Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 9 usuários online :: 0 registrados, 0 invisíveis e 9 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Me ajudem a remover o maldito Awesomehp, por favor!
2 participantes
Página 1 de 1
Me ajudem a remover o maldito Awesomehp, por favor!
por favor me ajudem a retirar essa droga do meu pc, estalei o ZHPDiag e o relatorio foi esse:
~ Relatório do ZHPDiag v2014.2.10.5 - Nicolas Coolman (10/2/2014)
~ Iniciado por USUARIO (12/2/2014 16:05:59)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300
---\\ Softwares d'optimização do sistema
CCleaner v4.05 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX & Plugin
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (18% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (86%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: STI
~ User Name: USUARIO
~ All Users Names: USUARIO, SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\USUARIO\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\USUARIO\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\USUARIO\Desktop\
~ %Favorites% : C:\Documents and Settings\USUARIO\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\USUARIO\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 16:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E3CA7B02DE162AE351160FB552E9EC3C] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 04:44:53.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 16:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 13:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 09:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 08:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 15:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 06:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 15:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 08:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 08:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 09:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 09:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 09:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/10/2008 - 00:09:25.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 09:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 13:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 17:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 15:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/68
~ Mes musiques (My Musics) : 8/667
~ Mes Videos (My Videos) : 2/13
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/1630
~ Mon Bureau (My Desktop) : 2/8
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.0E68A0BD86C3F2461C7DB224368AE438] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [410152] [PID.1492]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [50344] [PID.496]
[MD5.5EEDDA81DB73A1124F97B07A6A5FB2B1] - (.New Softwares.net - Service Application.) -- C:\WINDOWS\system32\WinFLService.exe [92360] [PID.1992]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648] [PID.2040]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.788]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1368]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1044]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1824]
[MD5.2D4408773A450FF67165F08980425C97] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Arquivos de programas\CyberLink\YouCam\YouCamService.exe [255208] [PID.3736]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3872]
[MD5.13D19DBE4A376FED44886FDB4A3D0E74] - (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656] [PID.1212]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2244]
[MD5.0732975BCC894FB170B9C8D8F0F23B67] - (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe [321736] [PID.2296]
[MD5.49496011583BC78B6D3CBC484D82F50F] - (. New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServ.exe [1238216] [PID.3008]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2556]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [866632] [PID.1284]
[MD5.C5AC2D90D39224C7D84DD7E9B783BE31] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8333824] [PID.2740]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 13 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense BANESTES - {C41A1C0E-EA6C-11D4-B1B8-444553540017} . (.Banco do Estado do Espirito Santo - BANESTE - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehbnt.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: IObit Uninstaller.lnk . (.IObit - Uninstall Programs.) -- C:\Arquivos de programas\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
~ Global Startup: 4 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Arquivos de programas\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Arquivos de programas\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe
O4 - HKCU\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\.DEFAULT\..\RunOnce: [Del2031765] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [Del2031765] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.banestes.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.128.3 201.10.120.2
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginBnt . (.Banco do Estado do Espirito Santo - BANESTE - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehBnt.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: FLService (FLService) . (.New Softwares.net - Service Application.) - C:\WINDOWS\system32\WinFLService.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
~ Services: 7 Legitimates Filtered in 00mn 09s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [418]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At3.job [420]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At4.job [418]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [298] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.60BC29ECBABDB50E4B29C0C6FB881720] [APT] [At2] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496]
[MD5.60BC29ECBABDB50E4B29C0C6FB881720] [APT] [At3] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496]
[MD5.00000000000000000000000000000000] [APT] [At4] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Arquivos de programas\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
~ Scheduled Task: 23 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
O41 - Driver: (WinFLAdrv) . (...) - C:\WINDOWS\system32\WinFLAdrv.sys
~ Drivers: 87 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: OfflineMaps - (.Hungry for Knowledge.) [HKLM] -- {6058F436-7022-4063-9FE5-9615FC1FD3A7}
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\OB]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\ctfmon]
[HKCU\Software\indii.org]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\PIP]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\baidu] =>Adware.BDSearch
[HKLM\Software\indii.org]
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 376 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 4/11/2013 - 14:31:37 - [0] ----D C:\Arquivos de programas\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/12/2013 - 17:04:30 - [0,951] ----D C:\Arquivos de programas\Hungry for Knowledge
O43 - CFD: 12/8/2013 - 18:00:55 - [0] ----D C:\Arquivos de programas\indii.org
O43 - CFD: 21/6/2013 - 12:07:13 - [0,062] ----D C:\Arquivos de programas\Mx One
O43 - CFD: 12/11/2013 - 16:18:13 - [2,852] ----D C:\Arquivos de programas\OI
O43 - CFD: 1/6/2013 - 19:26:23 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 5/2/2014 - 14:31:18 - [0] ----D C:\Arquivos de programas\SupTab =>PUP.SupTab
O43 - CFD: 12/8/2013 - 17:42:40 - [1,828] ----D C:\Arquivos de programas\Tint
O43 - CFD: 1/6/2013 - 20:05:11 - [0,828] ----D C:\Arquivos de programas\utvideo
O43 - CFD: 1/6/2013 - 19:25:54 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 6/7/2013 - 00:17:31 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 12/8/2013 - 15:50:04 - [0,001] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu =>Adware.BDSearch
O43 - CFD: 23/10/2013 - 17:20:41 - [133,829] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 6/8/2013 - 10:28:22 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 5/2/2014 - 14:29:52 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService =>Trojan.Trojan.SProtector
O43 - CFD: 27/1/2014 - 15:27:54 - [0,005] ----D C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate
O43 - CFD: 10/2/2014 - 14:59:04 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ProductData
O43 - CFD: 5/2/2014 - 17:22:13 - [1,045] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer =>PUP.Tarma
O43 - CFD: 5/2/2014 - 14:31:41 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\WPM =>PUP.WpManager
O43 - CFD: 6/7/2013 - 00:17:31 - [0,009] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 12/8/2013 - 15:50:36 - [0] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu =>Adware.BDSearch
O43 - CFD: 23/10/2013 - 17:22:30 - [19,201] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/9/2013 - 16:33:50 - [0,081] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\SpeedAnalysis4 =>PUP.SpeedAnalysis
O43 - CFD: 4/11/2013 - 14:34:07 - [0,102] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX =>PUP.Dealply
O43 - CFD: 18/8/2013 - 18:24:39 - [0] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake =>Adware.WebCake
O43 - CFD: 6/7/2013 - 00:17:39 - [2,165] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 4/11/2013 - 14:56:31 - [0,016] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Devolutions
O43 - CFD: 5/2/2014 - 17:22:11 - [0] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\genienext
O43 - CFD: 5/2/2014 - 14:26:57 - [0] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Lollipop =>Adware.Lollipop
O43 - CFD: 1/6/2013 - 19:43:23 - [0,015] R---D C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Acessórios
O43 - CFD: 5/2/2014 - 14:26:55 - [0] R---D C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Inicializar
~ Program Folder: 159 Legitimates Filtered in 00mn 37s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 12/2/2014 - 13:07:11 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/2/2014 - 14:54:53 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.1E2DDDA55DC6D0FC73E1F1047952D558] - 12/2/2014 - 14:54:54 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.17C0C8794415ACD1F29371FED34C4525] - 12/2/2014 - 14:54:54 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.6B6C5E80871EC221F073B32364ABCCFA] - 4/2/2014 - 15:12:43 -SHA- . (...) -- C:\WINDOWS\system32\win_stlthdb_sys.dat [3465]
O44 - LFC:[MD5.037BC537A22BD6730BD88D10BEDB3475] - 4/2/2014 - 15:13:18 -SHA- . (...) -- C:\WINDOWS\system32\win_fldb_sys.dat [2079]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 5/2/2014 - 13:53:36 ---A- . (...) -- C:\WINDOWS\system32\config.ini [29]
~ Files: 26 Legitimates Filtered in 00mn 38s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399017} - C:\Arquivos de programas\GbPlugin\gbiehbnt.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Arquivos de programas\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Arquivos de programas\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
~ Keys Export: 12 Legitimates Filtered in 00mn 07s
---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\WinFLAdrv.sys . (...) -- C:\WINDOWS\system32\Drivers\WinFLAdrv.sys (.not file.)
~ CSB: 24 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{68a767fa-4bc6-11e3-9ae7-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{68a767fe-4bc6-11e3-9ae7-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{7d6e1a89-cc57-11e2-9a29-0017c4920239}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{f600bf12-1349-11e3-9a91-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{f600bf14-1349-11e3-9a91-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 01s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.CSCD"="CamCodec.dll" . (.CamStudio Group - CamStudio Lossless Video Codec.) -- C:\WINDOWS\system32\CamCodec.dll
O52 - TDSD: \Drivers32\"VIDC.MLCY"="mlc.dll" . (...) -- C:\WINDOWS\system32\mlc.dll
O52 - TDSD: \Drivers32\"VIDC.ULRA"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULRG"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULY0"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULY2"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.VP80"="vp8vfw.dll" . (.Optima SC Inc. - Google VP8 VFW Video Codec.) -- C:\WINDOWS\system32\vp8vfw.dll
O52 - TDSD: \Drivers32\"VIDC.GEOX"="GeoCodec.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \Drivers32\"VIDC.GEOV"="GeoCodec.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \Drivers32\"VIDC.GEOS"="GeoCodecD.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodecD.dll
O52 - TDSD: \drivers.desc\"CamCodec.dll"="CamStudio Lossless Codec" . (.CamStudio Group - CamStudio Lossless Video Codec.) -- C:\WINDOWS\system32\CamCodec.dll
O52 - TDSD: \drivers.desc\"mlc.dll"="MLC Lossless Codec" . (...) -- C:\WINDOWS\system32\mlc.dll
O52 - TDSD: \drivers.desc\"vp8vfw.dll"="VP8 Video Codec" . (.Optima SC Inc. - Google VP8 VFW Video Codec.) -- C:\WINDOWS\system32\vp8vfw.dll
O52 - TDSD: \drivers.desc\"GeoCodec.dll"="GeoVision MPEG4" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \drivers.desc\"GeoCodecD.dll"="GeoVision MPEG4 Decoder" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodecD.dll
~ TDSD: 48 Legitimates Filtered in 00mn 03s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 22/11/2013 - 12:47:18 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 30/12/2013 - 21:07:25 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 21/10/2008 - 00:08:13 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 12/2/2014 - 13:07:11 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 06:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 06:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 21/10/2008 - 00:08:13 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 06:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 06:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 06:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 06:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/4/2008 - 06:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 13/4/2008 - 06:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/4/2008 - 06:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/4/2008 - 06:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/4/2008 - 06:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/4/2008 - 06:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.CB79207A1E4F697533678B7DF0C91648] - 6/11/2013 - 14:32:46 ---A- . (...) -- C:\WINDOWS\system32\WinFLAdrv.sys [29184]
O58 - SDL:[MD5.2BD447AA9488959A76508E5F78619FE4] - 6/11/2013 - 14:32:44 ---A- . (...) -- C:\WINDOWS\system32\WinVDEdrv6.sys [188176]
~ Drivers: 5 Legitimates Filtered in 00mn 11s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 6/11/2013 - C:\WINDOWS\system32\WinFLService.exe (FLService) .(.New Softwares.net - Service Application.) - LEGACY_FLSERVICE
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 23/5/2013 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 147 Legitimates Filtered in 00mn 02s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {22648294-A905-43D9-97B8-135DB5798537} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B56980E72033219E8CC57BB0746871C0] [SPRF][4/2/2014] (...) -- C:\Documents and Settings\All Users\Dados de aplicativos\win_mpwd_sys.dat [2568]
[MD5.9A28A9DBBA6739C90C741C398E8E4E8D] [SPRF][28/1/2014] (...) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\unins000.dat [29619]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][28/1/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\unins000.exe [720082]
[MD5.BD326079B03A3A5C864C29F10E867836] [SPRF][28/1/2014] (...) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\USUARIOv1.18.0 - Trial versionlog.dat [8008]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4D92E596CAFD2019F19CC6A16143C57D] [WIS][1/6/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\19dd2c.msi [1632768]
~ WIS: 40 Legitimates Filtered in 00mn 12s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 5/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 2/6/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SS - | Auto 7/2/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 10/2/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 6/11/2013 92360 | (FLService) . (.New Softwares.net.) - C:\WINDOWS\system32\WinFLService.exe
SR - | Auto 23/5/2013 410152 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 5/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: Scanned in 00mn 15s
---\\ Scâner Aditional (088)
Database Version : 13030 - (10/2/2014)
Clés trouvées (Keys found) : 27
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 10
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342226}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322802294}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.6.0.35848] =>Adware.BDSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.7.0.0] =>Adware.BDSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Arquivos de programas\Baidu Security =>Adware.BDSearch^
C:\Arquivos de programas\SupTab =>PUP.SupTab^
C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService =>Trojan.Trojan.SProtector^
C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer =>PUP.Tarma^
C:\Documents and Settings\All Users\Dados de aplicativos\WPM =>PUP.WpManager^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu =>Adware.BDSearch^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\USUARIO\Dados de aplicativos\SpeedAnalysis4 =>PUP.SpeedAnalysis^
C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX =>PUP.Dealply^
C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake =>Adware.WebCake^
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Lollipop =>Adware.Lollipop^
C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate =>PUP.Tarma
C:\Documents and Settings\USUARIO\Dados de aplicativos\SearchProtect =>Toolbar.Conduit
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\SearchProtect =>Toolbar.Conduit
C:\WINDOWS\Tasks\GoforFilesUpdate.job =>P2P.GoforFiles^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 178527 Items scanned in 00mn 56s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VidSaver
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SpeedAnalysis
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.WebCake
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.RewardsArcade
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 20 link(s) detected in 00mn 56s
~ 950 Legitimates filtered by white list
End of the scan (676 lines in 03mn 35s)(0)
~ Relatório do ZHPDiag v2014.2.10.5 - Nicolas Coolman (10/2/2014)
~ Iniciado por USUARIO (12/2/2014 16:05:59)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300
---\\ Softwares d'optimização do sistema
CCleaner v4.05 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 ActiveX & Plugin
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2008 MB (18% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (86%) free of 149 GB
---\\ Modo de conexão ao sistema
~ Computer Name: STI
~ User Name: USUARIO
~ All Users Names: USUARIO, SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\USUARIO\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\USUARIO\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\USUARIO\Desktop\
~ %Favorites% : C:\Documents and Settings\USUARIO\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\USUARIO\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 149 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 16:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.E3CA7B02DE162AE351160FB552E9EC3C] - (.Microsoft Corporation - Internet Extensions for Win32.) (.29/10/2013 - 04:44:53.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 16:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 13:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 09:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 08:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 15:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 06:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 15:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 08:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 08:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 09:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 09:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 09:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.21/10/2008 - 00:09:25.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 09:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 13:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 17:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 15:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/68
~ Mes musiques (My Musics) : 8/667
~ Mes Videos (My Videos) : 2/13
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 2/1630
~ Mon Bureau (My Desktop) : 2/8
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.0E68A0BD86C3F2461C7DB224368AE438] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe [410152] [PID.1492]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [50344] [PID.496]
[MD5.5EEDDA81DB73A1124F97B07A6A5FB2B1] - (.New Softwares.net - Service Application.) -- C:\WINDOWS\system32\WinFLService.exe [92360] [PID.1992]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648] [PID.2040]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.788]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1368]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1044]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1824]
[MD5.2D4408773A450FF67165F08980425C97] - (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Arquivos de programas\CyberLink\YouCam\YouCamService.exe [255208] [PID.3736]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3872]
[MD5.13D19DBE4A376FED44886FDB4A3D0E74] - (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe [275656] [PID.1212]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2244]
[MD5.0732975BCC894FB170B9C8D8F0F23B67] - (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe [321736] [PID.2296]
[MD5.49496011583BC78B6D3CBC484D82F50F] - (. New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServ.exe [1238216] [PID.3008]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2556]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [866632] [PID.1284]
[MD5.C5AC2D90D39224C7D84DD7E9B783BE31] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8333824] [PID.2740]
~ Processes Running: Scanned in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 13 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 18
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense BANESTES - {C41A1C0E-EA6C-11D4-B1B8-444553540017} . (.Banco do Estado do Espirito Santo - BANESTE - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehbnt.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: IObit Uninstaller.lnk . (.IObit - Uninstall Programs.) -- C:\Arquivos de programas\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
~ Global Startup: 4 Legitimates Filtered in 00mn 02s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [YouCam Service] . (.CyberLink Corp. - CyberLink YouCam Service.) -- C:\Arquivos de programas\CyberLink\YouCam\YouCamService.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Arquivos de programas\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKCU\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe
O4 - HKCU\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\.DEFAULT\..\RunOnce: [Del2031765] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-18\..\RunOnce: [Del2031765] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] Chave orfã
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] Chave orfã
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [FLBackup] . (.New Softwares.net - No Comment.) -- C:\Arquivos de programas\NewSoftware's\Folder Lock\FLComServCtrl.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [WinFLTray] . (. New Softwares.net - Tray Application.) -- C:\WINDOWS\system32\WinFLTray.exe
O4 - HKUS\S-1-5-21-1547161642-220523388-1417001333-1004\..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) -- C:\Arquivos de programas\CCleaner\CCleaner.exe =>Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.banestes.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} ((no name)) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{D8432211-D9FD-481A-BC26-D85D159EA632}: DhcpNameServer = 201.10.128.3 201.10.120.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.10.128.3 201.10.120.2
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginBnt . (.Banco do Estado do Espirito Santo - BANESTE - Gbieh Module.) -- C:\Arquivos de programas\GbPlugin\gbiehBnt.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: FLService (FLService) . (.New Softwares.net - Service Application.) - C:\WINDOWS\system32\WinFLService.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
~ Services: 7 Legitimates Filtered in 00mn 09s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At2.job [418]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At3.job [420]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At4.job [418]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoforFilesUpdate.job [298] =>P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [At1] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.60BC29ECBABDB50E4B29C0C6FB881720] [APT] [At2] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496]
[MD5.60BC29ECBABDB50E4B29C0C6FB881720] [APT] [At3] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe [106496]
[MD5.00000000000000000000000000000000] [APT] [At4] (...) -- C:\DOCUME~1\USUARIO\DADOSD~1\SAVESE~1\UPDATE~1\UPDATE~1.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Arquivos de programas\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
~ Scheduled Task: 23 Legitimates Filtered in 00mn 00s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
O41 - Driver: (WinFLAdrv) . (...) - C:\WINDOWS\system32\WinFLAdrv.sys
~ Drivers: 87 Legitimates Filtered in 00mn 02s
---\\ Software instalados (042)
O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: OfflineMaps - (.Hungry for Knowledge.) [HKLM] -- {6058F436-7022-4063-9FE5-9615FC1FD3A7}
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN PIP]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Baidu] =>Adware.BDSearch
[HKCU\Software\GbAs]
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\OB]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\ctfmon]
[HKCU\Software\indii.org]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\PIP]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\baidu] =>Adware.BDSearch
[HKLM\Software\indii.org]
[HKLM\Software\supTab] =>PUP.SupTab
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 376 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 4/11/2013 - 14:31:37 - [0] ----D C:\Arquivos de programas\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/12/2013 - 17:04:30 - [0,951] ----D C:\Arquivos de programas\Hungry for Knowledge
O43 - CFD: 12/8/2013 - 18:00:55 - [0] ----D C:\Arquivos de programas\indii.org
O43 - CFD: 21/6/2013 - 12:07:13 - [0,062] ----D C:\Arquivos de programas\Mx One
O43 - CFD: 12/11/2013 - 16:18:13 - [2,852] ----D C:\Arquivos de programas\OI
O43 - CFD: 1/6/2013 - 19:26:23 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 5/2/2014 - 14:31:18 - [0] ----D C:\Arquivos de programas\SupTab =>PUP.SupTab
O43 - CFD: 12/8/2013 - 17:42:40 - [1,828] ----D C:\Arquivos de programas\Tint
O43 - CFD: 1/6/2013 - 20:05:11 - [0,828] ----D C:\Arquivos de programas\utvideo
O43 - CFD: 1/6/2013 - 19:25:54 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 6/7/2013 - 00:17:31 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 12/8/2013 - 15:50:04 - [0,001] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu =>Adware.BDSearch
O43 - CFD: 23/10/2013 - 17:20:41 - [133,829] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 6/8/2013 - 10:28:22 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
O43 - CFD: 5/2/2014 - 14:29:52 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService =>Trojan.Trojan.SProtector
O43 - CFD: 27/1/2014 - 15:27:54 - [0,005] ----D C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate
O43 - CFD: 10/2/2014 - 14:59:04 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ProductData
O43 - CFD: 5/2/2014 - 17:22:13 - [1,045] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer =>PUP.Tarma
O43 - CFD: 5/2/2014 - 14:31:41 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\WPM =>PUP.WpManager
O43 - CFD: 6/7/2013 - 00:17:31 - [0,009] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 12/8/2013 - 15:50:36 - [0] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu =>Adware.BDSearch
O43 - CFD: 23/10/2013 - 17:22:30 - [19,201] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 19/9/2013 - 16:33:50 - [0,081] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\SpeedAnalysis4 =>PUP.SpeedAnalysis
O43 - CFD: 4/11/2013 - 14:34:07 - [0,102] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX =>PUP.Dealply
O43 - CFD: 18/8/2013 - 18:24:39 - [0] ----D C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake =>Adware.WebCake
O43 - CFD: 6/7/2013 - 00:17:39 - [2,165] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon =>PUP.Babylon
O43 - CFD: 4/11/2013 - 14:56:31 - [0,016] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Devolutions
O43 - CFD: 5/2/2014 - 17:22:11 - [0] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\genienext
O43 - CFD: 5/2/2014 - 14:26:57 - [0] ----D C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Lollipop =>Adware.Lollipop
O43 - CFD: 1/6/2013 - 19:43:23 - [0,015] R---D C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Acessórios
O43 - CFD: 5/2/2014 - 14:26:55 - [0] R---D C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Inicializar
~ Program Folder: 159 Legitimates Filtered in 00mn 37s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 12/2/2014 - 13:07:11 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/2/2014 - 14:54:53 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.1E2DDDA55DC6D0FC73E1F1047952D558] - 12/2/2014 - 14:54:54 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.17C0C8794415ACD1F29371FED34C4525] - 12/2/2014 - 14:54:54 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.6B6C5E80871EC221F073B32364ABCCFA] - 4/2/2014 - 15:12:43 -SHA- . (...) -- C:\WINDOWS\system32\win_stlthdb_sys.dat [3465]
O44 - LFC:[MD5.037BC537A22BD6730BD88D10BEDB3475] - 4/2/2014 - 15:13:18 -SHA- . (...) -- C:\WINDOWS\system32\win_fldb_sys.dat [2079]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 5/2/2014 - 13:53:36 ---A- . (...) -- C:\WINDOWS\system32\config.ini [29]
~ Files: 26 Legitimates Filtered in 00mn 38s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399017} - C:\Arquivos de programas\GbPlugin\gbiehbnt.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\GoforFiles\goforfilesdl.exe" [Enabled] .(...) -- C:\Arquivos de programas\GoforFiles\goforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\GoforFiles\GoforFiles.exe" [Enabled] .(...) -- C:\Arquivos de programas\GoforFiles\GoforFiles.exe (.not file.) =>P2P.GoforFiles
~ Keys Export: 12 Legitimates Filtered in 00mn 07s
---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\WinFLAdrv.sys . (...) -- C:\WINDOWS\system32\Drivers\WinFLAdrv.sys (.not file.)
~ CSB: 24 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{68a767fa-4bc6-11e3-9ae7-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{68a767fe-4bc6-11e3-9ae7-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{7d6e1a89-cc57-11e2-9a29-0017c4920239}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{f600bf12-1349-11e3-9a91-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{f600bf14-1349-11e3-9a91-0017c4920239}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 01s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.CSCD"="CamCodec.dll" . (.CamStudio Group - CamStudio Lossless Video Codec.) -- C:\WINDOWS\system32\CamCodec.dll
O52 - TDSD: \Drivers32\"VIDC.MLCY"="mlc.dll" . (...) -- C:\WINDOWS\system32\mlc.dll
O52 - TDSD: \Drivers32\"VIDC.ULRA"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULRG"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULY0"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.ULY2"="C:\WINDOWS\system32\utv_vcm.dll" . (...) -- C:\WINDOWS\system32\utv_vcm.dll
O52 - TDSD: \Drivers32\"VIDC.VP80"="vp8vfw.dll" . (.Optima SC Inc. - Google VP8 VFW Video Codec.) -- C:\WINDOWS\system32\vp8vfw.dll
O52 - TDSD: \Drivers32\"VIDC.GEOX"="GeoCodec.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \Drivers32\"VIDC.GEOV"="GeoCodec.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \Drivers32\"VIDC.GEOS"="GeoCodecD.dll" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodecD.dll
O52 - TDSD: \drivers.desc\"CamCodec.dll"="CamStudio Lossless Codec" . (.CamStudio Group - CamStudio Lossless Video Codec.) -- C:\WINDOWS\system32\CamCodec.dll
O52 - TDSD: \drivers.desc\"mlc.dll"="MLC Lossless Codec" . (...) -- C:\WINDOWS\system32\mlc.dll
O52 - TDSD: \drivers.desc\"vp8vfw.dll"="VP8 Video Codec" . (.Optima SC Inc. - Google VP8 VFW Video Codec.) -- C:\WINDOWS\system32\vp8vfw.dll
O52 - TDSD: \drivers.desc\"GeoCodec.dll"="GeoVision MPEG4" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodec.dll
O52 - TDSD: \drivers.desc\"GeoCodecD.dll"="GeoVision MPEG4 Decoder" . (.GeoVision - GeoVision(R) Codec.) -- C:\WINDOWS\system32\GeoCodecD.dll
~ TDSD: 48 Legitimates Filtered in 00mn 03s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 22/11/2013 - 12:47:18 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 30/12/2013 - 21:07:25 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 21/10/2008 - 00:08:13 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 8/5/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\WINDOWS\system32\Drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 12/2/2014 - 13:07:11 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\WINDOWS\system32\Drivers\GbpNdisrd.sys [31088]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/4/2008 - 06:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 06:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 21/10/2008 - 00:08:13 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 06:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 06:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 06:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 06:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/4/2008 - 06:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 06:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 13/4/2008 - 06:49:48 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/4/2008 - 06:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/4/2008 - 06:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/4/2008 - 06:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/4/2008 - 06:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
O58 - SDL:[MD5.CB79207A1E4F697533678B7DF0C91648] - 6/11/2013 - 14:32:46 ---A- . (...) -- C:\WINDOWS\system32\WinFLAdrv.sys [29184]
O58 - SDL:[MD5.2BD447AA9488959A76508E5F78619FE4] - 6/11/2013 - 14:32:44 ---A- . (...) -- C:\WINDOWS\system32\WinVDEdrv6.sys [188176]
~ Drivers: 5 Legitimates Filtered in 00mn 11s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 6/11/2013 - C:\WINDOWS\system32\WinFLService.exe (FLService) .(.New Softwares.net - Service Application.) - LEGACY_FLSERVICE
O64 - Services: CurCS - 8/5/2013 - C:\WINDOWS\system32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 23/5/2013 - C:\Arquivos de programas\GbPlugin\gbpsv.exe (GbpSv) .(.GAS Tecnologia - G-Buster Browser Defense - Service.) - LEGACY_GBPSV
~ Legacy: 147 Legitimates Filtered in 00mn 02s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
O69 - SBI: SearchScopes [HKCU] {22648294-A905-43D9-97B8-135DB5798537} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.B56980E72033219E8CC57BB0746871C0] [SPRF][4/2/2014] (...) -- C:\Documents and Settings\All Users\Dados de aplicativos\win_mpwd_sys.dat [2568]
[MD5.9A28A9DBBA6739C90C741C398E8E4E8D] [SPRF][28/1/2014] (...) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\unins000.dat [29619]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][28/1/2014] (.No owner - Setup/Uninstall.) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\unins000.exe [720082]
[MD5.BD326079B03A3A5C864C29F10E867836] [SPRF][28/1/2014] (...) -- C:\Documents and Settings\USUARIO\Dados de aplicativos\USUARIOv1.18.0 - Trial versionlog.dat [8008]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4D92E596CAFD2019F19CC6A16143C57D] [WIS][1/6/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\19dd2c.msi [1632768]
~ WIS: 40 Legitimates Filtered in 00mn 12s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 5/11/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 2/6/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SS - | Auto 7/2/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SR - | Auto 10/2/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 6/11/2013 92360 | (FLService) . (.New Softwares.net.) - C:\WINDOWS\system32\WinFLService.exe
SR - | Auto 23/5/2013 410152 | (GbpSv) . (.GAS Tecnologia.) - C:\Arquivos de programas\GbPlugin\gbpsv.exe
SR - | Auto 5/11/2013 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SR - | Auto 4/4/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/4/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: Scanned in 00mn 15s
---\\ Scâner Aditional (088)
Database Version : 13030 - (10/2/2014)
Clés trouvées (Keys found) : 27
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 19
Fichiers trouvés (Files found) : 10
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =>Adware.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342226}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322802294}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.6.0.35848] =>Adware.BDSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.7.0.0] =>Adware.BDSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Arquivos de programas\Baidu Security =>Adware.BDSearch^
C:\Arquivos de programas\SupTab =>PUP.SupTab^
C:\Documents and Settings\All Users\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService =>Trojan.Trojan.SProtector^
C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer =>PUP.Tarma^
C:\Documents and Settings\All Users\Dados de aplicativos\WPM =>PUP.WpManager^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu =>Adware.BDSearch^
C:\Documents and Settings\USUARIO\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\USUARIO\Dados de aplicativos\SpeedAnalysis4 =>PUP.SpeedAnalysis^
C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX =>PUP.Dealply^
C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake =>Adware.WebCake^
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon =>PUP.Babylon^
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Lollipop =>Adware.Lollipop^
C:\Documents and Settings\All Users\Dados de aplicativos\InstallMate =>PUP.Tarma
C:\Documents and Settings\USUARIO\Dados de aplicativos\SearchProtect =>Toolbar.Conduit
C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\SearchProtect =>Toolbar.Conduit
C:\WINDOWS\Tasks\GoforFilesUpdate.job =>P2P.GoforFiles^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\Baidu] =>Adware.BDSearch^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\baidu] =>Adware.BDSearch^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKLM\Software\supWPM] =>PUP.WpManager^
~ Additionnel Scan: 178527 Items scanned in 00mn 56s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Mobogenie
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VidSaver
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.Lollipop
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Tarma
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Babylon
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.SProtector
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SpeedAnalysis
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.WebCake
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.RewardsArcade
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ MSI: 20 link(s) detected in 00mn 56s
~ 950 Legitimates filtered by white list
End of the scan (676 lines in 03mn 35s)(0)
Última edição por Fabricio25 em Qua 12 Fev 2014, 16:12, editado 1 vez(es)
Fabricio25- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 11/02/2014
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Olá Fabrício. Seja bem vindo ao Fórum PC Brasil.
O relatório que você postou está incompleto. Poste ele inteiro, por gentileza, para que possamos analisar.
O relatório que você postou está incompleto. Poste ele inteiro, por gentileza, para que possamos analisar.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Editei novamente..espero que agora o relatório esteja Completo! Muito Obrigado!
Fabricio25- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 11/02/2014
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Agora está certo, estou analisando o seu log e daqui há pouco te passo o procedimento.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Sáb 08 Mar 2014, 23:19, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Rapport de ZHPFix 2014.2.3.1 par Nicolas Coolman, Update du 03/02/2014
Fichier d'export Registre :
Run by USUARIO at 12/2/2014 17:25:52
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 14s)
========== Softwares ==========
AUSENTE Uninstall Process: c:\docume~1\usuario\dadosd~1\update~1\updateproc\updatetask.exe
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ELIMINÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: InCDPass
ELIMINÉ Driver Key: InCDRm
ELIMINÉ: HKCU\Software\APN PIP
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\InstalledBrowserExtensions
ELIMINÉ: HKCU\Software\Smartbar
ELIMINÉ: HKCU\Software\Softonic
ELIMINÉ: HKCU\Software\lollipop
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\PIP
ELIMINÉ: HKLM\Software\Tarma Installer
ELIMINÉ: HKLM\Software\Wpm
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWPM
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\WinFLAdrv.sys . (...) -- C:\WINDOWS\system32\Drivers\WinFLAdrv.sys (.not file.)
ELIMINÉ CLSID MPSK: {68a767fa-4bc6-11e3-9ae7-0017c4920239}
ELIMINÉ CLSID MPSK: {68a767fe-4bc6-11e3-9ae7-0017c4920239}
ELIMINÉ CLSID MPSK: {7d6e1a89-cc57-11e2-9a29-0017c4920239}
ELIMINÉ CLSID MPSK: {f600bf12-1349-11e3-9a91-0017c4920239}
ELIMINÉ CLSID MPSK: {f600bf14-1349-11e3-9a91-0017c4920239}
ELIMINÉ: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
ELIMINÉ: HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
ELIMINÉ: HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
ELIMINÉ: HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
ELIMINÉ: HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
ELIMINÉ: HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
ELIMINÉ: HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
ELIMINÉ: HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
ELIMINÉ: HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
ELIMINÉ: HKLM\Software\Classes\Prod.cap
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
ELIMINÉ: HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322802294}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.6.0.35848
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.7.0.0
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ RunValue: mobilegeni daemon
ELIMINÉ RunValue: MsnMsgr
ELIMINÉ RunValue: nltide_2
ELIMINÉ RunValue: nltide_3
ELIMINÉ RunValue: SpUninstallDeleteDir
ELIMINÉ AAKE KeyValue: C:\Arquivos de programas\GoforFiles\goforfilesdl.exe
ELIMINÉ AAKE KeyValue: C:\Arquivos de programas\GoforFiles\GoforFiles.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\windows\tasks\at1.job
ELIMINÉ: c:\windows\tasks\at2.job
ELIMINÉ: c:\windows\tasks\at3.job
ELIMINÉ: c:\windows\tasks\at4.job
ELIMINÉ: c:\windows\tasks\goforfilesupdate.job
ELIMINÉ Temporários windows (3) (1.397 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: At1
ELIMINÉ: At2
ELIMINÉ: At3
ELIMINÉ: At4
ELIMINÉ: GoforFilesUpdate
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
49 : Chaves do Registo
14 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
7 : Ficheiros
1 : Softwares
5 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 03s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\USUARIO\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 12/2/2014 17:26:07 [5301]
Fichier d'export Registre :
Run by USUARIO at 12/2/2014 17:25:52
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 14s)
========== Softwares ==========
AUSENTE Uninstall Process: c:\docume~1\usuario\dadosd~1\update~1\updateproc\updatetask.exe
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\DOCUME~1\USUARIO\DADOSD~1\UPDATE~1\UPDATE~1\UPDATE~1.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ELIMINÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: InCDPass
ELIMINÉ Driver Key: InCDRm
ELIMINÉ: HKCU\Software\APN PIP
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ: HKCU\Software\InstalledBrowserExtensions
ELIMINÉ: HKCU\Software\Smartbar
ELIMINÉ: HKCU\Software\Softonic
ELIMINÉ: HKCU\Software\lollipop
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\PIP
ELIMINÉ: HKLM\Software\Tarma Installer
ELIMINÉ: HKLM\Software\Wpm
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ: HKLM\Software\supTab
ELIMINÉ: HKLM\Software\supWPM
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\WinFLAdrv.sys . (...) -- C:\WINDOWS\system32\Drivers\WinFLAdrv.sys (.not file.)
ELIMINÉ CLSID MPSK: {68a767fa-4bc6-11e3-9ae7-0017c4920239}
ELIMINÉ CLSID MPSK: {68a767fe-4bc6-11e3-9ae7-0017c4920239}
ELIMINÉ CLSID MPSK: {7d6e1a89-cc57-11e2-9a29-0017c4920239}
ELIMINÉ CLSID MPSK: {f600bf12-1349-11e3-9a91-0017c4920239}
ELIMINÉ CLSID MPSK: {f600bf14-1349-11e3-9a91-0017c4920239}
ELIMINÉ: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
ELIMINÉ: HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
ELIMINÉ: HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
ELIMINÉ: HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
ELIMINÉ: HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
ELIMINÉ: HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
ELIMINÉ: HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
ELIMINÉ: HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
ELIMINÉ: HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
ELIMINÉ: HKLM\Software\Classes\Prod.cap
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
ELIMINÉ: HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
ELIMINÉ: HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322802294}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.6.0.35848
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Baidu PC Faster 3.7.0.0
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ RunValue: mobilegeni daemon
ELIMINÉ RunValue: MsnMsgr
ELIMINÉ RunValue: nltide_2
ELIMINÉ RunValue: nltide_3
ELIMINÉ RunValue: SpUninstallDeleteDir
ELIMINÉ AAKE KeyValue: C:\Arquivos de programas\GoforFiles\goforfilesdl.exe
ELIMINÉ AAKE KeyValue: C:\Arquivos de programas\GoforFiles\GoforFiles.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page =
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\windows\tasks\at1.job
ELIMINÉ: c:\windows\tasks\at2.job
ELIMINÉ: c:\windows\tasks\at3.job
ELIMINÉ: c:\windows\tasks\at4.job
ELIMINÉ: c:\windows\tasks\goforfilesupdate.job
ELIMINÉ Temporários windows (3) (1.397 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: At1
ELIMINÉ: At2
ELIMINÉ: At3
ELIMINÉ: At4
ELIMINÉ: GoforFilesUpdate
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
49 : Chaves do Registo
14 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
7 : Ficheiros
1 : Softwares
5 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 03s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\USUARIO\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 12/2/2014 17:26:07 [5301]
Fabricio25- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 11/02/2014
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Siga, por gentileza, as dicas dos tutoriais abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt e o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Última edição por Power Max em Sáb 08 Mar 2014, 23:19, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Me ajudem a remover o maldito Awesomehp, por favor!
log do Adwcleaner:
# AdwCleaner v3.018 - Relatório criado 07/02/2014 às 17:22:49
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USUARIO - STI
# Executando de : C:\Documents and Settings\USUARIO\Meus documentos\Downloads\adwcleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\WINDOWS\Tasks\GoforFilesUpdate.job
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Encontrado C:\Documents and Settings\NetworkService\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\lollipop
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Searchprotect
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\baidu
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\goforfiles
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\Searchprotect
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\installedbrowserextensions
Chave Encontrada : HKCU\Software\lollipop
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Chave Encontrada : HKCU\Software\smartbar
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366806694}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Encontrada : HKLM\Software\PIP
Chave Encontrada : HKLM\Software\Tarma Installer
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\GoforFiles\GoforFiles.exe]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\GoforFiles\goforfilesdl.exe]
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v32.0.1700.107
[ Arquivo : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5702 octets] - [07/02/2014 16:55:16]
AdwCleaner[R1].txt - [5622 octets] - [07/02/2014 17:22:49]
AdwCleaner[S0].txt - [378 octets] - [07/02/2014 16:56:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5741 octets] ##########
# AdwCleaner v3.019 - Relatório criado 18/02/2014 às 13:01:19
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USUARIO - STI
# Executando de : C:\Documents and Settings\USUARIO\Meus documentos\Downloads\AdwCleaner (1).exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Encontrado : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn
Pasta Encontrado C:\Arquivos de programas\Mobogenie
Pasta Encontrado C:\Documents and Settings\NetworkService\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Mobogenie
***** [ Atalhos ] *****
Atalho Encontrado : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\GoforFiles
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Encontrada : HKCU\Software\UpdaterEX
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Encontrada : HKLM\Software\GoforFiles
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command [(Default)] - "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [(Default)] - "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Arquivos de programas\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v32.0.1700.107
[ Arquivo : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8455 octets] - [07/02/2014 15:55:16]
AdwCleaner[R1].txt - [10995 octets] - [07/02/2014 16:22:49]
AdwCleaner[S0].txt - [760 octets] - [07/02/2014 15:56:56]
AdwCleaner[S1].txt - [378 octets] - [07/02/2014 16:24:02]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11174 octets] ##########
log do Junkware Removal Tool :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by USUARIO on seg 17/02/2014 at 17:54:08,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366806694}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366806694}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\USUARIO\Dados de aplicativos\goforfiles"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on seg 17/02/2014 at 18:05:23,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.018 - Relatório criado 07/02/2014 às 17:22:49
# Atualizado 28/01/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USUARIO - STI
# Executando de : C:\Documents and Settings\USUARIO\Meus documentos\Downloads\adwcleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\WINDOWS\Tasks\GoforFilesUpdate.job
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
Pasta Encontrado C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Encontrado C:\Documents and Settings\NetworkService\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\lollipop
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Searchprotect
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\Babylon
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\baidu
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\goforfiles
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\Searchprotect
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Dados de aplicativos\WebCake
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\APN PIP
Chave Encontrada : HKCU\Software\installedbrowserextensions
Chave Encontrada : HKCU\Software\lollipop
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Chave Encontrada : HKCU\Software\smartbar
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366806694}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Encontrada : HKLM\Software\PIP
Chave Encontrada : HKLM\Software\Tarma Installer
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\GoforFiles\GoforFiles.exe]
Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Arquivos de programas\GoforFiles\goforfilesdl.exe]
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v32.0.1700.107
[ Arquivo : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5702 octets] - [07/02/2014 16:55:16]
AdwCleaner[R1].txt - [5622 octets] - [07/02/2014 17:22:49]
AdwCleaner[S0].txt - [378 octets] - [07/02/2014 16:56:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5741 octets] ##########
# AdwCleaner v3.019 - Relatório criado 18/02/2014 às 13:01:19
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : USUARIO - STI
# Executando de : C:\Documents and Settings\USUARIO\Meus documentos\Downloads\AdwCleaner (1).exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Encontrado : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn
Pasta Encontrado C:\Arquivos de programas\Mobogenie
Pasta Encontrado C:\Documents and Settings\NetworkService\Dados de aplicativos\UpdaterEX
Pasta Encontrado C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Mobogenie
***** [ Atalhos ] *****
Atalho Encontrado : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atalho Encontrado : C:\Documents and Settings\USUARIO\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\GoforFiles
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Encontrada : HKCU\Software\UpdaterEX
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Chave Encontrada : HKLM\Software\GoforFiles
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bonanza Deals
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-2.3
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command [(Default)] - "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [(Default)] - "C:\Arquivos de programas\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Arquivos de programas\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v32.0.1700.107
[ Arquivo : C:\Documents and Settings\USUARIO\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8455 octets] - [07/02/2014 15:55:16]
AdwCleaner[R1].txt - [10995 octets] - [07/02/2014 16:22:49]
AdwCleaner[S0].txt - [760 octets] - [07/02/2014 15:56:56]
AdwCleaner[S1].txt - [378 octets] - [07/02/2014 16:24:02]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11174 octets] ##########
log do Junkware Removal Tool :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by USUARIO on seg 17/02/2014 at 17:54:08,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366806694}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366806694}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\USUARIO\Dados de aplicativos\goforfiles"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on seg 17/02/2014 at 18:05:23,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fabricio25- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 11/02/2014
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Quanto ao AdwCleaner, faz muitos dias que você executou ele, veja:
# AdwCleaner v3.018 - Relatório criado 07/02/2014 às 17:22:49
_________________________________________________________
Abra o Adwcleaner > Clique em Examinar > Assim que ele concluir o exame clique em Limpar e depois poste novo relatório que ele irá criar.
# AdwCleaner v3.018 - Relatório criado 07/02/2014 às 17:22:49
_________________________________________________________
Abra o Adwcleaner > Clique em Examinar > Assim que ele concluir o exame clique em Limpar e depois poste novo relatório que ele irá criar.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Me ajudem a remover o maldito Awesomehp, por favor!
Eu ja fiz isso, quando coloco pra limpar o computador trava! Fiz 3 vezes ja e acontece a msm coisa sempre! Não chega a concluir! O que faço?
Fabricio25- Iniciante
- Mensagens : 5
Reputação : 0
Data de inscrição : 11/02/2014
Re: Me ajudem a remover o maldito Awesomehp, por favor!
* Inicie o PC em Modo Seguro (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver no Modo seguro você executa novamente o Adwcleaner e faz a limpeza com ele e depois poste o relatório que ele irá criar aqui em seu tópico.
Se mesmo assim não for possível, nos avise para buscarmos outra alternativa.
Se mesmo assim não for possível, nos avise para buscarmos outra alternativa.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Me ajudem a remover o maldito Awesomehp, por favor!
TÓPICO ARQUIVADO
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes
» Remover Awesomehp do pc
» me ajudem a remover o awesomehp
» Remover Awesomehp
» remoção deste maldito Awesomehp
» como remover o awesomehp
» me ajudem a remover o awesomehp
» Remover Awesomehp
» remoção deste maldito Awesomehp
» como remover o awesomehp
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|