Analise de Log - processos desconhecidos

~ ZHPCleaner v2018.7.27.154 by Nicolas Coolman (2018/07/27)
~ Run by sthar (Administrator) (30/07/2018 09:48:37)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\sthar\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\sthar\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 17134)

---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\ Services (0)
~ No malicious or unnecessary items found. (Service)

---\ Browser internet (1)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : ] =>Hijacker.Proxy

---\ Hosts file (1)
~ The hosts file is legitimate (21)

---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\ Explorer ( File, Folder) (7)
MOVED file: C:\Users\sthar\Desktop\µTorrent.lnk [Bad : C:\Users\sthar\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVED file: C:\Users\sthar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\sthar\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVED file: C:\Users\sthar\Downloads\BitTorrent.exe [BitTorrent Inc. - BitTorrent] =>BitTorrent (P2P)
MOVED file: C:\Users\sthar\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P)
MOVED file: C:\Windows\SECOH-QAD.exe =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
MOVED folder: C:\Users\sthar\AppData\Roaming\IObit\Advanced SystemCare =>.SUP.AdvancedSystemCare

---\ Registry ( Key, Value, Data) (1)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P)

---\ Summary of the elements found (4)
https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico
https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/ =>.SUP.AdvancedSystemCare

---\ Other deletions. (30)
~ Registry Keys Tracing deleted (30)
~ Remove the old reports ZHPCleaner. (0)

---\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

---\ Statistics
~ Items scanned : 589
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0
~ End of clean in 00h00mn16s

---\ Reports (2)
ZHPCleaner-[S]-30072018-09_38_53.txt
ZHPCleaner-[R]-30072018-09_48_53.txt[/S]

############################## | UsbFix Premium V 10.021 | [Full scan]

Usuário: sthar (Administrador) # DESKTOP-557K1MS
Atualizado em 03/05/2018 por SOSVirus
Começou em 09:22:35 | 30/07/2018

Site : https://www.usb-antivirus.com/pt/
Contato : https://www.usb-antivirus.com/pt/contato/

################## | System information |

MB: Dell Inc. (08RR4G)
CPU: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
RAM -> [Total : 3993 Mo | Free : 1438 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft™ Windows 10 Enterprise (6.3.17134 64-Bit)
WB: Internet Explorer : 11.00.17134.1
WB: Microsoft Edge : 11.00.17134.165 (WinBuild.160101.0800)
WB: Google Chrome : 67.0.3396.99

################## | Security Information |

AV: Kaspersky Free [Ativo |Atualizado]
AV: Windows Defender [(!) Não ativo |Atualizado]
AS: Kaspersky Free [Ativo |Atualizado]
AS: Windows Defender [(!) Não ativo |Atualizado]
FW: Windows Firewall [Ativo]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]

################## | Disk Information |

C:\ (%SystemDrive%) -> Disco fixo # 307 Gb (166 Gb livre - 54%) [] # NTFS
E:\ -> Disco fixo # 391 Gb (69 Gb livre - 18%) [] # NTFS

################## | Autorun |


################## | Procura genérica | Full scan |

Supprimido! C:\WINDOWS\window.exe
Supprimido! HKU\S-1-5-21-2300687705-22382459-3887533480-1001\Software\Microsoft\Windows\CurrentVersion\Run|Windows

(!) Ficheiros temporários suprimido. (145.487157821655 MB)

################## | Attrib - Restore |


################## | E.O.F |