Ir para conteúdo

A partir do dia 19/11/2018, o foco do Fórum do BABOO é apenas Windows e Segurança Digital conforme informado no início de 2018.
As áreas que não têm relação com esses dois assuntos foram arquivadas e seus tópicos estão disponíveis para consulta na área Tópicos Antigos.

McWilliam

  • Postagens

    10
  • Desde

  • Última visita

  1. McWilliam

    Solicitação de Análise de Logs

    Eu já peguei os logs porem ao tentar enviar ele me leva para esse link: https://forum.baboo.com.br/index.php?/topic/791101-solicitação-de-análise-de-logs/&tab=comments&failedReply=1 Sucuri WebSite Firewall Att: Quando me referi a enviar eu quis dizer enviar a resposta, e alias poderia me responder porque as vezes fica sumindo o botão responder? já aconteceu umas 2 vezes
  2. McWilliam

    Solicitação de Análise de Logs

    O link ta offline
  3. McWilliam

    Solicitação de Análise de Logs

    Apareceu a seguinte mensagem de erro no ESET aos 96% "Can not get update. Is proxy Configued?" O que eu posso fazer nesse caso? Eu já tentei refazer o processo e toda vez da o mesmo problema em tempos diferentes
  4. McWilliam

    Solicitação de Análise de Logs

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 05/12/2018 Hora da análise: 14:12 Arquivo de registro: 92c97138-f8a8-11e8-80a5-001fd0e839cf.json -Informação do software- Versão: 3.6.1.2711 Versão de componentes: 1.0.482 Versão do pacote de definições: 1.0.8179 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 17134.441) CPU: x64 Sistema de arquivos: NTFS Usuário: WILLIAM-PC\Nei -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 302244 Ameaças detectadas: 0 Ameaças em quarentena: 0 Tempo decorrido: 33 min, 23 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:48:18, on 05/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Nei\AppData\Roaming\uTorrent\updates\3.5.4_44846\utorrentie.exe C:\Users\Nei\AppData\Roaming\uTorrent\updates\3.5.4_44846\utorrentie.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Discord] C:\Users\Nei\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{83438554-e52e-4374-8aa5-04e4813ac6c5}: NameServer = 212.23.8.1,212.23.3.1,25.0.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{83438554-E52E-4374-8AA5-04E4813AC6C5}: NameServer = 212.23.8.1,212.23.3.1,25.0.0.1 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service: SCP DS3 Service (Ds3Service) - Scarlet.Crush Productions - C:\Users\Nei\Desktop\ScpServer\bin\ScpService.exe O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\Nei\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe (file missing) O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Razer Surround Audio Service (RzSurroundVADStreamingService) - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 12915 bytes
  5. McWilliam

    Solicitação de Análise de Logs

    Mals net bugo e talvez tenha enviado muitas mensagens repetidas
  6. McWilliam

    Solicitação de Análise de Logs

    ~ ZHPCleaner v2018.12.4.202 by Nicolas Coolman (2018/12/04) ~ Run by Nei (Administrator) (05/12/2018 12:12:28) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Nei\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Nei\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 17134) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (166) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (66) MOVED file: C:\Users\Nei\Desktop\µTorrent.lnk [Bad : C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Nei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Nei\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk [Bad : C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Windows\Installer\wix{1EC8A200-307B-4964-A67D-6E10088C1CE1}.SchedServiceConfig.rmi =>.SUP.Empty MOVED file: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi =>.SUP.Empty MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\B775A1D0-4882-4577-B251-0DAC64A08E40\1.0.5.1_0\DapRemoteControlPlugin.dll [Speedbit Ltd. - DAP Remote Control Plugin] =>Adware.SpeedBit MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\B0FE9480-9E77-4c65-BF2F-855F9D750418\1.0.0.3_0\DapLinkCheckerPlugin.dll [Speedbit Ltd. - DAP Link Checker Plugin] =>Adware.SpeedBit MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\211A24A5-08E2-4413-8BFF-C16F80CCB537\1.0.0.0_0\DapInternetTab.dll [Speedbit Ltd. - TODO: <File description>] =>Adware.SpeedBit MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\CSharpDapsters.dll [Speedbit Ltd. - DAPsters manager plugin] =>Adware.SpeedBit MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\DapsterHelper.exe [Speedbit Ltd. - DapsterHelper] =>Adware.SpeedBit MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\DapsterHelper_Comp.exe [Speedbit Ltd. - DapsterHelper] =>Adware.SpeedBit MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\DapsterTools.dll [Speedbit Ltd. - DapsterTools] =>Adware.SpeedBit MOVED file: C:\ProgramData\SpeedBit\DAP\Plugins\08D29C25-8256-4454-9E93-A39DCAFB043D\1.0.0.4_0\MediaPreview.dll [Speedbit Ltd. - MediaPre Dynamic Link Library] =>Adware.SpeedBit MOVED file: C:\Users\Nei\AppData\Local\Temp\aria-debug-10008.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Nei\AppData\Local\Temp\aria-debug-11676.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Nei\AppData\Local\Temp\aria-debug-12116.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Nei\AppData\Local\Temp\aria-debug-2156.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Nei\AppData\Local\Temp\aria-debug-5208.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Nei\AppData\Local\Temp\aria-debug-5548.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Nei\AppData\Local\Temp\aria-debug-7548.log =>.SUP.Temporary.OneDrive MOVED file: C:\Users\Nei\AppData\Local\Temp\BIT2BAD.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Nei\AppData\Local\Temp\wct2B4F.tmp =>.SUP.Temporary.Office MOVED file^: C:\Users\Nei\AppData\Local\Temp\~DF713E7D7156AAB24F.TMP =>.SUP.Temporary.Other MOVED file: C:\Users\Nei\AppData\Local\Temp\~DFA6D1143041FB4D75.TMP =>.SUP.Temporary.Other MOVED folder: C:\Program Files (x86)\Skillbrains =>.SUP.Skillbrains MOVED folder: C:\Users\Nei\AppData\Roaming\Tencent =>.SUP.Tencent MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\038 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\039 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\045 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\046 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\047 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\048 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\049 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\050 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\052 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\053 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Local\Google\Chrome\User Data\Default\File System\054 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Nei\AppData\Roaming\IObit\Advanced SystemCare =>.SUP.AdvancedSystemCare MOVED folder: C:\Windows\Installer\MSI10FB.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI1997.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI1BCC.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI2475.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI292D.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI2B55.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI382D.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI4B66.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI4DB5.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI4F0D.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI4FDA.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI505.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI50F4.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI51B0.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI6334.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI6425.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI8E44.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSI9D58.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSID45.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSIF781.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSIF953.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSIF98A.tmp- =>.SUP.Empty MOVED folder: C:\Windows\Installer\MSIFF9E.tmp- =>.SUP.Empty MOVED folder: C:\Users\Nei\AppData\LocalLow\Adobe =>.SUP.Empty MOVED folder: C:\Users\Nei\AppData\LocalLow\EmieBrowserModeList =>.SUP.Empty MOVED folder: C:\Users\Nei\AppData\LocalLow\EmieSiteList =>.SUP.Empty MOVED folder: C:\Users\Nei\AppData\LocalLow\EmieUserList =>.SUP.Empty ---\\ Registry ( Key, Value, Data) (18) DELETED key*: [X64] HKLM\SOFTWARE\57979c68-f490-55b8-8fed-8b017a5af2fe [] =>Adware.CrossRider DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key*: HKU\.DEFAULT\Software\ByteFence [] =>.SUP.ByteFence DELETED key: HKU\S-1-5-18\Software\ByteFence [] =>.SUP.ByteFence DELETED key*: HKEY_USERS\S-1-5-21-2777491603-2758341900-568828878-1000\Software\csastats [] =>Adware.InstallCore DELETED key*: HKCU\Software\webservice [] =>Riskware.BitCoinMiner DELETED key*: HKCU\Software\enjoyWifi [] =>.SUP.EnjoyWiFi DELETED key: HKCU\Software\csastats [] =>Adware.InstallCore DELETED key*: HKCU\Software\undefined [] =>.SUP.Downloader DELETED key*: HKCU\Software\ProductSetup [] =>Adware.InstallCore DELETED key*: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO [Search@Mail.Ru] =>Adware.RussAd DELETED key*: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1 [Search@Mail.Ru] =>Adware.RussAd DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains] =>.SUP.Skillbrains DELETED key*: HKCU\SOFTWARE\65177fa2c2f6a39ce37d9ffc79ce5432 [] =>Hijacker.Browser DELETED key*: HKCU\SOFTWARE\772d3e1cf411932582ba4607caf9d2f7 [] =>Hijacker.Browser DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\1C0D504EF56F2C347FC247BE58C547225FBC8E17._service_run [0x020000000000000000000000] =>Heuristic.Suspect DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ycAutoLaunch_2E8E70CC8EC9D55F988204FC52173C6C [0x03000000665F0E598E68D301] =>Heuristic.Suspect DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\DAEMON Tools Lite Automount [0x03000000DDB4B56B2D46D401] =>Heuristic.Suspect ---\\ Summary of the elements found (20) https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.SpeedBit https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Office https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other https://www.anti-malware.top/2016/04/30/superfluous-skillbrains/ =>.SUP.Skillbrains https://nicolascoolman.eu/2017/02/23/tencentadressbar/ =>.SUP.Tencent https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/ =>.SUP.AdvancedSystemCare https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>.SUP.ByteFence https://nicolascoolman.eu/2017/09/19/adware-installcore-3/ =>Adware.InstallCore https://nicolascoolman.eu/2017/09/14/pup-optional-bitcoinminer/ =>Riskware.BitCoinMiner https://nicolascoolman.eu/2017/09/27/adware-enjoywifi/ =>.SUP.EnjoyWiFi https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader https://nicolascoolman.eu/2017/11/29/adware-russad/ =>Adware.RussAd https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Other deletions. (20) ~ Registry Keys Tracing deleted (20) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1046 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 43392 ~ End of clean in 00h01mn04s ---\\ Reports (4) ZHPCleaner--05122018-11_48_28.txt ZHPCleaner--05122018-11_49_09.txt ZHPCleaner--05122018-12_10_54.txt ZHPCleaner-[R]-05122018-12_13_32.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:32:23, on 05/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Users\Nei\AppData\Roaming\uTorrent\updates\3.5.4_44846\utorrentie.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Users\Nei\AppData\Roaming\uTorrent\updates\3.5.4_44846\utorrentie.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Discord] C:\Users\Nei\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{83438554-e52e-4374-8aa5-04e4813ac6c5}: NameServer = 212.23.8.1,212.23.3.1,25.0.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{83438554-E52E-4374-8AA5-04E4813AC6C5}: NameServer = 212.23.8.1,212.23.3.1,25.0.0.1 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service: SCP DS3 Service (Ds3Service) - Scarlet.Crush Productions - C:\Users\Nei\Desktop\ScpServer\bin\ScpService.exe O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\Nei\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe (file missing) O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Razer Surround Audio Service (RzSurroundVADStreamingService) - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 12986 bytes
  7. McWilliam

    Solicitação de Análise de Logs

    Já fiz todos os procedimentos solicitados no Tópico Oficial. O meu problema é remoção de: se houver cracks/ativadores etc.. E qualquer tipo de vírus. Segue meu log para exame: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:31:17, on 05/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Nei\AppData\Roaming\uTorrent\updates\3.5.4_44846\utorrentie.exe C:\Users\Nei\AppData\Roaming\uTorrent\updates\3.5.4_44846\utorrentie.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Discord] C:\Users\Nei\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [uTorrent] "C:\Users\Nei\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12052018023656040\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12052018023656040\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12052018023656281\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12052018023656281\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User '?') O4 - HKUS\S-1-5-21-2777491603-2758341900-568828878-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12052018023656565\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent (User '?') O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{83438554-e52e-4374-8aa5-04e4813ac6c5}: NameServer = 212.23.8.1,212.23.3.1,25.0.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{83438554-E52E-4374-8AA5-04E4813AC6C5}: NameServer = 212.23.8.1,212.23.3.1,25.0.0.1 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service: SCP DS3 Service (Ds3Service) - Scarlet.Crush Productions - C:\Users\Nei\Desktop\ScpServer\bin\ScpService.exe O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\Nei\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe (file missing) O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Razer Surround Audio Service (RzSurroundVADStreamingService) - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 13821 bytes
  8. Primeira lamento se o meu tópico estiver na área errada ou como queira chamar.. é o primeiro tópico que eu crio nesse site e para falar a verdade acho que é o primeiro tópico que crio em qualquer site. Baboo ou alguém que esteja lendo meu comentário / dúvida, Eu estava lendo uma postagem no seu fórum cujo link é esse: https://forum.baboo.com.br/index.php?/topic/786795-resposta-ao-v%C3%ADdeo-da-sayro-digital/ Onde em uma certa parte da postagem eu leio a seguinte frase: " [...]MacOS é o segundo sistema operacional mais vulnerável, perdendo somente para o Linux. " O que me deixo até que surpreso já que eu sempre leio sites, blogs, e principalmente vídeos no YouTube que o S.O Linux é o oposto do que você citou dizendo que é o " S.O mais complicado de se pegar vírus " até mesmo fazendo alguns memes, sei que você sempre diz e repete para não acreditar em baboseiras dos "técnicos" do YouTube, porém é tanta coisa que vejo, que até me faz acreditar que é verdade. Espero que possa alguém possa ler esse comentário e me responda se é mentira o que eu vejo no YouTube e outros lugares a respeito desse S.O ou algo do gênero. Obrigado por mais um ótimo vídeo e lamento por alguns erros de ortografia é que eu tentei fazer que ficasse o mais formal possível.
×