Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 12 usuários online :: 0 registrados, 0 invisíveis e 12 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
(RESOLVIDO) Ajuda Remoção Awesomehp
2 participantes
Página 1 de 1
(RESOLVIDO) Ajuda Remoção Awesomehp
por Bruno Pistilli Sáb 08 Fev 2014, 12:23
Ja tentei de tudo, desinstalei alguns programas, mudei configurações, mas ele pegou no meu IE e no meu Chrome, ja segue á baixo o Log feito pelo HijackThis .
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:32, on 08/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Oem\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10872 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:32, on 08/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Oem\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.info # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site
O1 - Hosts: 255.255.255.255 [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] # misleading site
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10872 bytes
Bruno Pistilli- Iniciante
- Mensagens : 17
Reputação : 1
Data de inscrição : 08/02/2014
Idade : 27
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Power Max Sáb 08 Fev 2014, 12:34
Olá Bruno. Seja bem vindo ao Fórum PC Brasil.
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Bruno Pistilli Sáb 08 Fev 2014, 12:36
~ Relatório do ZHPDiag v2014.2.6.4 - Nicolas Coolman (06/02/2014)
~ Iniciado por Oem (08/02/2014 12:34:39)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16635
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.01 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29625 =>µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 21
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8140 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 196 GB (65%) free of 301 GB
---\\ Modo de conexão ao sistema
~ Computer Name: BRUNO
~ User Name: Oem
~ All Users Names: Oem, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Oem\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Oem\AppData\Roaming\
~ %Desktop% : C:\Users\Oem\Desktop\
~ %Favorites% : C:\Users\Oem\Favorites\
~ %LocalAppData% : C:\Users\Oem\AppData\Local\
~ %StartMenu% : C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 196 Go of 301 Go)
D: Hard drive, Flash drive, Thumb drive (Free 615 Go of 616 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Internet Extensions para Win32.) (.11/06/2013 - 20:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 115/299
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/1364
~ Mon Bureau (My Desktop) : 1/3505
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3164] =>Toolbar.Google
[MD5.3F98B594E5404311D464769733DF5125] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe [658632] [PID.3300]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3332]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.3348]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.3660]
[MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8333824] [PID.244]
[MD5.81F177C1954453AF407604160BD149CB] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.980]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452136] [PID.1008]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1332]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1944]
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936] [PID.2008]
[MD5.F5BBEDF602C310B00036EB2DBF4348A5] - (.Skype Technologies - Skype Updater Service.) -- C:\Program Files (x86)\Skype\Updater\Updater.exe [171680] [PID.2200]
[MD5.57DDE1395F86EE048AB25717EEB8CAEB] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4150112] [PID.2264]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [endagmidclnekcnniabilgomdldipdkh] Media Player v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [hnaopllngmaajlalgfggpegignfpefno] Video Player v.1.1 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Oem\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ IE Browser: 21 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 25
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 15 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Horizon.lnk . (.Daring Development Inc. - Horizon.) -- C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>BitTorrent
O4 - GS\QuickLaunch [Oem]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\QuickLaunch [Oem]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\QuickLaunch [Oem]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\QuickLaunch [Oem]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>BitTorrent
O4 - GS\TaskBar [Oem]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\TaskBar [Oem]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\TaskBar [Oem]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Program [Oem]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\SystemTools [Oem]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Desktop [Oem]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe
O4 - GS\Desktop [Oem]: CyberGhost VPN.lnk . (...) -- C:\Program Files (x86)\CyberGhost VPN\CyberGhost.exe (.not file.)
O4 - GS\Desktop [Oem]: Guitar Pro 5.lnk . (.Arobas Music - No Comment.) -- C:\Program Files (x86)\Guitar Pro 5\GP5.exe
O4 - GS\Desktop [Oem]: Poke LastChoice.lnk . (...) -- C:\Users\Oem\Desktop\Poke\New Client Last Choice Games\Client LC_Directx9.exe
O4 - GS\Desktop [Oem]: PokeTitan.lnk . (...) -- C:\Users\Oem\Desktop\Poke\Pokémon Titan 3.1\PokeTitan.exe
O4 - GS\Desktop [Oem]: RaidCall.lnk . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
O4 - GS\Desktop [Oem]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - GS\Desktop [Oem]: sXe Injected.lnk . (.Developed by Alejandro Cortés - sXe Injected Client - Anticheat System.) -- C:\Program Files (x86)\sXe Injected\sXe Injected.exe
O4 - GS\Desktop [Oem]: Vegas Pro 12.0 (64-bit).lnk . (...) -- C:\Program Files (x86)\Sony\Vegas Pro 12.0\vegas120.exe (.not file.)
~ Global Startup: 76 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Oem]: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKLM\..\Wow6432Node\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_br_59] Chave orfã
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-574607426-970207783-869485358-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] http.ogdev.net
O15 - Trusted Zone: [HKCU\...\Domains] http.sdo.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpDomain = c3t
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpDomain = c3t
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpDomain = c3t
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) . (.VIA Technologies, Inc. - Service binary.) - C:\Windows\System32\viakaraokesrv.exe
~ Services: 15 Legitimates Filtered in 00mn 04s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{3C1F7073-DF55-497E-B03C-AC2F0B0C9B59}] (...) -- C:\Users\Oem\Desktop\mod_sobeit.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{909B648C-6950-4CFA-8882-17B3D7FEAF38}] (...) -- C:\Users\Oem\Desktop\B2CAppSetup (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BE9FB710-25C8-436D-9DA7-5FFD654576F4}] (...) -- C:\Users\Oem\Desktop\B2CAppSetup.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s
---\\ Software instalados (042)
O42 - Logiciel: Agenda Telefônica Digital® Votuporanga 2012/2013 - (.Nelson Luiz Dumbra.) [HKLM][64Bits] -- Agenda Telefônica Digital®
O42 - Logiciel: Ares 2.2.4 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: ElfBot NG 4.5.9 - (.NGSoft, LLC.) [HKLM][64Bits] -- ElfBot NG_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Horizon v2.7.6.7 - (.Daring Development Inc..) [HKLM][64Bits] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU][64Bits] -- ValueApps =>Toolbar.Conduit
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 28 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATD]
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Fighter]
[HKCU\Software\IPE]
[HKCU\Software\sXe Injected]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\Asprate]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\Magebot]
[HKLM\Software\Wow6432Node\MediaPlayerV1]
[HKLM\Software\Wow6432Node\Taronja]
[HKLM\Software\Wow6432Node\TsunamiVPN-GUI]
[HKLM\Software\Wow6432Node\TsunamiVPN]
[HKLM\Software\Wow6432Node\mamverifier]
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 325 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/05/2013 - 15:12:09 - [6,403] ----D C:\Program Files (x86)\Ares
O43 - CFD: 26/01/2014 - 15:39:22 - [0,537] ----D C:\Program Files (x86)\Asprate
O43 - CFD: 28/11/2013 - 21:21:55 - [0,096] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 18/12/2013 - 01:42:49 - [22,666] ----D C:\Program Files (x86)\Daring Development
O43 - CFD: 10/05/2013 - 19:24:56 - [0] ----D C:\Program Files (x86)\DreaMule
O43 - CFD: 22/07/2013 - 14:52:27 - [17,322] ----D C:\Program Files (x86)\ElfBot NG
O43 - CFD: 07/02/2014 - 18:25:54 - [0,106] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 08/02/2014 - 01:47:53 - [0] ----D C:\Program Files (x86)\MediaPlayerV1
O43 - CFD: 16/07/2013 - 13:55:38 - [0,179] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 25/09/2013 - 22:08:50 - [19,830] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 28/11/2013 - 21:22:01 - [13,677] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/05/2013 - 22:24:27 - [0] ----D C:\ProgramData\levelup downloader
O43 - CFD: 27/06/2013 - 16:35:53 - [698,532] ----D C:\ProgramData\MBH
O43 - CFD: 27/06/2013 - 16:36:17 - [0] -SH-D C:\ProgramData\RIJKFM
O43 - CFD: 07/02/2014 - 19:22:50 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 28/11/2013 - 21:22:09 - [4,883] ----D C:\Users\Oem\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 01/05/2013 - 17:48:29 - [0] ----D C:\Users\Oem\AppData\Roaming\L4D2AOI
O43 - CFD: 07/02/2014 - 16:40:30 - [0,184] ----D C:\Users\Oem\AppData\Local\Ares
O43 - CFD: 14/08/2013 - 19:01:39 - [0,011] ----D C:\Users\Oem\AppData\Local\FullTiltPoker
O43 - CFD: 24/05/2013 - 22:24:27 - [0,023] ----D C:\Users\Oem\AppData\Local\Level Up!
O43 - CFD: 22/07/2013 - 14:13:38 - [0,002] ----D C:\Users\Oem\AppData\Local\OtLand
O43 - CFD: 12/05/2013 - 13:59:30 - [0,004] ----D C:\Users\Oem\AppData\Local\paul.bv96@yahoo.com
O43 - CFD: 16/07/2013 - 13:55:33 - [0] ----D C:\Users\Oem\AppData\Local\PokerStars
O43 - CFD: 04/05/2013 - 14:31:44 - [0,002] ----D C:\Users\Oem\AppData\Local\[SAO]_Peter
O43 - CFD: 07/02/2014 - 20:05:12 - [0,005] ----D C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O43 - CFD: 04/08/2013 - 12:33:23 - [0,002] ----D C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ 6 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 238 Legitimates Filtered in 00mn 34s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/02/2014 - 19:05:38 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.3B51ABE404979742331D3CA619931B2C] - 29/01/2014 - 20:13:19 ---A- . (...) -- C:\extensions.ini [163]
~ Files: 11 Legitimates Filtered in 00mn 03s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 05/01/2014 - 18:54:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 05/01/2014 - 18:54:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 20/08/2013 - 06:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.A97BFF59B3B983FDBDCD8AE6CF3C1E2D] - 03/04/2013 - 04:58:18 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203672]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 15/12/2011 - 14:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
O58 - SDL:[MD5.F33FDC72298DF4BF9813A55D21F4EB31] - 04/01/2012 - 20:01:54 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\taphss.sys [37888]
O58 - SDL:[MD5.D85E51B5FB449CF7C519E562BEE4EF20] - 04/01/2014 - 00:24:59 ---A- . (...) -- C:\Windows\System32\EasyAntiCheat.sys [202616]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 08/02/2014 - 11:32:41 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.57BD2878B475F530A9CF965C785C74A3] - 08/05/2013 - 23:08:25 ---A- . (...) -- C:\Windows\SysWOW64\HtsysmNT.sys [2304]
~ Drivers: 16 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- Chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Oem\AppData\Local\Google\Chrome\Application\chrome.exe" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.142245A0C57B2A6A165CF3A2AA2418E9] [SPRF][09/09/2013] (...) -- C:\Users\Oem\AppData\Roaming\unins000.dat [16231]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][09/09/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Oem\AppData\Roaming\unins000.exe [720082]
[MD5.2EEFD4725270E5FF7C9CAAFEF4A31560] [SPRF][04/01/2014] (.EasyAntiCheat Ltd - EasyAntiCheat Client.) -- C:\Users\Oem\Desktop\EasyAntiCheat.exe [591704]
[MD5.88DA56737C6AB470E0909C9508795BB3] [SPRF][02/01/2014] (.XB36Hazard - GTA V Save Editor (Xbox 360 & PS3).) -- C:\Users\Oem\Desktop\GTA V.exe [21915211]
[MD5.66465C124A1996BD119794D79AB6A3AB] [SPRF][27/08/2011] (...) -- C:\Users\Oem\Desktop\Photoshop CS5.1.exe [125091973]
~ Files: 5 Legitimates Filtered in 00mn 02s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{50F026F0-8396-40E2-8DC8-F76B49E42245}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{B0C47B2F-1EED-4B5D-A653-2FF500BA7B3A}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "TCP Query User{4E573395-A28E-4EFC-89C8-93E96FDB41BD}E:\easysetupassistant\wr741n\easysetupassistant.exe" |In - Private - P6 - TRUE | .(...) -- E:\easysetupassistant\wr741n\easysetupassistant.exe (.not file.)
O87 - FAEL: "UDP Query User{9D393500-74BB-4126-8E03-6D20BF9B334D}E:\easysetupassistant\wr741n\easysetupassistant.exe" |In - Private - P17 - TRUE | .(...) -- E:\easysetupassistant\wr741n\easysetupassistant.exe (.not file.)
~ Firewall: 240 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 26/04/2012 2438696 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
SS - | Demand 04/01/2014 89944 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
SS - | Auto 29/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/06/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 08/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 05/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 04/02/2014 2222416 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 04/02/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 05/10/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 07/08/2005 167936 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 14/03/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/06/2013 4150112 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 05/10/2010 2655768 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 12/07/2011 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13030 - (06/02/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 7
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Oem\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Oem\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 300096 Items scanned in 00mn 11s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ MSI: 7 link(s) detected in 00mn 11s
~ 1204 Legitimates filtered by white list
End of the scan (524 lines in 01mn 34s)(0)
~ Iniciado por Oem (08/02/2014 12:34:39)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16635
GCIE: Google Chrome v32.0.1700.107 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.01 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
µTorrent v3.3.0.29625 =>µTorrent
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 21
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8140 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 196 GB (65%) free of 301 GB
---\\ Modo de conexão ao sistema
~ Computer Name: BRUNO
~ User Name: Oem
~ All Users Names: Oem, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Oem\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Oem\AppData\Roaming\
~ %Desktop% : C:\Users\Oem\Desktop\
~ %Favorites% : C:\Users\Oem\Favorites\
~ %LocalAppData% : C:\Users\Oem\AppData\Local\
~ %StartMenu% : C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 196 Go of 301 Go)
D: Hard drive, Flash drive, Thumb drive (Free 615 Go of 616 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 04:24:46.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Internet Extensions para Win32.) (.11/06/2013 - 20:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 04:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 115/299
~ Mes Videos (My Videos) : 1/7
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 2/1364
~ Mon Bureau (My Desktop) : 1/3505
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 05s
---\\ Processos lançados
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3164] =>Toolbar.Google
[MD5.3F98B594E5404311D464769733DF5125] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe [658632] [PID.3300]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3332]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.3348]
[MD5.5640B4C10682FBC39C86C8C7A8392B5E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632] [PID.3660]
[MD5.47D7F5E049E3FAA24176FB92859C552B] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8333824] [PID.244]
[MD5.81F177C1954453AF407604160BD149CB] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.980]
[MD5.201BCF8550512C105BAC78E9FA401260] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [452136] [PID.1008]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1332]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1944]
[MD5.BD517C7FB119997EFFBE39D5E4B37B05] - (.No owner - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936] [PID.2008]
[MD5.F5BBEDF602C310B00036EB2DBF4348A5] - (.Skype Technologies - Skype Updater Service.) -- C:\Program Files (x86)\Skype\Updater\Updater.exe [171680] [PID.2200]
[MD5.57DDE1395F86EE048AB25717EEB8CAEB] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4150112] [PID.2264]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Oem\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [endagmidclnekcnniabilgomdldipdkh] Media Player v.1.1 (Activé)
G2 - GCE: Preference [User Data\Default] [hnaopllngmaajlalgfggpegignfpefno] Video Player v.1.1 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Oem\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ IE Browser: 21 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 25
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 15 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Horizon.lnk . (.Daring Development Inc. - Horizon.) -- C:\Program Files (x86)\Daring Development\Horizon\v2\Horizon.exe
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>BitTorrent
O4 - GS\QuickLaunch [Oem]: CyberGhost VPN.lnk . (.CyberGhost SRL - CyberGhost VPN Client.) -- C:\Program Files\CyberGhost VPN\CyberGhost.exe
O4 - GS\QuickLaunch [Oem]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\QuickLaunch [Oem]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\QuickLaunch [Oem]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>BitTorrent
O4 - GS\TaskBar [Oem]: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe
O4 - GS\TaskBar [Oem]: Google Chrome (2).lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\TaskBar [Oem]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Program [Oem]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\SystemTools [Oem]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
O4 - GS\Desktop [Oem]: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.3\Cheat Engine.exe
O4 - GS\Desktop [Oem]: CyberGhost VPN.lnk . (...) -- C:\Program Files (x86)\CyberGhost VPN\CyberGhost.exe (.not file.)
O4 - GS\Desktop [Oem]: Guitar Pro 5.lnk . (.Arobas Music - No Comment.) -- C:\Program Files (x86)\Guitar Pro 5\GP5.exe
O4 - GS\Desktop [Oem]: Poke LastChoice.lnk . (...) -- C:\Users\Oem\Desktop\Poke\New Client Last Choice Games\Client LC_Directx9.exe
O4 - GS\Desktop [Oem]: PokeTitan.lnk . (...) -- C:\Users\Oem\Desktop\Poke\Pokémon Titan 3.1\PokeTitan.exe
O4 - GS\Desktop [Oem]: RaidCall.lnk . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
O4 - GS\Desktop [Oem]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - GS\Desktop [Oem]: sXe Injected.lnk . (.Developed by Alejandro Cortés - sXe Injected Client - Anticheat System.) -- C:\Program Files (x86)\sXe Injected\sXe Injected.exe
O4 - GS\Desktop [Oem]: Vegas Pro 12.0 (64-bit).lnk . (...) -- C:\Program Files (x86)\Sony\Vegas Pro 12.0\vegas120.exe (.not file.)
~ Global Startup: 76 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Oem]: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk . (.Hewlett-Packard Co. - Print Driver Status Business Logic.) -- C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll =>.Hewlett-Packard Co
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKLM\..\Wow6432Node\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_br_59] Chave orfã
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-574607426-970207783-869485358-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] http.ogdev.net
O15 - Trusted Zone: [HKCU\...\Domains] http.sdo.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpDomain = c3t
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpDomain = c3t
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{5DDBF369-E26D-4894-8AD4-2E83A12BFDBB}: DhcpDomain = c3t
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) . (.VIA Technologies, Inc. - Service binary.) - C:\Windows\System32\viakaraokesrv.exe
~ Services: 15 Legitimates Filtered in 00mn 04s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{3C1F7073-DF55-497E-B03C-AC2F0B0C9B59}] (...) -- C:\Users\Oem\Desktop\mod_sobeit.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{909B648C-6950-4CFA-8882-17B3D7FEAF38}] (...) -- C:\Users\Oem\Desktop\B2CAppSetup (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BE9FB710-25C8-436D-9DA7-5FFD654576F4}] (...) -- C:\Users\Oem\Desktop\B2CAppSetup.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s
---\\ Software instalados (042)
O42 - Logiciel: Agenda Telefônica Digital® Votuporanga 2012/2013 - (.Nelson Luiz Dumbra.) [HKLM][64Bits] -- Agenda Telefônica Digital®
O42 - Logiciel: Ares 2.2.4 - (.Ares Development Group.) [HKLM][64Bits] -- Ares
O42 - Logiciel: ElfBot NG 4.5.9 - (.NGSoft, LLC.) [HKLM][64Bits] -- ElfBot NG_is1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Horizon v2.7.6.7 - (.Daring Development Inc..) [HKLM][64Bits] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: ValueApps - (.Conduit.) [HKCU][64Bits] -- ValueApps =>Toolbar.Conduit
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM][64Bits] -- sXe Injected
~ Logic: 28 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATD]
[HKCU\Software\Ares]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Fighter]
[HKCU\Software\IPE]
[HKCU\Software\sXe Injected]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\Wow6432Node\Asprate]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\Magebot]
[HKLM\Software\Wow6432Node\MediaPlayerV1]
[HKLM\Software\Wow6432Node\Taronja]
[HKLM\Software\Wow6432Node\TsunamiVPN-GUI]
[HKLM\Software\Wow6432Node\TsunamiVPN]
[HKLM\Software\Wow6432Node\mamverifier]
[HKLM\Software\Wow6432Node\sXe_Injected]
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 325 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/05/2013 - 15:12:09 - [6,403] ----D C:\Program Files (x86)\Ares
O43 - CFD: 26/01/2014 - 15:39:22 - [0,537] ----D C:\Program Files (x86)\Asprate
O43 - CFD: 28/11/2013 - 21:21:55 - [0,096] ----D C:\Program Files (x86)\Baidu Security =>Adware.BDSearch
O43 - CFD: 18/12/2013 - 01:42:49 - [22,666] ----D C:\Program Files (x86)\Daring Development
O43 - CFD: 10/05/2013 - 19:24:56 - [0] ----D C:\Program Files (x86)\DreaMule
O43 - CFD: 22/07/2013 - 14:52:27 - [17,322] ----D C:\Program Files (x86)\ElfBot NG
O43 - CFD: 07/02/2014 - 18:25:54 - [0,106] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 08/02/2014 - 01:47:53 - [0] ----D C:\Program Files (x86)\MediaPlayerV1
O43 - CFD: 16/07/2013 - 13:55:38 - [0,179] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 25/09/2013 - 22:08:50 - [19,830] ----D C:\Program Files (x86)\sXe Injected
O43 - CFD: 28/11/2013 - 21:22:01 - [13,677] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 24/05/2013 - 22:24:27 - [0] ----D C:\ProgramData\levelup downloader
O43 - CFD: 27/06/2013 - 16:35:53 - [698,532] ----D C:\ProgramData\MBH
O43 - CFD: 27/06/2013 - 16:36:17 - [0] -SH-D C:\ProgramData\RIJKFM
O43 - CFD: 07/02/2014 - 19:22:50 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 28/11/2013 - 21:22:09 - [4,883] ----D C:\Users\Oem\AppData\Roaming\Baidu Security =>Adware.BDSearch
O43 - CFD: 01/05/2013 - 17:48:29 - [0] ----D C:\Users\Oem\AppData\Roaming\L4D2AOI
O43 - CFD: 07/02/2014 - 16:40:30 - [0,184] ----D C:\Users\Oem\AppData\Local\Ares
O43 - CFD: 14/08/2013 - 19:01:39 - [0,011] ----D C:\Users\Oem\AppData\Local\FullTiltPoker
O43 - CFD: 24/05/2013 - 22:24:27 - [0,023] ----D C:\Users\Oem\AppData\Local\Level Up!
O43 - CFD: 22/07/2013 - 14:13:38 - [0,002] ----D C:\Users\Oem\AppData\Local\OtLand
O43 - CFD: 12/05/2013 - 13:59:30 - [0,004] ----D C:\Users\Oem\AppData\Local\paul.bv96@yahoo.com
O43 - CFD: 16/07/2013 - 13:55:33 - [0] ----D C:\Users\Oem\AppData\Local\PokerStars
O43 - CFD: 04/05/2013 - 14:31:44 - [0,002] ----D C:\Users\Oem\AppData\Local\[SAO]_Peter
O43 - CFD: 07/02/2014 - 20:05:12 - [0,005] ----D C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O43 - CFD: 04/08/2013 - 12:33:23 - [0,002] ----D C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sXe Injected
~ 6 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 238 Legitimates Filtered in 00mn 34s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/02/2014 - 19:05:38 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.3B51ABE404979742331D3CA619931B2C] - 29/01/2014 - 20:13:19 ---A- . (...) -- C:\extensions.ini [163]
~ Files: 11 Legitimates Filtered in 00mn 03s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 05/01/2014 - 18:54:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 05/01/2014 - 18:54:35 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.E428DFFA96FAD07D8CA3C9082563A225] - 20/08/2013 - 06:02:12 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:[MD5.A97BFF59B3B983FDBDCD8AE6CF3C1E2D] - 03/04/2013 - 04:58:18 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203672]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.F9BE29D5E097F03F81D3CD12B794CB66] - 15/12/2011 - 14:29:42 ---A- . (.The OpenVPN Project - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [31232]
O58 - SDL:[MD5.F33FDC72298DF4BF9813A55D21F4EB31] - 04/01/2012 - 20:01:54 ---A- . (.AnchorFree Inc - TAP-Win32 Virtual Network Driver.) -- C:\Windows\System32\Drivers\taphss.sys [37888]
O58 - SDL:[MD5.D85E51B5FB449CF7C519E562BEE4EF20] - 04/01/2014 - 00:24:59 ---A- . (...) -- C:\Windows\System32\EasyAntiCheat.sys [202616]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 08/02/2014 - 11:32:41 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:[MD5.57BD2878B475F530A9CF965C785C74A3] - 08/05/2013 - 23:08:25 ---A- . (...) -- C:\Windows\SysWOW64\HtsysmNT.sys [2304]
~ Drivers: 16 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.142245A0C57B2A6A165CF3A2AA2418E9] [SPRF][09/09/2013] (...) -- C:\Users\Oem\AppData\Roaming\unins000.dat [16231]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][09/09/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Oem\AppData\Roaming\unins000.exe [720082]
[MD5.2EEFD4725270E5FF7C9CAAFEF4A31560] [SPRF][04/01/2014] (.EasyAntiCheat Ltd - EasyAntiCheat Client.) -- C:\Users\Oem\Desktop\EasyAntiCheat.exe [591704]
[MD5.88DA56737C6AB470E0909C9508795BB3] [SPRF][02/01/2014] (.XB36Hazard - GTA V Save Editor (Xbox 360 & PS3).) -- C:\Users\Oem\Desktop\GTA V.exe [21915211]
[MD5.66465C124A1996BD119794D79AB6A3AB] [SPRF][27/08/2011] (...) -- C:\Users\Oem\Desktop\Photoshop CS5.1.exe [125091973]
~ Files: 5 Legitimates Filtered in 00mn 02s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{50F026F0-8396-40E2-8DC8-F76B49E42245}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "UDP Query User{B0C47B2F-1EED-4B5D-A653-2FF500BA7B3A}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe
O87 - FAEL: "TCP Query User{4E573395-A28E-4EFC-89C8-93E96FDB41BD}E:\easysetupassistant\wr741n\easysetupassistant.exe" |In - Private - P6 - TRUE | .(...) -- E:\easysetupassistant\wr741n\easysetupassistant.exe (.not file.)
O87 - FAEL: "UDP Query User{9D393500-74BB-4126-8E03-6D20BF9B334D}E:\easysetupassistant\wr741n\easysetupassistant.exe" |In - Private - P17 - TRUE | .(...) -- E:\easysetupassistant\wr741n\easysetupassistant.exe (.not file.)
~ Firewall: 240 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 05/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 26/04/2012 2438696 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
SS - | Demand 04/01/2014 89944 | (EasyAntiCheat) . (.EasyAntiCheat Ltd.) - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
SS - | Auto 29/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 21/06/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SS - | Demand 13/04/2007 792112 | (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 08/05/2007 271920 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 10/07/1658 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Disabled 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 05/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 04/02/2014 2222416 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 04/02/2014 377616 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 05/10/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 07/08/2005 167936 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 14/03/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/06/2013 4150112 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Auto 05/10/2010 2655768 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 12/07/2011 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13030 - (06/02/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 7
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps] =>Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}] =>Adware.Agent
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Program Files (x86)\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Oem\AppData\Roaming\Baidu Security =>Adware.BDSearch^
C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Users\Oem\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
~ Additionnel Scan: 300096 Items scanned in 00mn 11s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Awesomehp
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Office
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Conduit
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.SupTab
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.WpManager
~ MSI: 7 link(s) detected in 00mn 11s
~ 1204 Legitimates filtered by white list
End of the scan (524 lines in 01mn 34s)(0)
Bruno Pistilli- Iniciante
- Mensagens : 17
Reputação : 1
Data de inscrição : 08/02/2014
Idade : 27
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Power Max Sáb 08 Fev 2014, 12:36
Vou analisar o seu relatório e daqui há pouco te passo o script para remover estes problemas.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Bruno Pistilli Sáb 08 Fev 2014, 12:37
Power Max escreveu:
Ok, Obrigado !
Bruno Pistilli- Iniciante
- Mensagens : 17
Reputação : 1
Data de inscrição : 08/02/2014
Idade : 27
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Power Max Sáb 08 Fev 2014, 14:00
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_______________________________________________________________________________________________________________
Há dois sites "meio estranhos" adicionados na lista de sites de confiança, você os conhece?O15 - Trusted Zone: [HKCU\...\Domains] http.ogdev.net
O15 - Trusted Zone: [HKCU\...\Domains] http.sdo.com
_______________________________________________________________________________________________________________
Copie todo o script que te passei e depois disto vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.Última edição por Power Max em Sáb 08 Fev 2014, 14:35, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Bruno Pistilli Sáb 08 Fev 2014, 14:11
Segue abaixo o Log de correções, deu certo Obrigado ! Porém, como tiro esses sites do confiável ? Desconheço esses sites ! Obs: utilizo Chrome
Rapport de ZHPFix 2014.2.3.1 par Nicolas Coolman, Update du 03/02/2014
Fichier d'export Registre :
Run by Oem at 08/02/2014 14:10:18
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ELIMINÉ: Memory Process: C:\Users\Oem\AppData\Roaming\unins000.exe
========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\mamverifier
ELIMINÉ: HKLM\Software\Wow6432Node\supTab
ELIMINÉ: HKLM\Software\Wow6432Node\supWPM
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ELIMINÉ RunValue: fst_br_59
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: TCP Query User{4E573395-A28E-4EFC-89C8-93E96FDB41BD}E:\easysetupassistant\wr741n\easysetupassistant.exe
ELIMINÉ: UDP Query User{9D393500-74BB-4126-8E03-6D20BF9B334D}E:\easysetupassistant\wr741n\easysetupassistant.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page =
========== Pastas ==========
ELIMINÉ: C:\Users\Oem\AppData\Local\{83A419AA-3139-4CFB-85E8-FFC50058FC6E}
ELIMINÉ: C:\Users\Oem\AppData\Local\{86A6BB61-C9ED-47C9-AC98-B9D9371843E7}
ELIMINÉ: C:\Users\Oem\AppData\Local\{A3EA19EF-0A5B-4EE9-8C91-393AAE239EC1}
ELIMINÉ: C:\Users\Oem\AppData\Local\{B32D97B2-ABB8-42E5-A421-62E51ACA4C53}
ELIMINÉ: C:\Users\Oem\AppData\Local\{B9663DEF-66A3-47FA-9F26-2E73BFD8A221}
ELIMINÉ: C:\Users\Oem\AppData\Local\{D4C61F9E-D22B-4192-B4F1-74EF950E8D52}
ELIMINÉ: C:\Users\Oem\AppData\Local\{E2B08DA0-2A29-4703-A497-58FE01ED5A97}
ELIMINÉ: C:\Users\Oem\AppData\Local\{F645CD73-536D-4370-88C8-88B3E956463C}
========== Ficheiros ==========
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome (2).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\users\oem\desktop\cyberghost vpn.lnk
ELIMINÉ: c:\users\oem\desktop\vegas pro 12.0 (64-bit).lnk
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ Temporários windows (25) (49.072.920 octets)
========== Tarefa planificada ==========
ELIMINÉ: {3C1F7073-DF55-497E-B03C-AC2F0B0C9B59}
ELIMINÉ: {909B648C-6950-4CFA-8882-17B3D7FEAF38}
ELIMINÉ: {BE9FB710-25C8-436D-9DA7-5FFD654576F4}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Processo memória
10 : Chaves do Registo
11 : Valores do Registo
2 : Elementos dos dados do Registo
8 : Pastas
16 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 30s
========== Caminho do ficheiro do relatório ==========
C:\Users\Oem\AppData\Roaming\ZHP\ZHPFix[R1].txt - 08/02/2014 14:10:21 [4950]
Rapport de ZHPFix 2014.2.3.1 par Nicolas Coolman, Update du 03/02/2014
Fichier d'export Registre :
Run by Oem at 08/02/2014 14:10:18
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ELIMINÉ: Memory Process: C:\Users\Oem\AppData\Roaming\unins000.exe
========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\superdownloads.com.br
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\mamverifier
ELIMINÉ: HKLM\Software\Wow6432Node\supTab
ELIMINÉ: HKLM\Software\Wow6432Node\supWPM
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
ELIMINÉ RunValue: fst_br_59
ELIMINÉ MWPE Value: NoActiveDesktopChanges
ELIMINÉ: TCP Query User{4E573395-A28E-4EFC-89C8-93E96FDB41BD}E:\easysetupassistant\wr741n\easysetupassistant.exe
ELIMINÉ: UDP Query User{9D393500-74BB-4126-8E03-6D20BF9B334D}E:\easysetupassistant\wr741n\easysetupassistant.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R1 Search Page =
========== Pastas ==========
ELIMINÉ: C:\Users\Oem\AppData\Local\{83A419AA-3139-4CFB-85E8-FFC50058FC6E}
ELIMINÉ: C:\Users\Oem\AppData\Local\{86A6BB61-C9ED-47C9-AC98-B9D9371843E7}
ELIMINÉ: C:\Users\Oem\AppData\Local\{A3EA19EF-0A5B-4EE9-8C91-393AAE239EC1}
ELIMINÉ: C:\Users\Oem\AppData\Local\{B32D97B2-ABB8-42E5-A421-62E51ACA4C53}
ELIMINÉ: C:\Users\Oem\AppData\Local\{B9663DEF-66A3-47FA-9F26-2E73BFD8A221}
ELIMINÉ: C:\Users\Oem\AppData\Local\{D4C61F9E-D22B-4192-B4F1-74EF950E8D52}
ELIMINÉ: C:\Users\Oem\AppData\Local\{E2B08DA0-2A29-4703-A497-58FE01ED5A97}
ELIMINÉ: C:\Users\Oem\AppData\Local\{F645CD73-536D-4370-88C8-88B3E956463C}
========== Ficheiros ==========
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome (2).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
ELIMINÉ: c:\users\oem\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk (http://www.awesomehp.com)
CRIADO: C:\Users\Oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
ELIMINÉ: c:\users\oem\desktop\cyberghost vpn.lnk
ELIMINÉ: c:\users\oem\desktop\vegas pro 12.0 (64-bit).lnk
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ Temporários windows (25) (49.072.920 octets)
========== Tarefa planificada ==========
ELIMINÉ: {3C1F7073-DF55-497E-B03C-AC2F0B0C9B59}
ELIMINÉ: {909B648C-6950-4CFA-8882-17B3D7FEAF38}
ELIMINÉ: {BE9FB710-25C8-436D-9DA7-5FFD654576F4}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Processo memória
10 : Chaves do Registo
11 : Valores do Registo
2 : Elementos dos dados do Registo
8 : Pastas
16 : Ficheiros
3 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 30s
========== Caminho do ficheiro do relatório ==========
C:\Users\Oem\AppData\Roaming\ZHP\ZHPFix[R1].txt - 08/02/2014 14:10:21 [4950]
Bruno Pistilli- Iniciante
- Mensagens : 17
Reputação : 1
Data de inscrição : 08/02/2014
Idade : 27
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Power Max Sáb 08 Fev 2014, 14:21
Siga, por gentileza, as dicas do tutorial abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________
Copie todo o novo script que te passei, e depois disto vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txtÚltima edição por Power Max em Sáb 08 Fev 2014, 14:37, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Bruno Pistilli Sáb 08 Fev 2014, 14:26
Dicas seguidas, remoção dos sites feita, problema resolvido ! Obrigado. 100% agradecido .
Bruno Pistilli- Iniciante
- Mensagens : 17
Reputação : 1
Data de inscrição : 08/02/2014
Idade : 27
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Power Max Sáb 08 Fev 2014, 14:34
Fico feliz que o problema tenha sido resolvido.Só para finalizar faça estes últimos procedimentos, por gentileza:
Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (caso já tenha ele, não precisa instalar de novo).Abra o Ccleaner > clique no botão Limpeza > clique na opção Executar Limpeza. Isto é demonstrado na imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Confirme a operação acima clicando no botão OK. Aguarde a conclusão do procedimento.
Depois disto, clique no botão botão Registro > Procurar Erros > Corrigir erro(s) selecionado(s) > neste momento você poderá optar por fazer uma cópia das alterações que serão feitas no registro (por motivos de segurança), escolha a opção que desejar (sim ou não) > e confirme a limpeza clicando no botão Corrigir todos os erros selecionados > clique no botão Fechar (ou OK):
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
__________________________________________________________________________________________________________________ Depois disto siga também as dicas deste tutorial abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve no Desktop (Área de Trabalho)*Depois disto é só executá-lo, deixar selecionadas as opções Remove disinfection tools e Purge system restore
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique em [Run]
Depois de executar o Delfix conforme descrito acima, é só deletar o DelFix e o arquivo C:\DelFix.txt
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Bruno Pistilli Sáb 08 Fev 2014, 14:40
Obrigado pelo tempo e paciência, se quiser já pode dar closed !
Bruno Pistilli- Iniciante
- Mensagens : 17
Reputação : 1
Data de inscrição : 08/02/2014
Idade : 27
Re: (RESOLVIDO) Ajuda Remoção Awesomehp
por Power Max Sáb 08 Fev 2014, 19:55
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos