Diagnóstico da Microsoft (R) - c:\windows\system32\diagsvcs\
diagnosticshub.standardcollector.service.exe
S3 - [EasyAntiCheat] - EasyAntiCheat - c:\program files (x86)\easyanticheat\
easyanticheat.exe
S3 - [EasyAntiCheat_EOS] - Easy Anti-Cheat (Epic Online Services) - c:\program
files (x86)\easyanticheat_eos\easyanticheat_eos.exe
S3 - [edgeupdatem] - Serviço Microsoft Edge Update (edgeupdatem) - c:\program files
(x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\
windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [MicrosoftEdgeElevationService] - Microsoft Edge Elevation Service
(MicrosoftEdgeElevationService) - c:\program files (x86)\microsoft\edge\
application\95.0.1020.53\elevation_service.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\
msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [Origin Client Service] - Origin Client Service - d:\program files (x86)\
origin\originclientservice.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft
shared\source engine\ose.exe
S3 - [perceptionsimulation] - Serviço de Simulação de Percepção do Windows - c:\
windows\system32\perceptionsimulation\perceptionsimulationservice.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\
perfhost.exe
S3 - [Rockstar Service] - Rockstar Game Library Service - c:\program files\rockstar
games\launcher\rockstarservice.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\
locator.exe
S3 - [Sense] - Serviço Proteção Avançada contra Ameaças do Windows Defender - c:\
program files\windows defender advanced threat protection\mssense.exe
S3 - [SensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\
sensordataservice.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [spectrum] - Serviço de Percepção do Windows - c:\windows\system32\
spectrum.exe
S3 - [Steam Client Service] - Steam Client Service - c:\program files (x86)\common
files\steam\steamservice.exe
S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\
windows\system32\tieringengineservice.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\
trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\
system32\wbengine.exe
S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Microsoft Defender Antivírus - c:\
programdata\microsoft\windows defender\platform\4.18.2110.6-0\nissrv.exe
S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\
wmiapsrv.exe
S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player
- c:\program files\windows media player\wmpnetwk.exe
S4 - [AppVClient] - Microsoft App-V Client - c:\windows\system32\appvclient.exe
S4 - [ssh-agent] - OpenSSH Authentication Agent - c:\windows\system32\openssh\ssh-
agent.exe
S4 - [UevAgentService] - Serviço de User Experience Virtualization - c:\windows\
system32\agentservice.exe
S4 - [uhssvc] - Microsoft Update Health Service - c:\program files\microsoft update
health tools\uhssvc.exe [x]

==== Drivers(whitelist) ======================


Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url]

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-2175380699-2852125328-1652107485-1001\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
"3RVX"="D:\Program Files (x86)\3RVX\3RVX.exe"
"EADM"="D:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"LGHUB"="C:\Program Files\LGHUB\lghub.exe --background"
"EpicGamesLauncher"="D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\
Win64\EpicGamesLauncher.exe -silent"
"Opera GX Browser Assistant"="C:\Users\gusta\AppData\Local\Programs\Opera GX\
assistant\browser_assistant.exe"
"InputMapper"="C:\Program Files (x86)\DSDCS\InputMapper 1.7\InputMapper.exe"
"Spotify"="C:\Users\gusta\AppData\Roaming\Spotify\Spotify.exe --autostart --
minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe CCXProcess"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\
CCXProcess.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
"3RVX"="D:\Program Files (x86)\3RVX\3RVX.exe"
"EADM"="D:\Program Files (x86)\Origin\Origin.exe -AutoStart"
"LGHUB"="C:\Program Files\LGHUB\lghub.exe --background"
"EpicGamesLauncher"="D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\
Win64\EpicGamesLauncher.exe -silent"
"Opera GX Browser Assistant"="C:\Users\gusta\AppData\Local\Programs\Opera GX\
assistant\browser_assistant.exe"
"InputMapper"="C:\Program Files (x86)\DSDCS\InputMapper 1.7\InputMapper.exe"
"Spotify"="C:\Users\gusta\AppData\Roaming\Spotify\Spotify.exe --autostart --
minimized"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SecurityHealth"="%windir%\system32\SecurityHealthSystray.exe "

==== Startup Folders ======================

2021-06-17 02:20:01 1911 ----a-w- C:\Users\gusta\AppData\Roaming\Microsoft\


Windows\Start Menu\Programs\Startup\Peace.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\Windows\


explorer.exe [02/10/2021 11:43]
C:\Windows\tasks\{E42A4987-1F86-4E8F-A708-60CAAC1E3DA7}.job --ah------- C:\Users\
gusta\Desktop\InputMapper1.7.7452.13622 1.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AMDInstallLauncher" [C:\Program Files\AMD\CIM\Bin64\


InstallManagerApp.exe]
"C:\Windows\SysNative\tasks\AMDLinkUpdate" [C:\Program Files\AMD\CIM\Bin64\
InstallManagerApp.exe]
"C:\Windows\SysNative\tasks\AMDRyzenMasterSDKTask" ["C:\Program Files\AMD\CNext\
CNext\cpumetricsserver.exe"]
"C:\Windows\SysNative\tasks\Intelligent StandbyList Cleaner" [C:\Users\gusta\
Desktop\ISLC v1.0.2.5\Intelligent standby list cleaner ISLC.exe]
"C:\Windows\SysNative\tasks\Nahimic2Svc32Run" ["C:\Program Files\Nahimic\Nahimic2\
UserInterface\Nahimic2Svc32.exe"]
"C:\Windows\SysNative\tasks\Nahimic2Svc64Run" ["C:\Program Files\Nahimic\Nahimic2\
UserInterface\x64\Nahimic2Svc64.exe"]
"C:\Windows\SysNative\tasks\Nahimic2UILauncherRun" ["C:\Program Files\Nahimic\
Nahimic2\UserInterface\Nahimic2UILauncher.exe"]
"C:\Windows\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-2175380699-
2852125328-1652107485-500" [%localappdata%\Microsoft\OneDrive\
OneDriveStandaloneUpdater.exe]
"C:\Windows\SysNative\tasks\OneDrive Standalone Update Task-S-1-5-21-2464130120-
637945719-2359423561-500" [%localappdata%\Microsoft\OneDrive\
OneDriveStandaloneUpdater.exe]
"C:\Windows\SysNative\tasks\Opera GX scheduled assistant Autoupdate 1615929884"
[C:\Users\gusta\AppData\Local\Programs\Opera GX\launcher.exe]
"C:\Windows\SysNative\tasks\Opera GX scheduled Autoupdate 1607401374" [C:\Users\
gusta\AppData\Local\Programs\Opera GX\launcher.exe]
"C:\Windows\SysNative\tasks\StartCN" ["C:\Program Files\AMD\CNext\CNext\cncmd.exe"]
"C:\Windows\SysNative\tasks\StartCNBM" ["C:\Program Files\AMD\CNext\CNext\
cncmd.exe"]
"C:\Windows\SysNative\tasks\StartDVR" ["C:\Program Files\AMD\CNext\CNext\
RSServCmd.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{856D7BDD-6A27-4F68-8F4E-
56AD56C65AAF}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{E42A4987-1F86-4E8F-A708-60CAAC1E3DA7}" [C:\Users\
gusta\Desktop\InputMapper1.7.7452.13622 (1).exe]

==== Chromium Look ======================

Slides - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\


aapocclcgogkmnckokdopfmhonfmgoek
Docs - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\
aohghmighlieiainnegkcijnfilokake
Google Drive - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\
apdfllckaahabafndbhieahigkjlhalf
YouTube - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\
blpcfgokakmgnkcojhhkbfbldkacnbeo
uBlock₀ - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\
cjpalhdlnbpafiamejdnhcphjbkeiagm
Dark Reader - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\
eimadpbcbfnmbkopoojfekhnkhdbieeh
Sheets - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\
felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - gusta\AppData\Local\Google\Chrome\User Data\Default\
Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - gusta\AppData\Local\Google\Chrome\User Data\Default\
Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - gusta\AppData\Local\Google\Chrome\User Data\Default\Extensions\
pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================


HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-
E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =


http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files
(x86)\Microsoft\Edge\Application\95.0.1020.53\BHO\ie_to_edge_bho.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-
ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL

==== EOF on 16/11/2021 at 14:16:58,98 ======================

You might also like