Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

A área de Remoção de Malwares está aberta na Comunidade BABOO. LEIA AQUI

Ir para conteúdo
FilipeLazzarini

Auxilio na remoçao virus com surrogate

Mensagem Recomendada

Prezados, gostaria de pedir auxilio na remoção de algumas pragas q se instauraram no meu PC. As principais anomalias que eu encontrei é o COM Surrogate. abaixo segue o codigo hijack.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:47:42, on 22/03/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
b:\Programas\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Serasa Experian\Service\eSfUpdateForm.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files (x86)\Avira\antivírus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
C:\Users\filip\AppData\Local\Akamai\netsession_win.exe
C:\Users\filip\AppData\Local\Akamai\netsession_win.exe
B:\Programas\Steam\Steam.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\filip\AppData\Local\Temp\SOLIDWORKS\Installation Manager Data\Remove_20190-40200-1100\sldIM.exe
C:\Users\filip\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\filip\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe
C:\Users\filip\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe
B:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [Avira System Speedup User Starter] "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKCU\..\Run: [OneDrive] "C:\Users\filip\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Steam] "B:\Programas\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Synapse3] "B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe" /StartMinimized
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_24AFD6F248B8D5A6DE7F13A9E2FA5532] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\filip\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --restore-last-session --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end
O4 - HKCU\..\RunOnce: [IM_Resume] "C:\Windows\SolidWorks\IM_20190-40200-1100-100\sldim\sldIM.exe" /resume_state 28 /context 4 /rtype 100
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O4 - Global Startup: Aplicativo de Download Automático do SOLIDWORKS.lnk = ?
O4 - Global Startup: Serasa Update.lnk = C:\Program Files (x86)\Serasa Experian\Service\eSfUpdateForm.exe
O4 - Global Startup: SOLIDWORKS 2019 Fast Start.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ANSYS, Inc. License Manager - ANSYS, Inc. - B:\Programas\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
O23 - Service: ANSYS Licensing Tomcat (ANSYSLicensingTomcat) - Apache Software Foundation - B:\Programas\ANSYS Inc\Shared Files\Licensing\tools\tomcat\bin\tomcat9.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\avmailc7.exe
O23 - Service: Avira Serviço protegido (AntivirProtectedService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\ProtectedService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\avwebg7.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Avira Optimizer Host (AviraOptimizerHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
O23 - Service: Avira Phantom VPN (AviraPhantomVPN) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
O23 - Service: Avira Updater Service (AviraUpdaterService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: SOLIDWORKS Electrical Collaborative Server (ewserver) - Unknown owner - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) MPI Library Hydra Process Manager (impi_hydra) - Intel Corporation - C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - b:\Programas\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Autodesk Simulation Moldflow MITSI 2018 Job Manager (mitsijm2018) - Autodesk, Inc. - B:\Programas\Autodesk\Inventor 2019\Moldflow\bin\mitsijm.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: OPC DDE Manager (opcddemg) - Unknown owner - C:\Windows\opcddemg.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Razer Chroma SDK Server - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Synapse Service - Unknown owner - B:\Programas\Razer\Synapse3\Service\Razer Synapse Service.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2008 (RemoteSolverDispatcher) - Mentor Graphics Corporation - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Serasa Update (SerasaUpdate) - Serasa Experian - C:\Program Files (x86)\Serasa Experian\Service\SerasaUpdate.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Flexnet Server - Flexera Software LLC - B:\SolidWorks_Flexnet_Server\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SWVisualize2019.BoostService - Dassault Systèmes - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe
O23 - Service: SWVisualize2019.Queue.Server - Dassault Systèmes - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe

--
End of file - 20308 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
<!DOCTYPE html>
<HTML>
<HEAD>
<meta charset="UTF-8" />
<h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">NEWS</h1>
<A HREF="https://nicolascoolman.eu/2019/03/20/multiples-vulnerabilites-dans-mozilla-firefox/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/02/cert-e1488893148643.png"TITLE=Multiples vulnérabilités dans Mozilla Firefox width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/03/19/decouverte-dune-nouvelle-variante-du-botnet-mirai/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/03/Botnet-Zone-AntiMalware-ZAM.png"TITLE=Découverte nouvelle variante du botnet Mirai. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/03/13/microsoft-patch-tuesday-de-mars-2019-inclut-les-correctifs-de-64-vulnerabilites/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/03/Microsoft-Patch-Tuesday-Zone-Antimalware.png"TITLE=Patch Tuesday mars 2019 inclut correctifs 64 vulnérabilités. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/03/08/decouverte-de-multiples-vulnerabilites-dans-certains-produits-cisco/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/02/cert-e1488893148643.png"TITLE=Découverte de multiples vulnérabilités dans produits Cisco. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/03/06/one-clickbooster-logiciel-potentiellement-superflu/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/03/OneClickBooster-Zone-Antimalware.png"TITLE=One Click~Booster, Logiciel Potentiellement Superflu width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/03/04/adobe-coldfusion-mise-a-jour-faille-zero-day/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/03/Adobe-ColdFusion-Zone-antimalware.png"TITLE=Adobe ColdFusion, Mise à jour faille Zero Day. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/03/02/decouverte-dune-vulnerabilite-presente-depuis-19-ans-dans-winrar/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/03/CheckPointResearch-Zone-Antimalware.png"TITLE=Découverte d’une vulnérabilité vieille de 19 ans dans WinRAR. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/03/01/conflit-de-certificats-entre-kasperky-av-et-google-chromecast/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/03/Kasperky-Chromecast-Zone-Antimalware.png"TITLE=Conflit de certificats entre Kasperky AV et Google Chromecast width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/26/les-fans-dapex-legends-cibles-par-des-campagnes-descroquerie/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/02/ApexLegends.png"TITLE=Fans d'Apex Legends ciblés par des campagnes d’escroquerie. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/26/multiples-vulnerabilites-dans-le-noyau-linux-de-suse/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/02/cert-e1488893148643.png"TITLE=Multiples vulnérabilités dans le noyau Linux de SUSE. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/25/le-ransomware-b0r0nt0k-infecte-les-serveurs-linux/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/12/Ransomware-Zone-Anti-Malware-ZAM.jpg"TITLE=Le ransomware B0r0nt0K infecte les serveurs Linux. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/21/firefox-va-detecter-la-presence-des-sites-endommages/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/10/Firefox-Zone-AntiMalware.png"TITLE=Firefox va détecter la présence des sites endommagés. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/20/faille-decouverte-dans-lapplication-mirc/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/02/mIRC-Zone-Antimalware.png"TITLE=Faille découverte dans l'application mIRC. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/17/google-chrome-permet-la-connexion-directe-a-un-mot-ou-a-une-phrase/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/02/ChromeGoogle-Zone-Antimalware.png"TITLE=Chrome permet la connexion directe à un mot ou à une phrase. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/15/le-dark-web-propose-127-millions-de-comptes-voles/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2019/01/Informations-Sécurité-Zone-antimalware.jpg"TITLE=Le Dark Web propose 127 millions de comptes volés. width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2019/02/12/le-cert-annonce-des-vulnerabilites-adobe/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/02/cert-e1488893148643.png"TITLE=Multiples vulnérabilités dans Adobe. width=200 height=200</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">ZHPCleaner Report</h1></HEAD>
<BODY>
<PRE>
<SCRIPT LANGUAGE="Javascript">
document.writeln("~ ZHPCleaner v2019.3.22.36 by Nicolas Coolman (2019/03/22)");
document.writeln("~ Run by filip (Administrator) (23/03/2019 18:53:49)");
document.writeln("~ Web: https://www.nicolascoolman.com");
document.writeln("~ Blog: https://nicolascoolman.eu/");
document.writeln("~ Facebook : https://www.facebook.com/nicolascoolman1");
document.writeln("~ State version : Version OK");
document.writeln("~ Certificate ZHPCleaner: Legal");
document.writeln("~ Type : Repair");
document.writeln("~ Report : B:\\Desktop\\ZHPCleaner (R).txt");
document.writeln("~ Quarantine : 😄\\Users\\filip\\AppData\\Roaming\\ZHP\\ZHPCleaner_Reg.txt");
document.writeln("~ UAC : Activate");
document.writeln("~ Boot Mode : Normal (Normal boot)");
document.writeln("Windows 10 Pro, 64-bit (Build 17763)");
document.writeln("");
document.writeln("<b>---\\ Alternate Data Stream (ADS). (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (ADS)");
document.writeln("");
document.writeln("<b>---\\ Services (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Service)");
document.writeln("");
document.writeln("<b>---\\ Browser internet (1)</b>");
document.writeln("REPLACED Desktop: B:\\Desktop\\Install Now Autodesk Inventor 2019.lnk [Bad : /URL 'http://edutrial.autodesk.com/NetSWDLD/2019/INVNTOR/FC2A7A80-FF67-4FAA-9F95-918FFFCE2B6B/WI/Inventor_2019_English_Win_64bit_wi_en-us_Setup.exe?dummy=0' /skipPI /SN 901-34942717 /PK 797K1 /Trial /akamai](.Autodesk, Inc..) =>.SUP.AkamaiHD".fontcolor("#0d1df4"));
document.writeln("");
document.writeln("<b>---\\ Hosts file (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Hosts)");
document.writeln("");
document.writeln("<b>---\\ Scheduled automatic tasks. (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Task)");
document.writeln("");
document.writeln("<b>---\\ Explorer ( File, Folder) (2)</b>");
document.writeln("MOVED file: B:\\Desktop\\µTorrent.lnk [Bad : 😄\\Users\\filip\\AppData\\Roaming\\uTorrent\\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)".fontcolor("#0d1df4"));
document.writeln("MOVED file: 😄\\Users\\filip\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\µTorrent.lnk [Bad : 😄\\Users\\filip\\AppData\\Roaming\\uTorrent\\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)".fontcolor("#0d1df4"));
document.writeln("");
document.writeln("<b>---\\ Registry ( Key, Value, Data) (0)</b>");
document.writeln("~ No malicious or unnecessary items found. (Register)");
document.writeln("");
document.writeln("<b>---\\ Summary of the elements found (2)</b>");
document.writeln("https://nicolascoolman.eu/2017/12/26/sup-akamaihd/ =>.SUP.AkamaiHD".fontcolor("#0d1df4"));
document.writeln("https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)".fontcolor("#f20d47"));
document.writeln("");
document.writeln("<b>---\\ Other deletions. (26)</b>");
document.writeln("~ Registry Keys Tracing deleted (26)");
document.writeln("~ Remove the old reports ZHPCleaner. (0)");
document.writeln("");
document.writeln("<b>---\\ Result of repair</b>");
document.writeln("~ Repair carried out successfully");
document.writeln("~ Browser not found (Mozilla Firefox)");
document.writeln("~ Browser not found (Opera Software)");
document.writeln("");
document.writeln("<b>---\\ Statistics</b>");
document.writeln("~ Items scanned : 711");
document.writeln("~ Items found : 0");
document.writeln("~ Items cancelled : 0");
document.writeln("~ Items options : 12/12");
document.writeln("~ Space saving (bytes) : 186732");
document.writeln("~ End of clean in 00h00mn05s");
document.writeln("");
document.writeln("<b>---\\ Reports (3)</b>");
document.writeln("ZHPCleaner--23032019-18_52_16.txt");
document.writeln("ZHPCleaner--23032019-18_53_35.txt");
document.writeln("ZHPCleaner-[R]-23032019-18_53_54.txt");
</SCRIPT>
</PRE>
<h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">Items cleaned by ZHPCleaner</h1>
<br><A HREF="https://nicolascoolman.eu/2017/12/26/sup-akamaihd/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/AkamaiHD-Zone-Antimalware-1.png"TITLE=.SUP.AkamaiHD width=200 height=200</A>
<A HREF="https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ " TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/02/BitTorrent-Zone-Antimalware.png"TITLE=BitTorrent (P2P) width=200 height=200</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">Information about modules</h1><A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/20/zhpdiag-module-g0-gcsp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/google-chrome-navigateur-anti-malware-zone.jpg"TITLE=G0 Google Chrome Page de démarrage width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/02/zhpdiag-module-g2-gce/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/google-chrome-store-zone-antimalware-nicolas-coolman.png"TITLE=G2 Google Chrome Extension width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/10/zhpdiag-module-m2-mfep/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/DoNotTrakMe-Mozilla-Firefox-Extensions-Zone-Antimalware.png"TITLE=M2 Mozilla Firefox Extension width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/26/zhpdiag-module-p2-fpn/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/extension_de_Mozilla_zone-antimalware.png"TITLE=P2 Mozilla Firefox Extension  width=100 height=100</A>
<A HREF="https://www.nicolascoolman.com/fr//r5-internet-explorer-proxy-management-iepm/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/04/proxy-server.jpg"TITLE=R5 Proxy Management width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/23/zhpdiag-module-o1-ush/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/hosts_dns_O1_ZHPDiag.png"TITLE=O1 Redirection du fichier Hosts width=100 height=100</A>
<A HREF="https://www.nicolascoolman.com/fr//o2-browser-helper-objects-de-navigateur/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/IoT-internet-des-objets-anti-malware-zone.png"TITLE=O2 Browser Helper Objects de navigateur width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/26/zhpdiag-module-o3-barre-doutils-de-navigateurs/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/09/Toolbars-Anti-Malware-Zone.png"TITLE=O3 Internet Explorer Toolbars width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/02/zhpdiag-module-o4-adar/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/zhpdiag-module-O4-clé-run-zone-antimalware.png"TITLE=O4 Applications démarrées par le système  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/27/zhpdiag-module-o4-global-startup/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/zhpdiag-module-O4-clé-run-zone-antimalware.png"TITLE=O4G Raccourcis Global Startup width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/19/zhpdiag-module-o10-lsp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/winsock-module-o10-zhpdiag.png"TITLE=O10 Winsock hijacker  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/19/zhpdiag-module-o17-mdad/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/DNS-Server-module-o17-zhpdiag.png"TITLE=O17 Modification Adresse/Domaine DNS width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/05/zhpdiag-module-o18-papp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/protocoles-zhpdiag-module-o18-zone-antimalware.png"TITLE=O18 Protocoles Additionnels width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/30/zhpdiag-module-o22-sharedtaskscheduler-sts/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/sharedtaskscheduler-zhpdiag-module-o22-zone-antimalware.png"TITLE=O22 Clé Registre SharedTaskScheduler  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/20/zhpdiag-module-o23-smnd/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/services-Windows-zhpdiag-module-o23.png"TITLE=O23 Services NT non Microsoft width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/27/zhpdiag-module-o34-bootexecute-bex/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/session-manager-zhpdiag-zone-antimalware.png"TITLE=O34 BootExecute  width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/18/zhpdiag-module-o38-apt/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows10-taches-planifiées-module-o38-zhpdiag.png"TITLE=O38 Tâches planifiées Automatique width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/18/zhpdiag-module-o40-asic/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/activesetup-installed-components-asic-o40-zhpdiag.png"TITLE=O40 ActiveSetup Installed Components width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/01/zhpdiag-module-o42-loin/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/logiciels-applications-Windows-ZAM-ZHPDiag3.png"TITLE=O42 Logiciels installés width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/12/zhpdiag-module-o43-cfd/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/windows10-laptop.png"TITLE=O43 Contenu des dossiers Programes width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/22/zhpdiag-module-o45-lfp/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/prefetch-ram-Windows.png"TITLE=O45 Derniers fichiers Prefetcher width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/22/zhpdiag-module-o46-seh/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Shell-Execute-hook2.png"TITLE=O46 ShellExecuteHooks width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/03/24/module-zhpdiag-o50/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/03/ifeo-image-file-execution-options-zhpdiag-o50.png"TITLE=O50 Image File Execution Options width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/31/zhpdiag-module-o53-smsr/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/ZHPDiag-Module-O53-SMSR-ZAM.png"TITLE=O53 ShareTools MSconfig StartupReg width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/21/zhpdiag-module-o58-sdl/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Pilotes-module-058-zhpdiag.png"TITLE=O58 Pilotes du Système width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/21/zhpdiag-module-o68-smi/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/Windows-registre-start-menu-inernet.png"TITLE=O68 Start Menu Internet width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/11/04/zhpdiag-module-o69-sbi/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/11/searchscopes-registre-module-o69-zone-antimalware.png"TITLE=O69 Search Browser Infection width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/24/zhpdiag-module-o83-sss/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/svchosts-services-zhpdiag-o83.jpg"TITLE=O83 Services démarrés par Svchost width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/2017/10/24/zhpdiag-module-o87-fael/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2017/10/FirewallRules-zhpdiag-o87.jpg"TITLE=O87 Firewall Activ Exception List width=100 height=100</A>
<A HREF="https://nicolascoolman.eu/wp-content/uploads/ads-alternate-data-stream/" TARGET="_blank"><IMG SRC="https://nicolascoolman.eu/wp-content/uploads/2018/01/ADS-NTFS.png"TITLE=O108 Raccourcis de menu contextuels width=100 height=100</A>
<A></A><h1 style="background-color: #1393ef; text-align: center; color: #ffffff; padding: 15px;">ZHPCleaner report End</h1></BODY>
</HTML>
 
 
 
 
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:55:24, on 23/03/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
b:\Programas\Malwarebytes\Anti-Malware\mbamtray.exe
B:\Programas\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Users\filip\AppData\Local\Akamai\netsession_win.exe
C:\Users\filip\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Serasa Experian\Service\eSfUpdateForm.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Avira\antivírus\avgnt.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
B:\Programas\Steam\Steam.exe
B:\Downloads\ZHPCleaner.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.3042.0_x86__8wekyb3d8bbwe\Solitaire.exe
B:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [Avira System Speedup User Starter] "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKCU\..\Run: [OneDrive] "C:\Users\filip\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Steam] "B:\Programas\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [Synapse3] "B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe" /StartMinimized
O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_24AFD6F248B8D5A6DE7F13A9E2FA5532] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\filip\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [Synapse3] B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Synapse3] B:\Programas\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'Default user')
O4 - Global Startup: Aplicativo de Download Automático do SOLIDWORKS.lnk = ?
O4 - Global Startup: Serasa Update.lnk = C:\Program Files (x86)\Serasa Experian\Service\eSfUpdateForm.exe
O4 - Global Startup: SOLIDWORKS 2017 Fast Start.lnk = ?
O4 - Global Startup: SOLIDWORKS 2019 Fast Start.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ANSYS, Inc. License Manager - ANSYS, Inc. - B:\Programas\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
O23 - Service: ANSYS Licensing Tomcat (ANSYSLicensingTomcat) - Apache Software Foundation - B:\Programas\ANSYS Inc\Shared Files\Licensing\tools\tomcat\bin\tomcat9.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\avmailc7.exe
O23 - Service: Avira Serviço protegido (AntivirProtectedService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\ProtectedService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\antivírus\avwebg7.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Avira Optimizer Host (AviraOptimizerHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
O23 - Service: Avira Phantom VPN (AviraPhantomVPN) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
O23 - Service: Avira Updater Service (AviraUpdaterService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: SOLIDWORKS Electrical Collaborative Server (ewserver) - Unknown owner - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) MPI Library Hydra Process Manager (impi_hydra) - Intel Corporation - C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - b:\Programas\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Autodesk Simulation Moldflow MITSI 2018 Job Manager (mitsijm2018) - Autodesk, Inc. - B:\Programas\Autodesk\Inventor 2019\Moldflow\bin\mitsijm.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: OPC DDE Manager (opcddemg) - Unknown owner - C:\Windows\opcddemg.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Razer Chroma SDK Server - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Synapse Service - Unknown owner - B:\Programas\Razer\Synapse3\Service\Razer Synapse Service.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Serasa Update (SerasaUpdate) - Serasa Experian - C:\Program Files (x86)\Serasa Experian\Service\SerasaUpdate.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Flexnet Server - Flexera Software LLC - B:\SolidWorks_Flexnet_Server\lmgrd.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SWVisualize2019.BoostService - Dassault Systèmes - B:\Programas\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe
O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.242\WsAppService.exe

--
End of file - 19913 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado (editado)
~ ZHPCleaner Trace v1.0 by Nicolas Coolman (2019/03/22)
~ Boot Mode : Normal (Normal boot)
~ Windows Windows 10 Pro,X64 (Build 17763)

*** PHASE 1 -  Initialisation ***
Ecriture de l'entête du rapport : OK
Déclaration HotKeyPresses : OK
Initialisation du module linguistique: OK
FTP Primaire OK
Chemin : C:\Users\filip\AppData\Roaming\ZHP\ZHPCleaner.exe
Path : https://nicolascoolman.eu/wp-updates/ZHPCleaner.exe
N° version Locale: 2019.3.22.36
N° version FTP: 2019.3.22.36
N° version logiciel: 2019.3.22.36
Chemin Lanceur:      3
Contrôle de la version: OK
Vérification des conditions d'utilisation: OK
Affichage de l'interface principale: OK

*** PHASE II : RECHERCHE ***
Affichage de la zone GUI: OK

*** PHASE II - Chargement des tables ***
- Chargement de la table MD5 : OK
- Chargement des tables Communes : OK
- Chargement de la table FP : OK
- Chargement des tables Registre : OK
- Chargement des tables Explorer : OK
- Chargement de la table DossiersEx : OK
- Chargement de la table Keys : OK
- Chargement des tables Publisher : OK
- Chargement des tables KeyRun : OK
- Chargement de la table Services  : OK
- Chargement de la table CrossRider  : OK
- Chargement de la table Multiplug : OK
- Chargement de la table Sambreel : OK
- Chargement de la table InstallCore : OK
- Chargement de la table browseFox : OK
- Chargement de la table ServiceRDNM : OK
- Chargement de la table Serveur DNS : OK
- Chargement de la table Shopper : OK
- Chargement de la table MalwareFreq : OK
- Chargement de la table Generic Roaming : OK
- Chargement de la table Key Interface : OK
- Chargement de la table KeyPuc : OK
- Chargement de la table Classes : OK
- Chargement de la table ProgData : OK
- Chargement de la table File/Folder Malwares : OK
- Chargement de la table Hijackers : OK
- Chargement de la table description des Publishers  : OK
- Chargement de la table Extensions Browser : OK
- Chargement de la table URLmalware : OK
- Chargement de la table KeyAppPath : OK
- Chargement de la table KeyAppID : OK
- Chargement de la table KeyDNS : OK
- Chargement de la table Shell : OK
- Chargement de la table Shell Picture : OK
- Chargement de la table des Extentions Chrome : OK
- Chargement de la table CLSID BHO/Toolbar  : OK
- Chargement de la table Toolbar : OK
- Chargement de la table ExtFirefoxPref : OK
- Chargement de la table Légitime : OK
- Chargement de la table des Tâches  : OK
- Chargement de la table Components  : OK
- Chargement de la table SearchScopes  : OK
- Chargement de la table des fichiers de Taches planifiées  : OK
- Chargement de la table des Clés Feature Control  : OK
Initialisation des tables : OK
Fermeture de tous les navigateurs :OK
Initialisation de la quarantaine : OK
Initialisation des tableaux de modules: OK
Recherche les dossiers profiles de Firefox : OK
Traitement du navigateur Firefox : OK
Traitement des plugins Firefox (Register) HKEY_CURRENT_USER\Software\MozillaPlugins : OK
Traitement des plugins Firefox (Register) HKLM64\SOFTWARE\MozillaPlugins : OK
Traitement des plugins Firefox (Register) HKLM64\SOFTWARE\Wow6432Node\MozillaPlugins : OK
Réparation des extensions Firefox (\extension) - Cas des fichiers : OK
Traitement des extensions Firefox (Register & explorer ) : OK
Traitement du navigateur Google Chrome : OK
Traitement des extensions Chrome (Explorer - Manifest) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Explorer - Manifest) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement de toutes les entrées registre d'IE : OK
Traitement de tous les raccourcis : OK
Corps du Rapport Navigateur: OK
Recherche heuristique - CrossRider #1 OK
Recherche heuristique - CrossRider #2 OK
Recherche heuristique - CrossRider #3 OK
Recherche heuristique - CrossRider #4 OK
Recherche heuristique - CrossRider #5 OK
Recherche heuristique - All CrossRider OK
Recherche heuristique - repairInstallCore OK
Recherche heuristique - repairInstallCoreReg OK
Recherche heuristique - repairInstallCoreReg2 OK
Recherche heuristique - All InstallCore OK
Corps du Rapport Heuristic: OK
Traitement des taches Provider (Register) HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\ : OK
Corps du Rapport Demarrage: OK
Recherche heuristique Fichier (Explorateur): OK
Recherche heuristique Dossier (Explorateur): OK
Recherche heuristique Dossier (Explorateur): OK
Corps du Rapport Explorer: OK
Recherche des malwares (Registre): OK
Recherche des clé PUP: OK
Recherche de clés hexa: OK
Recherche des clés de registre: OK
Recherche des clés de OpenWithProgids: OK
Traitement des menus contextuels (Registre) : OK
Traitement des menus contextuels (Registre) : OK
Traitement des menus contextuels (Registre) : OK
Traitement des menus contextuels (Registre) : OK
Traitement des menus contextuels (Registre) : OK
Traitement des menus contextuels (Registre) : OK
Traitement des menus contextuels (Registre) : OK
Recherche des clés de menu contextuel: OK
Corps du Rapport Registre: OK
Fin des 5 corps de rapport : OK

 *** PHASE IV : REDACTION DU RAPPORT ***
Début de l'impression du rapport : OK
- Ecriture des lignes Explorer: OK
- Ecriture des lignes Registre: OK
- Fin d'attribution des liens d'article: OK
- Fin d'écriture du bilan : OK
- Fin de rédaction du rapport: OK
- Fin du module Quarantaine : OK
Début de la copie des fichiers rapport : OK
- Copie du fichier txt dans le dossier ZHP : OK
- Copie du fichier txt dans le Bureau : OK

 *** PHASE V : TRANSFERT DU RAPPORT S ***
- Fichier de rapport Scan à transférer : PRESENT
- Nom du rapport: C:\Users\filip\AppData\Roaming\ZHP\ZHPCleaner-[S]-23032019-22_02_32.html
- Transfert du fichier HTML demandé
- Fichier rapport tranféré Scan : OK
*** Fin de la phase V  (Scan) : OK
Bilan - Module Web : OK
Bilan - Fin d'affichage de l'Interface (GUI) : OK
Bilan - Sortie de l'Interface : OK
Fin de rapport - Module Bilan : OK
Fin d'impression du rapport : OK
 *** Fin de traitement du rapport ***

 *** PHASE III : REPARATION ***
Affichage de la zone GUI: OK
Fermeture de tous les navigateurs :OK
Initialisation de la quarantaine : OK
Initialisation des tableaux de modules: OK
Recherche les dossiers profiles de Firefox : OK
Traitement du navigateur Firefox : OK
Traitement du navigateur Google Chrome : OK
Traitement des extensions Chrome (Explorer - Manifest) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Explorer - Manifest) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement des extensions Chrome (Registre) : OK
Traitement de toutes les entrées registre d'IE : OK
Traitement de tous les raccourcis : OK
Corps du Rapport Navigateur: OK
Corps du Rapport Heuristic: OK
Corps du Rapport Demarrage: OK
Corps du Rapport Explorer: OK
Recherche des malwares (Registre): OK
Corps du Rapport Registre: OK
Fin des 5 corps de rapport : OK

 *** PHASE IV : REDACTION DU RAPPORT ***
Début de prise en charge de l'interface de réparation : OK
- Traitement de la réparation Fichier: OK
- Traitement de la réparation Dossier: OK
- Traitement de la réparation Clés registre: OK
- Traitement de la réparation Valeur registre: OK
Fin de prise en charge de l'interface de réparation : OK
Début de l'impression du rapport : OK
- Ecriture des lignes Explorer: OK
- Ecriture des lignes Registre: OK
- Fin d'attribution des liens d'article: OK
- Fin de suppression des anciens rapports : OK
- Fin d'écriture du bilan : OK
- Fin de rédaction du rapport: OK
- Fin d'écriture du fichier de Quarantaine: OK
- Fin du module Quarantaine : OK
Début de la copie des fichiers rapport : OK
- Copie du fichier txt dans le dossier ZHP : OK
- Copie du fichier txt dans le Bureau : OK

 *** PHASE V : TRANSFERT DU RAPPORT R ***
- Fichier de rapport Réparation à transférer : PRESENT
- Nom du rapport: C:\Users\filip\AppData\Roaming\ZHP\ZHPCleaner-[R]-23032019-22_03_52.html
- Transfert du fichier HTML demandé
 *** Fin de la phase V (Réparation) : KO
Début de la procédure de redémarrage : OK
- Redémarrage programmé : OK
Fin d'impression du rapport : OK
 *** Fin de traitement du rapport ***

Editado por FilipeLazzarini

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...