Olá, eu venho procurado a bastante tempo na internet um adware cleaner ou um antivirus capaz de achar esse possível adware, de uma certa versão de um aplicativo meu a seguinte mensagem aparece: Desculpem se essa é a área errada ou se todo o tópico está errado mas ainda não sou usuário ativo da comunidade. Bom, se alguém puder ajudar Att. Doom

Possível Adware - Microsoft Q&A

Anônima

Teve algumas ameaças que ficaram com um sinal de exclamação. Então só para garantirmos que elas foram realmente limpas peço que faça o seguinte:

Abra novamente o AdwCleaner, clique em Examinar > depois clique em Limpar.

Poste o novo relatório que ele irá criar.

0 comentários

Anônima

* Selecione e copie todo este texto destacado em negrito que te passei (começando em script zhpfix e indo até emptyclsid)

___________________________________________________________________________________________________________

* Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

0 comentários

Anônima

~ Relatório do ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014)

~ Iniciado por Doom (15/03/2014 19:02:20)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Deactivate by user

---\ Navegadores Internet

MSIE: Internet Explorer v8.0.7600.16385 (Defaut)

GCIE: Google Chrome v33.0.1750.154

---\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Ultimate, 64-bit (Build 7600)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Key Management Service client information : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK

---\ Softwares de proteçao do sistema

avast! Free Antivirus v9.0.2007

Windows Defender W7

---\ Softwares d'optimização do sistema

---\ Softwares de partilha do PeerToPeer (P2P)

Pando Media Booster v2.6.0.7

µTorrent v3.2.3.28705 =>P2P.µTorrent

---\ Monitoramento dos softwares

Adobe Flash Player 11 Plugin

Java 7 Update 45

---\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 5990 MB (43% free)

System Restore: Activé (Enable)

System drive C: has 238 GB (39%) free of 601 GB

---\ Modo de conexão ao sistema

~ Computer Name: DOOM-PC

~ User Name: Doom

~ All Users Names: HomeGroupUser$, Doom, Convidado, ASPNET, Administrador,

~ Unselected Option: 045,061,O62,065,066,080,O82,089

Logged in as Administrator

---\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Doom\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Doom\AppData\Roaming\

~ %Desktop% : C:\Users\Doom\Desktop\

~ %Favorites% : C:\Users\Doom\Favorites\

~ %LocalAppData% : C:\Users\Doom\AppData\Local\

~ %StartMenu% : C:\Users\Doom\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 238 Go of 601 Go)

D: CD-ROM drive (Not Inserted)

E: CD-ROM drive (Not Inserted)

F: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)

---\ Estado do Centro de Segurança do Windows

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

~ Security Center: 48 Legitimates Filtered in 00mn 00s

---\ Pesquisa particular de ficheiros genéricos

[MD5.F170B4A061C9E026437B193B4D571799] - (.Microsoft Corporation - Windows Explorer.) (.03/08/2009 - 03:17:37.) -- C:\Windows\Explorer.exe [2868224]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.B1037F0131C9A010D611F6914E03CD92] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/07/2009 - 22:41:56.) -- C:\Windows\System32\wininet.dll [1193472]

[MD5.132328DF455B0028F13BF0ABEE51A63A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Winlogon.exe [389120]

[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]

[MD5.B9384E03479D2506BC924C16A3DB87BC] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 20:21:42.) -- C:\Windows\system32\Drivers\AFD.sys [500224]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.3F1DC527070ACB87E40AFE46EF6DA749] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 20:23:44.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.CFDCD8CA87C2A657DEBC150AC35B5E08] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 20:24:00.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157184]

[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]

[MD5.356698A13C4630D5B31C37378D469196] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.13/07/2009 - 22:48:27.) -- C:\Windows\system32\Drivers\ntfs.sys [1659984]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]

[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]

[MD5.58F82EED8CA24B461441F9C3E4F0BF5C] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/07/2009 - 22:45:55.) -- C:\Windows\system32\Drivers\volsnap.sys [294992]

~ Generic Processes: Scanned in 00mn 00s

---\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 2/87

~ Mes musiques (My Musics) : 7/29

~ Mes Videos (My Videos) : 11/69

~ Mes Favoris (My Favorites) : 1/18

~ Mes Documents (My Documents) : 5/44707

~ Mon Bureau (My Desktop) : 1/13

~ Menu demarrer (Programs) : 1/58

~ Hidden Files: Scanned in 00mn 20s

---\ Processos lançados

[MD5.BAD90BF2E74C2F0A75ACE4CC9EBA9E64] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792] [PID.3664]

[MD5.736E57247F12EACECDB224B8D1F7F187] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.3792]

[MD5.D41A8A1751E52CCFCB209E09478A13DB] - (.IObit - Game Booster.) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe [613208] [PID.4880]

[MD5.B2EE09DFFEC6011E1805B1063136EF3E] - (.IObit - No Comment.) -- C:\Program Files (x86)\IObit\Game Booster 3\FPSClient.exe [521560] [PID.2652]

[MD5.6424AD646BD0473E913D82CB95C81BBB] - (.BlueStack Systems, Inc. - BlueStacks Frontend.) -- C:\Program Files (x86)\BlueStacks\HD-Frontend.exe [910096] [PID.3340]

[MD5.026C4CA19FAE1F84894A99735B15AACA] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859464] [PID.3192]

[MD5.1F0F6AB1808781D2A2C2CA02E712ED8C] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.2268]

[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.4988]

[MD5.7A189530FD0CFD415DBE41123F8A6A59] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1588]

[MD5.24EA4E2F76E216CE70353736E3556585] - (.IObit - IObit Malware Fighter Service.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168] [PID.1812]

[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.956]

[MD5.D0B8FF13B168A5530E969C87B2197906] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808] [PID.2208]

[MD5.9F08B3FB862AFEBF55A0F3BA2E73996A] - (.BlueStack Systems, Inc. - BlueStacks Service.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192] [PID.1224]

[MD5.3951FF22BA26364F5DF3486897AD47C0] - (.BlueStack Systems - BlueStacks Network Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe [377616] [PID.1932]

[MD5.9C9C4C54674D88D6F4137C7E34CBA861] - (.BlueStack Systems - BlueStacks Block Device Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe [261392] [PID.3400]

[MD5.26F6A31F9F88FA25FBCCC8E9EC82CE38] - (.BlueStack Systems - BlueStacks Shared Folder Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe [367376] [PID.2972]

~ Processes Running: Scanned in 00mn 00s

---\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Doom\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [User Data\Default] [aaaahnhphnnkiplgjjpnoobbfghmphni] Ask Toolbar v.26.61053, (Désactivé) =>Toolbar.Ask

G2 - GCE: Preference [User Data\Default] [bcfjehbfanfhgoehogmbiebedkidedjb] IMVU Inc v.10.19.2.5, (Désactivé)

G2 - GCE: Preference [User Data\Default] [bodfdknjhecmadheclfjkhhiofeagdbh] DAP Link Checker v.1.0.1.2 (Désactivé)

G2 - GCE: Preference [User Data\Default] [ffdcfjdljhbehggjdkdioajnknjcpbjb] Download Accelerator Plus (DAP) v.2.0.10 (Activé)

G2 - GCE: Preference [User Data\Default] [llmfehnfojojfamjjijjciopbjimcffa] Chat Undetected v.1.26.70, (Activé)

G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

~ Google Browser: 23 Legitimates Filtered in 00mn 05s

---\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://br.hao123.com

~ IE Browser: 19 Legitimates Filtered in 00mn 00s

---\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 94.200.108.10:3128

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

~ Proxy management: Scanned in 00mn 00s

---\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 1

---\ Barras do Internet Explorer (03))

O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

~ Toolbar: Scanned in 00mn 00s

---\ Outras conexões do utilizador (04)

O4 - GS\Desktop [Public]: Blur(TM).lnk . (...) -- C:\Program Files (x86)\Activision\Blur(TM)\Blur.exe

O4 - GS\Desktop [Public]: foobar2000.lnk . (.Piotr Pawlowski - foobar2000.) -- C:\Program Files (x86)\foobar2000\foobar2000.exe

O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop [Public]: The Sims™ 3.lnk . (.Electronic Arts, Inc. - Sims 3Launcher Starter Application.) -- C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\Sims3Launcher.exe

O4 - GS\Program [Public]: Mocha for After Effects CS5.5.lnk . (...) -- C:\Program Files\Adobe\Adobe After Effects CS5.5\mocha\bin\mocha4ae_adobe.exe

O4 - GS\QuickLaunch [Doom]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O4 - GS\QuickLaunch [Doom]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch [Doom]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe

O4 - GS\QuickLaunch [Doom]: Sandboxed Web Browser.lnk . (.Sandboxie Holdings, LLC - Sandboxie Start.) -- C:\Program Files\Sandboxie\Start.exe

O4 - GS\QuickLaunch [Doom]: Wakfu.lnk . (...) -- C:\Program Files (x86)\Wakfu\UpLauncher.exe (.not file.)

O4 - GS\TaskBar [Doom]: Gerenciador de Tarefas do Windows.lnk . (.Microsoft Corporation - Gerenciador de Tarefas do Windows.) -- C:\Windows\System32\taskmgr.exe

O4 - GS\Program [Doom]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\Program [Doom]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\SystemTools [Doom]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\SendTo [Doom]: Sandboxie - DefaultBox.lnk . (...) -- C:\Program Files (x86)\Sandboxie\Start.exe (.not file.)

O4 - GS\SendTo [Doom]: Transferência de Arquivo Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe

O4 - GS\Desktop [Doom]: Diablo III.lnk . (.Blizzard Entertainment - Diablo III Setup.) -- C:\Program Files (x86)\Diablo III\Diablo III Launcher.exe

O4 - GS\Desktop [Doom]: Doom Builder 2.lnk . (.CodeImp - Doom Builder.) -- C:\Program Files (x86)\Doom Builder 2\Builder.exe

O4 - GS\Desktop [Doom]: Game Booster 3.lnk . (.IObit - Game Booster.) -- C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe

O4 - GS\Desktop [Doom]: Launch Test Drive Unlimited.lnk . (.Eden Games - Test Drive Unlimited.) -- C:\Program Files (x86)\Atari\Test Drive Unlimited\TestDriveUnlimited.exe

O4 - GS\Desktop [Doom]: Meu Computador.lnk - Chave orfã

O4 - GS\Desktop [Doom]: Meus documentos.lnk . (...) -- C:\Users\Doom\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

O4 - GS\Desktop [Doom]: Minecraft.lnk . (.TeamExtreme - 1.7.4 Cracked Minecraft Launcher.) -- C:\Users\Doom\AppData\Roaming.minecraft\minecraft launcher\Minecraft Launcher.exe

O4 - GS\Desktop [Doom]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe

O4 - GS\Desktop [Doom]: SQLite Database.lnk . (...) -- C:\Program Files (x86)\SqliteBrowser\SQLite Database Browser 2.0 b1.exe

O4 - GS\Desktop [Doom]: TeknoMW3.lnk . (.TeknoGods - TeknoMW3.) -- C:\Program Files (x86)\Call of Duty Modern Warfare 3\TeknoMW3.exe

~ Global Startup: 78 Legitimates Filtered in 00mn 02s

---\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKLM..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

O4 - HKLM..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation

O4 - HKCU..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Doom\AppData\Local\Akamai\netsession_win.exe

O4 - HKCU..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Doom\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKCU..\Run: [GarenaPlus] . (.No owner - Garena Plus.) -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe

O4 - HKLM..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe

O4 - HKLM..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

O4 - HKLM..\Wow6432Node\Run: [Auto ShutDown] Chave orfã

O4 - HKLM..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

O4 - HKUS\S-1-5-21-1654926789-2056486712-2598073010-1000..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Doom\AppData\Local\Akamai\netsession_win.exe

O4 - HKUS\S-1-5-21-1654926789-2056486712-2598073010-1000..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Doom\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKUS\S-1-5-21-1654926789-2056486712-2598073010-1000..\Run: [GarenaPlus] . (.No owner - Garena Plus.) -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe

~ Application: Scanned in 00mn 00s

---\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)

O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)

~ IE Extra Buttons: Scanned in 00mn 00s

---\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip..{976AF09B-8809-40D7-9D9C-A01F89D2EDB0}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CS1\Services\Tcpip..{976AF09B-8809-40D7-9D9C-A01F89D2EDB0}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CS2\Services\Tcpip..{976AF09B-8809-40D7-9D9C-A01F89D2EDB0}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

~ Domain: Scanned in 00mn 00s

---\ Protocolo adicional (018)

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

---\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office

O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

~ Services: 13 Legitimates Filtered in 00mn 04s

---\ Software instalados (042)

O42 - Logiciel: Auto ShutDown 1.0 - (.Falco Software, Inc..) [HKLM][64Bits] -- Auto ShutDown_is1

O42 - Logiciel: Blur Tradução BR v1.00 - (.Tribo dos Renegados Brasil®.) [HKLM][64Bits] -- Blur 2 BR

O42 - Logiciel: Chat Undetected - (.Crossrider.) [HKLM][64Bits] -- Chat Undetected =>PUP.CrossRider

O42 - Logiciel: Download Accelerator Plus (DAP) - (.Speedbit Ltd..) [HKLM][64Bits] -- Download Accelerator Plus (DAP)

O42 - Logiciel: NBA Action '98 - (...) [HKLM][64Bits] -- NBA Action '98

O42 - Logiciel: Project 64 version 2.1.0.1 - (...) [HKLM][64Bits] -- Project 64_is1

O42 - Logiciel: ZDaemon (remove only) - (...) [HKLM][64Bits] -- ZDaemon

O42 - Logiciel: Zandronum - (.Zandronum.) [HKLM][64Bits] -- Zandronum

O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected

~ Logic: 17 Legitimates Filtered in 00mn 00s

---\ HKCU & HKLM Software Keys

[HKCU\Software\ARAR]

[HKCU\Software\Baidu Security] =>Adware.BDSearch

[HKCU\Software\Csabo]

[HKCU\Software\Pando Networks]

[HKCU\Software\SimpleFiles] =>Adware.SimpleFiles

[HKCU\Software\SpeedBit]

[HKCU\Software\sXe Injected]

[HKLM\Software\COOL]

[HKLM\Software\Wow6432Node\Broadcaster]

[HKLM\Software\Wow6432Node\Freeware Edition]

[HKLM\Software\Wow6432Node\GameVicio]

[HKLM\Software\Wow6432Node\Pando Networks]

[HKLM\Software\Wow6432Node\SimpleFiles] =>Adware.SimpleFiles

[HKLM\Software\Wow6432Node\SpeedBit]

[HKLM\Software\Wow6432Node\Surreal]

[HKLM\Software\Wow6432Node\sXe_Injected]

~ Key Software: 435 Legitimates Filtered in 00mn 00s

---\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 04/04/2013 - 18:40:01 - [2,322] ----D C:\Program Files (x86)\Auto ShutDown

O43 - CFD: 09/09/2013 - 01:38:48 - [0,415] ----D C:\Program Files (x86)\Chat Undetected

O43 - CFD: 18/02/2014 - 19:37:42 - [7,708] ----D C:\Program Files (x86)\DeepSea

O43 - CFD: 03/02/2014 - 12:55:54 - [0,596] ----D C:\Program Files (x86)\GameVicio

O43 - CFD: 25/04/2013 - 17:02:42 - [0,337] ----D C:\Program Files (x86)\NowAXInst

O43 - CFD: 25/07/2013 - 12:09:18 - [7,182] ----D C:\Program Files (x86)\Pando Networks

O43 - CFD: 26/02/2014 - 19:23:45 - [16,462] ----D C:\Program Files (x86)\SqliteBrowser

O43 - CFD: 19/02/2014 - 17:02:45 - [31,839] ----D C:\Program Files (x86)\Zandronum

O43 - CFD: 17/04/2013 - 08:53:20 - [2,573] ----D C:\Program Files (x86)\Common Files\SpeedBit

O43 - CFD: 08/12/2013 - 20:29:55 - [32,675] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch

O43 - CFD: 13/10/2013 - 16:15:36 - [2,060] ----D C:\ProgramData\InstallMate =>PUP.Tarma

O43 - CFD: 17/04/2013 - 08:53:22 - [14,763] ----D C:\ProgramData\SpeedBit

O43 - CFD: 25/04/2013 - 13:25:41 - [0] ----D C:\ProgramData{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}

O43 - CFD: 25/04/2013 - 13:25:44 - [0] ----D C:\ProgramData{D76294E6-03B8-4971-AF2E-3F846161A690}

O43 - CFD: 14/10/2013 - 19:28:30 - [0] -SH-D C:\Users\Doom\AppData\Roaming\614d

O43 - CFD: 08/12/2013 - 20:30:02 - [2,042] ----D C:\Users\Doom\AppData\Roaming\Baidu Security =>Adware.BDSearch

O43 - CFD: 02/08/2013 - 10:32:34 - [0] ----D C:\Users\Doom\AppData\Roaming\Reg

O43 - CFD: 08/08/2013 - 11:35:24 - [0] ----D C:\Users\Doom\AppData\Roaming\SimpleFiles =>Adware.SimpleFiles

O43 - CFD: 07/11/2013 - 22:08:34 - [0,245] ----D C:\Users\Doom\AppData\Roaming\VIVO INTERNET

O43 - CFD: 10/04/2013 - 00:52:44 - [0] ----D C:\Users\Doom\AppData\Roaming\xim

O43 - CFD: 06/11/2013 - 01:12:01 - [0] ----D C:\Users\Doom\AppData\Roaming\YYebookset

O43 - CFD: 24/04/2013 - 13:44:18 - [0] ----D C:\Users\Doom\AppData\Roaming\YYmm

O43 - CFD: 24/07/2013 - 14:11:51 - [0] ----D C:\Users\Doom\AppData\Local\VPNReactor

O43 - CFD: 03/02/2014 - 12:55:54 - [0,008] ----D C:\Users\Doom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio

O43 - CFD: 13/09/2013 - 22:04:56 - [0] ----D C:\Users\Doom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zandronum

~ Program Folder: 299 Legitimates Filtered in 00mn 34s

---\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.0202956E92CB971416CA218E2FBFDDBB] - 13/03/2014 - 00:44:48 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [156560]

O44 - LFC:[MD5.25EFA6AD58D24634A8671F8C8457E10C] - 13/03/2014 - 00:44:48 ---A- . (...) -- C:\Windows\System32\prfc0804.dat [125174]

O44 - LFC:[MD5.55EC26CB1A530B78646C7E0EA8EB0832] - 13/03/2014 - 00:44:48 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [723308]

O44 - LFC:[MD5.09F9965324A7EEAFAD55BB3FFDEA80E4] - 13/03/2014 - 00:44:48 ---A- . (...) -- C:\Windows\System32\prfh0804.dat [382644]

~ Files: 14 Legitimates Filtered in 00mn 01s

---\ Operações e funções ao arranque do Windows Explorer (046)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

~ ShellExecuteHooks: Scanned in 00mn 00s

---\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 26/12/2013 - 13:13:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]

O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 26/12/2013 - 13:13:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320]

O58 - SDL:[MD5.118960D109F52515A0D9369139203D6D] - 08/08/2013 - 00:25:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BprotectEx.sys [76096]

O58 - SDL:[MD5.040FF3B09F26926A3792E047DB0F47DD] - 10/07/2013 - 17:04:56 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [31344]

O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]

O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]

O58 - SDL:[MD5.E63EF8C3271D014F14E2469CE75FECB4] - 31/03/2013 - 17:31:21 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [15416]

O58 - SDL:[MD5.F1CE49C11A9833A5D2EC32443A142064] - 06/12/2013 - 10:37:50 ---A- . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\Windows\System32\Drivers\mcaudrv_x64.sys [35232]

O58 - SDL:[MD5.039E4A64A5B6DE525E8CACFF1207B049] - 26/11/2013 - 22:54:02 ---A- . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\Windows\System32\Drivers\mcvidrv.sys [42016]

O58 - SDL:[MD5.9AB59CF736981ED1F83C6AB5FAA8BA5C] - 01/06/2013 - 10:49:29 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [868848]

O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]

O58 - SDL:[MD5.3C32FF010F869BC184DF71290477384E] - 22/08/2013 - 09:40:24 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40664]

O58 - SDL:[MD5.3A7CABF7DE8F1325BE8F46685469AEC3] - 20/06/2013 - 22:09:46 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]

~ Drivers: 19 Legitimates Filtered in 00mn 05s

---\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

~ Keys: Scanned in 00mn 00s

---\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.663F364580C466D0792D1DACFF816FF7] [SPRF][15/03/2014] (...) -- C:\Users\Doom\AppData\Roaming\room_v3.dat [45270]

~ Files: 1 Legitimates Filtered in 00mn 00s

---\ Lista das exceções do FireWall (FirewallRules) (O87)

O87 - FAEL: "{7828C922-EBB2-46B3-9D0E-B56075C5B93F}" |In - Public - P6 - TRUE | .(...) -- C:\Users\Doom\Documents\Emuladores\NDS WIFI\Configured Emulator1\DeSmuME_VS2008_x64_release_wifi.exe (.not file.)

O87 - FAEL: "{2F5A1CC3-4A3A-4582-A096-6F0A0FBA940C}" |In - Public - P17 - TRUE | .(...) -- C:\Users\Doom\Documents\Emuladores\NDS WIFI\Configured Emulator1\DeSmuME_VS2008_x64_release_wifi.exe (.not file.)

O87 - FAEL: "{59339E4F-9DC4-481B-A0C5-2C4F9EC5757B}" |In - Domain - P6 - FALSE | .(...) -- C:\Users\Doom\Documents\Emuladores\NDS WIFI\Configured Emulator1\DeSmuME_VS2008_x64_release_wifi.exe (.not file.)

O87 - FAEL: "{9C0E003C-F918-401B-896A-B3FC2034CD7B}" |In - Domain - P17 - FALSE | .(...) -- C:\Users\Doom\Documents\Emuladores\NDS WIFI\Configured Emulator1\DeSmuME_VS2008_x64_release_wifi.exe (.not file.)

O87 - FAEL: "{D8BBDD2C-4EC7-4E39-B5FD-BFBFB2F2B2AF}" |In - Private - P6 - TRUE | .(...) -- C:\Users\Doom\Downloads\Blackshot_GarenaPlus_Installer.exe (.not file.)

O87 - FAEL: "{BA6B35D3-201D-42A1-85B4-B7DE8FBA6F41}" |In - Private - P17 - TRUE | .(...) -- C:\Users\Doom\Downloads\Blackshot_GarenaPlus_Installer.exe (.not file.)

O87 - FAEL: "{CBDDC0D3-1BDF-4472-B987-6DE486EED16F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe (.not file.)

O87 - FAEL: "{303FD548-E3F4-434E-9DC2-22C18DB83D73}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\BlackShot.exe (.not file.)

O87 - FAEL: "TCP Query User{E8E134C6-D74B-47B4-A56F-F52DC0E63DB8}C:\program files (x86)\dap\dap.exe" | In - Private - P6 - TRUE | .(.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\program files (x86)\dap\dap.exe

O87 - FAEL: "UDP Query User{79F4C52A-ED80-4A30-81C2-3CBFFDE38B3C}C:

0 comentários

Anônima

boas tente este Download Avira RegistryCleaner

e este aconcelho sempre este porque este fas umaboa barrudura

http://pt.malwarebytes.org/ para limpar nao a nada como este

boa sorte

0 comentários

Anônima

Olá.

Faça o download do ZHPDiag2.exe ( de Nicolas Coolman )

Desabilite temporariamente seu antivírus para evitar conflitos e execute ZHPDiag2.exe para instalar a ferramenta.

|- Execute o ícone do pergaminho. ( ZHPDiag)

|- Clique SEARCH(ou PESQUISAR) e aguarde a conclusão.

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt aqui em seu tópico para podermos analisar.

0 comentários

Compartilhar via

Possível Adware

43 respostas