Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 5 usuários online :: 0 registrados, 0 invisíveis e 5 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Remover plugin do Banco do Brasil
2 participantes
Página 1 de 1
Remover plugin do Banco do Brasil
Quando estive no Brasil fiz consultas no site do banco do Brasil. Hoje residindo em Portugal tenho tido problemas com no PC derivado a um plugin que teimosamente não tenho encontrado forma de o remover. Segui aqui um auxílio e procedi a tudo igualmente e aqui agora posto o resultado que tive com o ZHPDiag para que o PowerMax me ajude também
~ Relatório do ZHPDiag v2014.4.3.2 - Nicolas Coolman (03-04-2014)
~ Iniciado por Utilizador (05-04-2014 23:19:22)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v33.0.1750.154
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2016
Microsoft Security Client PT-PT Language Pack v2.1.1116.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.20 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (11% free)
System Restore: Activé (Enable)
System drive C: has 247 GB (82%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: TOSHIBAA100
~ User Name: Utilizador
~ All Users Names: Utilizador, Guest, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Utilizador\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Utilizador\AppData\Roaming\
~ %Desktop% : C:\Users\Utilizador\Desktop\
~ %Favorites% : C:\Users\Utilizador\Favorites\
~ %LocalAppData% : C:\Users\Utilizador\AppData\Local\
~ %StartMenu% : C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 247 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorador do Windows.) (.26-02-2011 - 06:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.14-07-2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.22-02-2013 - 06:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.28-10-2009 - 06:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.14-07-2009 - 01:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-12-2011 - 03:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13-07-2009 - 23:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27-04-2011 - 02:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14-07-2009 - 00:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Controlador de porta i8042.) (.13-07-2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04-05-2011 - 02:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13-07-2009 - 23:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.12-04-2013 - 14:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Controlador de porta paralela.) (.14-07-2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 00:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14-07-2009 - 00:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13-07-2009 - 23:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.06-09-2012 - 17:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 02s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/2482
~ Mon Bureau (My Desktop) : 10/385
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 11s
---\\ Processos lançados
[MD5.CA1EA5BC13E3820624669E8871EA6DFC] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe [32667896] [PID.4076]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3428]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.5024]
[MD5.E75DA1FAAFC9B69CCD0940F95C9D1CF7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8182272] [PID.4752]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.812]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1360]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1568]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1648]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1684]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Instalador do Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.3248]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 3 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kobo.lnk . (...) -- C:\Program Files (x86)\Kobo\Kobo.exe
O4 - GS\Desktop [Public]: RegHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\RegHunter\RegHunter.exe (.not file.) =>Crapware.RegHunter
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\QuickLaunch [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Utilizador]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Utilizador]: Upgrade to Paltalk Extreme.lnk - Chave orfã
O4 - GS\QuickLaunch [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Utilizador]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - GS\TaskBar [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\TaskBar [Utilizador]: ZON NET MOBILE.lnk . (...) -- C:\Program Files (x86)\ZON NET MOBILE\UIMain.exe
O4 - GS\Program [Utilizador]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [Utilizador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Utilizador]: Documentos - Atalho.lnk . (...) -- C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Guest]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Guest]: FacebookPasswordDecryptor.lnk . (.SecurityXploded - All-in-one Facebook Password Recovery Softw.) -- C:\Program Files (x86)\SecurityXploded\FacebookPasswordDecryptor\FacebookPasswordDecryptor.exe
~ Global Startup: 94 Legitimates Filtered in 00mn 11s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Utilizador]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Guest]: Uninstall Webroot RunOnce.lnk . (.Webroot Software, Inc. - Webroot Installer.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-3136738229-3321464536-2784466607-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 05s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 10s
---\\ Software instalados (042)
O42 - Logiciel: ZON NET MOBILE - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BancoBest]
[HKCU\Software\GbAs]
[HKCU\Software\PTEID]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 190 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05-08-2012 - 22:49:50 - [0] ----D C:\Program Files (x86)\BancoBest
O43 - CFD: 17-03-2014 - 13:58:58 - [0] ----D C:\Program Files (x86)\DriverUpdate
O43 - CFD: 02-04-2014 - 02:04:55 - [19,629] ----D C:\Program Files (x86)\ZON NET MOBILE
O43 - CFD: 03-08-2012 - 18:11:55 - [0] ----D C:\Users\Utilizador\AppData\Roaming\BancoBest
O43 - CFD: 03-08-2012 - 18:11:45 - [0,103] ----D C:\Users\Utilizador\AppData\Local\BancoBest
O43 - CFD: 06-03-2014 - 13:13:35 - [0,407] ----D C:\Users\Utilizador\AppData\Local\BeAnywhere Support Express
O43 - CFD: 11-12-2013 - 16:39:36 - [13,226] ----D C:\Users\Utilizador\AppData\Local\lptmp1402949683
O43 - CFD: 11-01-2014 - 16:07:32 - [7,478] ----D C:\Users\Utilizador\AppData\Local\lptmp890397290
O43 - CFD: 13-03-2014 - 02:06:43 - [0] -SH-D C:\Users\Utilizador\AppData\Local\ms-drivers
O43 - CFD: 28-11-2013 - 21:52:07 - [0,005] ----D C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 169 Legitimates Filtered in 00mn 26s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 05-04-2014 - 20:32:17 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.C9FFD23F9ED7F6FFDCB9C54BC1149191] - 05-04-2014 - 20:37:30 ---A- . (...) -- C:\ComboFix.txt [20920]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05-04-2014 - 21:13:38 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.951970B9A9FCD9494A5054F20E085619] - 05-04-2014 - 21:46:31 ---A- . (...) -- C:\zoek-results.log [18697]
O44 - LFC:[MD5.ACBF9DA6EE3F6A82EABF2A43008E45EA] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [152656]
O44 - LFC:[MD5.7BA6C05D4CC77D7D5533A2284F5A00A8] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [721734]
~ Files: 25 Legitimates Filtered in 00mn 40s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.F87990FDBDD4DC037343A80BD7E67538] - 13-01-2014 - 12:59:33 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14-07-2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 22-06-2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10-06-2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14-07-2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.2E3ACFDA0B792707C59B307ABB6A6E95] - 17-03-2014 - 12:24:34 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
O58 - SDL:[MD5.2A6F99C1E2D25C4C920A37E07BB26291] - 16-10-2013 - 01:44:42 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08-05-2013 - 12:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16-03-2014 - 10:29:13 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 19 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][15-03-2014] (...) -- C:\Users\Utilizador\Desktop\adwcleaner.exe [1950720]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][22-02-2014] (.Facebook Inc. - Setup.) -- C:\Users\Utilizador\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][17-03-2014] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Utilizador\Desktop\FLVMPlayer.exe [4953944]
[MD5.348AD296FA2A5E0CCF6EE5CB13BBEFAB] [SPRF][17-03-2014] (.Appsinstaller - Application Installer.) -- C:\Users\Utilizador\Desktop\FLV_Media_Player.exe [299280]
[MD5.916EA7F9B2882A6E955DF42D6B037934] [SPRF][17-03-2014] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\Desktop\uTorrent-2-.exe [1852496] =>P2P.BitTorrent
[MD5.E1E94652EB813EBC06C3867E0D3F5E03] [SPRF][12-12-2013] (.John Drew - Yagi Calculator Setup.) -- C:\Users\Utilizador\Desktop\yagisetup (1).exe [717209]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][05-04-2014] (...) -- C:\Users\Utilizador\Desktop\zoek.exe [1285120]
~ Files: 12 Legitimates Filtered in 00mn 02s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BBCDC61C8AA8009FED0028798A761EE2] [WIS][17-08-2013] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\1877aa5.msi [10502144]
~ WIS: 125 Legitimates Filtered in 00mn 37s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18-03-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17-02-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17-02-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 23-10-2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07-09-2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 05-04-2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05-04-2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 30-08-2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21-02-2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 06-03-2009 364064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18-10-2013 1025408 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-07-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 44s
---\\ Scâner Aditional (088)
Database Version : 13036 - (03-04-2014)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Users\Utilizador\Desktop\uTorrent-2-.exe =>P2P.BitTorrent^
~ Additionnel Scan: 212508 Items scanned in 00mn 59s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.RegHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
~ MSI: 4 link(s) detected in 00mn 00s
~ 1043 Legitimates filtered by white list
End of the scan (436 lines in 05mn 24s)(0)
~ Relatório do ZHPDiag v2014.4.3.2 - Nicolas Coolman (03-04-2014)
~ Iniciado por Utilizador (05-04-2014 23:19:22)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v33.0.1750.154
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2016
Microsoft Security Client PT-PT Language Pack v2.1.1116.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.20 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (11% free)
System Restore: Activé (Enable)
System drive C: has 247 GB (82%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: TOSHIBAA100
~ User Name: Utilizador
~ All Users Names: Utilizador, Guest, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Utilizador\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Utilizador\AppData\Roaming\
~ %Desktop% : C:\Users\Utilizador\Desktop\
~ %Favorites% : C:\Users\Utilizador\Favorites\
~ %LocalAppData% : C:\Users\Utilizador\AppData\Local\
~ %StartMenu% : C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 247 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorador do Windows.) (.26-02-2011 - 06:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.14-07-2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.22-02-2013 - 06:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.28-10-2009 - 06:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.14-07-2009 - 01:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-12-2011 - 03:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13-07-2009 - 23:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27-04-2011 - 02:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14-07-2009 - 00:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Controlador de porta i8042.) (.13-07-2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04-05-2011 - 02:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13-07-2009 - 23:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.12-04-2013 - 14:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Controlador de porta paralela.) (.14-07-2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 00:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14-07-2009 - 00:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13-07-2009 - 23:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.06-09-2012 - 17:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 02s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/2482
~ Mon Bureau (My Desktop) : 10/385
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 11s
---\\ Processos lançados
[MD5.CA1EA5BC13E3820624669E8871EA6DFC] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe [32667896] [PID.4076]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3428]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.5024]
[MD5.E75DA1FAAFC9B69CCD0940F95C9D1CF7] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8182272] [PID.4752]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.812]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1360]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1568]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1648]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1684]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Instalador do Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.3248]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 3 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kobo.lnk . (...) -- C:\Program Files (x86)\Kobo\Kobo.exe
O4 - GS\Desktop [Public]: RegHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\RegHunter\RegHunter.exe (.not file.) =>Crapware.RegHunter
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\QuickLaunch [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Utilizador]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Utilizador]: Upgrade to Paltalk Extreme.lnk - Chave orfã
O4 - GS\QuickLaunch [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Utilizador]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - GS\TaskBar [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\TaskBar [Utilizador]: ZON NET MOBILE.lnk . (...) -- C:\Program Files (x86)\ZON NET MOBILE\UIMain.exe
O4 - GS\Program [Utilizador]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [Utilizador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Utilizador]: Documentos - Atalho.lnk . (...) -- C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Guest]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Guest]: FacebookPasswordDecryptor.lnk . (.SecurityXploded - All-in-one Facebook Password Recovery Softw.) -- C:\Program Files (x86)\SecurityXploded\FacebookPasswordDecryptor\FacebookPasswordDecryptor.exe
~ Global Startup: 94 Legitimates Filtered in 00mn 11s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Utilizador]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Guest]: Uninstall Webroot RunOnce.lnk . (.Webroot Software, Inc. - Webroot Installer.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-3136738229-3321464536-2784466607-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 05s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 10s
---\\ Software instalados (042)
O42 - Logiciel: ZON NET MOBILE - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BancoBest]
[HKCU\Software\GbAs]
[HKCU\Software\PTEID]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 190 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05-08-2012 - 22:49:50 - [0] ----D C:\Program Files (x86)\BancoBest
O43 - CFD: 17-03-2014 - 13:58:58 - [0] ----D C:\Program Files (x86)\DriverUpdate
O43 - CFD: 02-04-2014 - 02:04:55 - [19,629] ----D C:\Program Files (x86)\ZON NET MOBILE
O43 - CFD: 03-08-2012 - 18:11:55 - [0] ----D C:\Users\Utilizador\AppData\Roaming\BancoBest
O43 - CFD: 03-08-2012 - 18:11:45 - [0,103] ----D C:\Users\Utilizador\AppData\Local\BancoBest
O43 - CFD: 06-03-2014 - 13:13:35 - [0,407] ----D C:\Users\Utilizador\AppData\Local\BeAnywhere Support Express
O43 - CFD: 11-12-2013 - 16:39:36 - [13,226] ----D C:\Users\Utilizador\AppData\Local\lptmp1402949683
O43 - CFD: 11-01-2014 - 16:07:32 - [7,478] ----D C:\Users\Utilizador\AppData\Local\lptmp890397290
O43 - CFD: 13-03-2014 - 02:06:43 - [0] -SH-D C:\Users\Utilizador\AppData\Local\ms-drivers
O43 - CFD: 28-11-2013 - 21:52:07 - [0,005] ----D C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 169 Legitimates Filtered in 00mn 26s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 05-04-2014 - 20:32:17 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.C9FFD23F9ED7F6FFDCB9C54BC1149191] - 05-04-2014 - 20:37:30 ---A- . (...) -- C:\ComboFix.txt [20920]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05-04-2014 - 21:13:38 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.951970B9A9FCD9494A5054F20E085619] - 05-04-2014 - 21:46:31 ---A- . (...) -- C:\zoek-results.log [18697]
O44 - LFC:[MD5.ACBF9DA6EE3F6A82EABF2A43008E45EA] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [152656]
O44 - LFC:[MD5.7BA6C05D4CC77D7D5533A2284F5A00A8] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [721734]
~ Files: 25 Legitimates Filtered in 00mn 40s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.F87990FDBDD4DC037343A80BD7E67538] - 13-01-2014 - 12:59:33 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14-07-2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 22-06-2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10-06-2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14-07-2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.2E3ACFDA0B792707C59B307ABB6A6E95] - 17-03-2014 - 12:24:34 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
O58 - SDL:[MD5.2A6F99C1E2D25C4C920A37E07BB26291] - 16-10-2013 - 01:44:42 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08-05-2013 - 12:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 16-03-2014 - 10:29:13 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 19 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][15-03-2014] (...) -- C:\Users\Utilizador\Desktop\adwcleaner.exe [1950720]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][22-02-2014] (.Facebook Inc. - Setup.) -- C:\Users\Utilizador\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][17-03-2014] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Utilizador\Desktop\FLVMPlayer.exe [4953944]
[MD5.348AD296FA2A5E0CCF6EE5CB13BBEFAB] [SPRF][17-03-2014] (.Appsinstaller - Application Installer.) -- C:\Users\Utilizador\Desktop\FLV_Media_Player.exe [299280]
[MD5.916EA7F9B2882A6E955DF42D6B037934] [SPRF][17-03-2014] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\Desktop\uTorrent-2-.exe [1852496] =>P2P.BitTorrent
[MD5.E1E94652EB813EBC06C3867E0D3F5E03] [SPRF][12-12-2013] (.John Drew - Yagi Calculator Setup.) -- C:\Users\Utilizador\Desktop\yagisetup (1).exe [717209]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][05-04-2014] (...) -- C:\Users\Utilizador\Desktop\zoek.exe [1285120]
~ Files: 12 Legitimates Filtered in 00mn 02s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BBCDC61C8AA8009FED0028798A761EE2] [WIS][17-08-2013] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\1877aa5.msi [10502144]
~ WIS: 125 Legitimates Filtered in 00mn 37s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18-03-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17-02-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17-02-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 23-10-2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07-09-2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 05-04-2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05-04-2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 30-08-2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21-02-2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 06-03-2009 364064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18-10-2013 1025408 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-07-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 44s
---\\ Scâner Aditional (088)
Database Version : 13036 - (03-04-2014)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Users\Utilizador\Desktop\uTorrent-2-.exe =>P2P.BitTorrent^
~ Additionnel Scan: 212508 Items scanned in 00mn 59s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.RegHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
~ MSI: 4 link(s) detected in 00mn 00s
~ 1043 Legitimates filtered by white list
End of the scan (436 lines in 05mn 24s)(0)
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
Você sabe do que se trata estes programas em negrito abaixo que estão instalados em seu computador?
C:\Program Files (x86)\BancoBest
C:\Program Files (x86)\ZON NET MOBILE
__________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta e resposta a pergunta que lhe fiz acima também.
C:\Program Files (x86)\BancoBest
C:\Program Files (x86)\ZON NET MOBILE
__________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta e resposta a pergunta que lhe fiz acima também.
Última edição por Power Max em Ter 08 Abr 2014, 12:04, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover plugin do Banco do Brasil
Bom dia !
Power Max muito obrigado,pelo relatório pude ver que tudo está dando certo.
Acerca das duas questões
C:\Program Files (x86)\BancoBest
C:\Program Files (x86)\ZON NET MOBILE[/color]
Sim são conhecidas e autorizadas porque uma é um Banco daqui e outra é da operadora de internet que uso.
Resultado do ZHP Fix
Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Utilizador at 06-04-2014 10:33:53
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 17s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
ELIMINÉ: Service: GbpSv
ELIMINÉ: HKCU\Software\GbAs
ELIMINÉ: Service: Bonjour Service
ELIMINÉ: Service: SpyHunter 4 Service
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ Trusted Zone: bancobrasil.com.br
ELIMINÉ Trusted Zone: bb.com.br
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\gbplugin\gbieh.dll
ELIMINÉ: c:\users\public\desktop\reghunter.lnk
ELIMINÉ: c:\users\utilizador\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\spyhunter.lnk
ELIMINÉ: c:\windows\syswow64\drivers\gbpndisrd.sys
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINA REINICIAR: c:\program files\enigma software group\spyhunter\sh4service.exe
ELIMINÉ Temporários windows (121) (1.822.394 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
14 : Chaves do Registo
7 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
1 : Restauração Sistema
End of clean in 01mn 48s
========== Caminho do ficheiro do relatório ==========
C:\Users\Utilizador\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06-04-2014 10:34:11 [3095]
Power Max muito obrigado,pelo relatório pude ver que tudo está dando certo.
Acerca das duas questões
C:\Program Files (x86)\BancoBest
C:\Program Files (x86)\ZON NET MOBILE[/color]
Sim são conhecidas e autorizadas porque uma é um Banco daqui e outra é da operadora de internet que uso.
Resultado do ZHP Fix
Rapport de ZHPFix 2014.3.25.5 par Nicolas Coolman, Update du 25/03/2014
Fichier d'export Registre :
Run by Utilizador at 06-04-2014 10:33:53
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 17s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
ELIMINÉ: Service: GbpSv
ELIMINÉ: HKCU\Software\GbAs
ELIMINÉ: Service: Bonjour Service
ELIMINÉ: Service: SpyHunter 4 Service
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ Trusted Zone: bancobrasil.com.br
ELIMINÉ Trusted Zone: bb.com.br
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\gbplugin\gbieh.dll
ELIMINÉ: c:\users\public\desktop\reghunter.lnk
ELIMINÉ: c:\users\utilizador\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\spyhunter.lnk
ELIMINÉ: c:\windows\syswow64\drivers\gbpndisrd.sys
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINA REINICIAR: c:\program files\enigma software group\spyhunter\sh4service.exe
ELIMINÉ Temporários windows (121) (1.822.394 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
14 : Chaves do Registo
7 : Valores do Registo
2 : Elementos dos dados do Registo
1 : Pastas
8 : Ficheiros
1 : Restauração Sistema
End of clean in 01mn 48s
========== Caminho do ficheiro do relatório ==========
C:\Users\Utilizador\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06-04-2014 10:34:11 [3095]
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover plugin do Banco do Brasil
Power Max ,boa tarde!
Aqui está o resultado
~ Relatório do ZHPDiag v2014.4.6.3 - Nicolas Coolman (06-04-2014)
~ Iniciado por Utilizador (06-04-2014 14:52:57)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v33.0.1750.154
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2016
Microsoft Security Client PT-PT Language Pack v2.1.1116.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.20 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (18% free)
System Restore: Activé (Enable)
System drive C: has 246 GB (82%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: TOSHIBAA100
~ User Name: Utilizador
~ All Users Names: Utilizador, Guest, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Utilizador\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Utilizador\AppData\Roaming\
~ %Desktop% : C:\Users\Utilizador\Desktop\
~ %Favorites% : C:\Users\Utilizador\Favorites\
~ %LocalAppData% : C:\Users\Utilizador\AppData\Local\
~ %StartMenu% : C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 246 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorador do Windows.) (.26-02-2011 - 06:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.14-07-2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.22-02-2013 - 06:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.28-10-2009 - 06:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.14-07-2009 - 01:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-12-2011 - 03:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13-07-2009 - 23:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27-04-2011 - 02:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14-07-2009 - 00:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Controlador de porta i8042.) (.13-07-2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04-05-2011 - 02:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13-07-2009 - 23:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.12-04-2013 - 14:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Controlador de porta paralela.) (.14-07-2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 00:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14-07-2009 - 00:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13-07-2009 - 23:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.06-09-2012 - 17:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 06s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/2482
~ Mon Bureau (My Desktop) : 10/389
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3400]
[MD5.CA1EA5BC13E3820624669E8871EA6DFC] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe [32667896] [PID.3544]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.3688]
[MD5.4456B06D9E1340C39017EA98DA6436A0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8184320] [PID.3640]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.800]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1352]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1544]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1624]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1652]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Instalador do Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.3052]
~ Processes Running: Scanned in 00mn 07s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 3 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kobo.lnk . (...) -- C:\Program Files (x86)\Kobo\Kobo.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\QuickLaunch [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Utilizador]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Utilizador]: Upgrade to Paltalk Extreme.lnk - Chave orfã
O4 - GS\QuickLaunch [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\TaskBar [Utilizador]: ZON NET MOBILE.lnk . (...) -- C:\Program Files (x86)\ZON NET MOBILE\UIMain.exe
O4 - GS\Program [Utilizador]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [Utilizador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Utilizador]: Documentos - Atalho.lnk . (...) -- C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Guest]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Guest]: FacebookPasswordDecryptor.lnk . (.SecurityXploded - All-in-one Facebook Password Recovery Softw.) -- C:\Program Files (x86)\SecurityXploded\FacebookPasswordDecryptor\FacebookPasswordDecryptor.exe
~ Global Startup: 92 Legitimates Filtered in 00mn 17s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Utilizador]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Guest]: Uninstall Webroot RunOnce.lnk . (.Webroot Software, Inc. - Webroot Installer.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-3136738229-3321464536-2784466607-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 8 Legitimates Filtered in 00mn 12s
---\\ Software instalados (042)
O42 - Logiciel: ZON NET MOBILE - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BancoBest]
[HKCU\Software\PTEID]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 189 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05-08-2012 - 22:49:50 - [0] ----D C:\Program Files (x86)\BancoBest
O43 - CFD: 17-03-2014 - 13:58:58 - [0] ----D C:\Program Files (x86)\DriverUpdate
O43 - CFD: 02-04-2014 - 02:04:55 - [19,629] ----D C:\Program Files (x86)\ZON NET MOBILE
O43 - CFD: 03-08-2012 - 18:11:55 - [0] ----D C:\Users\Utilizador\AppData\Roaming\BancoBest
O43 - CFD: 03-08-2012 - 18:11:45 - [0,103] ----D C:\Users\Utilizador\AppData\Local\BancoBest
O43 - CFD: 06-03-2014 - 13:13:35 - [0,407] ----D C:\Users\Utilizador\AppData\Local\BeAnywhere Support Express
O43 - CFD: 11-12-2013 - 16:39:36 - [13,226] ----D C:\Users\Utilizador\AppData\Local\lptmp1402949683
O43 - CFD: 11-01-2014 - 16:07:32 - [7,478] ----D C:\Users\Utilizador\AppData\Local\lptmp890397290
O43 - CFD: 13-03-2014 - 02:06:43 - [0] -SH-D C:\Users\Utilizador\AppData\Local\ms-drivers
~ Program Folder: 168 Legitimates Filtered in 00mn 32s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 05-04-2014 - 20:32:17 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.C9FFD23F9ED7F6FFDCB9C54BC1149191] - 05-04-2014 - 20:37:30 ---A- . (...) -- C:\ComboFix.txt [20920]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05-04-2014 - 21:13:38 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.951970B9A9FCD9494A5054F20E085619] - 05-04-2014 - 21:46:31 ---A- . (...) -- C:\zoek-results.log [18697]
O44 - LFC:[MD5.ACBF9DA6EE3F6A82EABF2A43008E45EA] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [152656]
O44 - LFC:[MD5.7BA6C05D4CC77D7D5533A2284F5A00A8] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [721734]
~ Files: 22 Legitimates Filtered in 02mn 20s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.F87990FDBDD4DC037343A80BD7E67538] - 13-01-2014 - 12:59:33 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14-07-2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 22-06-2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10-06-2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14-07-2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.2E3ACFDA0B792707C59B307ABB6A6E95] - 17-03-2014 - 12:24:34 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
O58 - SDL:[MD5.2A6F99C1E2D25C4C920A37E07BB26291] - 16-10-2013 - 01:44:42 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08-05-2013 - 12:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
~ Drivers: 19 Legitimates Filtered in 00mn 07s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 01s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.)
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][15-03-2014] (...) -- C:\Users\Utilizador\Desktop\adwcleaner.exe [1950720]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][22-02-2014] (.Facebook Inc. - Setup.) -- C:\Users\Utilizador\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][17-03-2014] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Utilizador\Desktop\FLVMPlayer.exe [4953944]
[MD5.348AD296FA2A5E0CCF6EE5CB13BBEFAB] [SPRF][17-03-2014] (.Appsinstaller - Application Installer.) -- C:\Users\Utilizador\Desktop\FLV_Media_Player.exe [299280]
[MD5.916EA7F9B2882A6E955DF42D6B037934] [SPRF][17-03-2014] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\Desktop\uTorrent-2-.exe [1852496] =>P2P.BitTorrent
[MD5.E1E94652EB813EBC06C3867E0D3F5E03] [SPRF][12-12-2013] (.John Drew - Yagi Calculator Setup.) -- C:\Users\Utilizador\Desktop\yagisetup (1).exe [717209]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][05-04-2014] (...) -- C:\Users\Utilizador\Desktop\zoek.exe [1285120]
~ Files: 12 Legitimates Filtered in 00mn 03s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BBCDC61C8AA8009FED0028798A761EE2] [WIS][17-08-2013] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\1877aa5.msi [10502144]
~ WIS: 125 Legitimates Filtered in 00mn 27s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18-03-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17-02-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17-02-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 23-10-2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07-09-2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 05-04-2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05-04-2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 21-02-2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 06-03-2009 364064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-07-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 45s
---\\ Scâner Aditional (088)
Database Version : 13044 - (06-04-2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
C:\Users\Utilizador\Desktop\uTorrent-2-.exe =>P2P.BitTorrent^
~ Additionnel Scan: 212319 Items scanned in 01mn 06s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 1039 Legitimates filtered by white list
End of the scan (401 lines in 07mn 08s)(0)
Aqui está o resultado
~ Relatório do ZHPDiag v2014.4.6.3 - Nicolas Coolman (06-04-2014)
~ Iniciado por Utilizador (06-04-2014 14:52:57)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
GCIE: Google Chrome v33.0.1750.154
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Internet Security v9.0.2016
Microsoft Security Client PT-PT Language Pack v2.1.1116.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.20 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 15 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1022 MB (18% free)
System Restore: Activé (Enable)
System drive C: has 246 GB (82%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: TOSHIBAA100
~ User Name: Utilizador
~ All Users Names: Utilizador, Guest, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Utilizador\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Utilizador\AppData\Roaming\
~ %Desktop% : C:\Users\Utilizador\Desktop\
~ %Favorites% : C:\Users\Utilizador\Favorites\
~ %LocalAppData% : C:\Users\Utilizador\AppData\Local\
~ %StartMenu% : C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 246 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorador do Windows.) (.26-02-2011 - 06:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicação de Arranque do Windows.) (.14-07-2009 - 01:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensões da Internet para Win32.) (.22-02-2013 - 06:20:51.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicação de início de sessão do Windows.) (.28-10-2009 - 06:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.14-07-2009 - 01:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-12-2011 - 03:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 01:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-2009 - 23:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13-07-2009 - 23:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27-04-2011 - 02:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14-07-2009 - 00:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Controlador de porta i8042.) (.13-07-2009 - 23:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 00:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04-05-2011 - 02:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13-07-2009 - 23:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Controlador de Sistema de Ficheiros NT.) (.12-04-2013 - 14:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Controlador de porta paralela.) (.14-07-2009 - 00:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 00:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14-07-2009 - 00:18:02.) -- C:\Windows\system32\Drivers\rdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 00:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13-07-2009 - 23:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Controlador de cópia sombra do volume.) (.06-09-2012 - 17:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 06s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/18
~ Mes musiques (My Musics) : 1/8
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/2482
~ Mon Bureau (My Desktop) : 10/389
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 12s
---\\ Processos lançados
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640] [PID.3400]
[MD5.CA1EA5BC13E3820624669E8871EA6DFC] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe [32667896] [PID.3544]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.3688]
[MD5.4456B06D9E1340C39017EA98DA6436A0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8184320] [PID.3640]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.800]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1352]
[MD5.D58C10AFF2B5C09D615623A4DAC0E330] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [109048] [PID.1544]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1624]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1652]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Instalador do Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.3052]
~ Processes Running: Scanned in 00mn 07s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 3 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Kobo.lnk . (...) -- C:\Program Files (x86)\Kobo\Kobo.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\QuickLaunch [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Utilizador]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Utilizador]: Upgrade to Paltalk Extreme.lnk - Chave orfã
O4 - GS\QuickLaunch [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\QuickLaunch [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Utilizador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\TaskBar [Utilizador]: ZON NET MOBILE.lnk . (...) -- C:\Program Files (x86)\ZON NET MOBILE\UIMain.exe
O4 - GS\Program [Utilizador]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Utilizador]: Viber.lnk . (...) -- C:\Users\Utilizador\AppData\Local\Viber\Viber.exe
O4 - GS\SystemTools [Utilizador]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Utilizador]: Documentos - Atalho.lnk . (...) -- C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
O4 - GS\Desktop [Utilizador]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Program [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Guest]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Guest]: FacebookPasswordDecryptor.lnk . (.SecurityXploded - All-in-one Facebook Password Recovery Softw.) -- C:\Program Files (x86)\SecurityXploded\FacebookPasswordDecryptor\FacebookPasswordDecryptor.exe
~ Global Startup: 92 Legitimates Filtered in 00mn 17s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Utilizador]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - GS\Startup [Guest]: Uninstall Webroot RunOnce.lnk . (.Webroot Software, Inc. - Webroot Installer.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - HKCU\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-21-3136738229-3321464536-2784466607-1000\..\Run: [ccleaner] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{EE7A8BE6-057B-4CCA-BAB4-23EEBDAFB2B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F92DB7FD-987A-4D9A-814E-E9018FA08010}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 8 Legitimates Filtered in 00mn 12s
---\\ Software instalados (042)
O42 - Logiciel: ZON NET MOBILE - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
~ Logic: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BancoBest]
[HKCU\Software\PTEID]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 189 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05-08-2012 - 22:49:50 - [0] ----D C:\Program Files (x86)\BancoBest
O43 - CFD: 17-03-2014 - 13:58:58 - [0] ----D C:\Program Files (x86)\DriverUpdate
O43 - CFD: 02-04-2014 - 02:04:55 - [19,629] ----D C:\Program Files (x86)\ZON NET MOBILE
O43 - CFD: 03-08-2012 - 18:11:55 - [0] ----D C:\Users\Utilizador\AppData\Roaming\BancoBest
O43 - CFD: 03-08-2012 - 18:11:45 - [0,103] ----D C:\Users\Utilizador\AppData\Local\BancoBest
O43 - CFD: 06-03-2014 - 13:13:35 - [0,407] ----D C:\Users\Utilizador\AppData\Local\BeAnywhere Support Express
O43 - CFD: 11-12-2013 - 16:39:36 - [13,226] ----D C:\Users\Utilizador\AppData\Local\lptmp1402949683
O43 - CFD: 11-01-2014 - 16:07:32 - [7,478] ----D C:\Users\Utilizador\AppData\Local\lptmp890397290
O43 - CFD: 13-03-2014 - 02:06:43 - [0] -SH-D C:\Users\Utilizador\AppData\Local\ms-drivers
~ Program Folder: 168 Legitimates Filtered in 00mn 32s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 05-04-2014 - 20:32:17 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.C9FFD23F9ED7F6FFDCB9C54BC1149191] - 05-04-2014 - 20:37:30 ---A- . (...) -- C:\ComboFix.txt [20920]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 05-04-2014 - 21:13:38 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.951970B9A9FCD9494A5054F20E085619] - 05-04-2014 - 21:46:31 ---A- . (...) -- C:\zoek-results.log [18697]
O44 - LFC:[MD5.ACBF9DA6EE3F6A82EABF2A43008E45EA] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfc0816.dat [152656]
O44 - LFC:[MD5.7BA6C05D4CC77D7D5533A2284F5A00A8] - 31-03-2014 - 18:52:17 ---A- . (...) -- C:\Windows\System32\prfh0816.dat [721734]
~ Files: 22 Legitimates Filtered in 02mn 20s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.8D4B8BF93C65BDBC133B20706A3B5208] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.F87990FDBDD4DC037343A80BD7E67538] - 13-01-2014 - 12:59:33 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:[MD5.0606875650850B0697D662934529F6FC] - 05-04-2014 - 19:17:59 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208928]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14-07-2009 - 01:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] - 22-06-2012 - 11:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [22704]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10-06-2009 - 20:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14-07-2009 - 01:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.2E3ACFDA0B792707C59B307ABB6A6E95] - 17-03-2014 - 12:24:34 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [16152]
O58 - SDL:[MD5.2A6F99C1E2D25C4C920A37E07BB26291] - 16-10-2013 - 01:44:42 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys [42184]
O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08-05-2013 - 12:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
~ Drivers: 19 Legitimates Filtered in 00mn 07s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 01s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.DF06DC5837316EA78746E3F790A950ED] [SPRF][15-03-2014] (...) -- C:\Users\Utilizador\Desktop\adwcleaner.exe [1950720]
[MD5.FEE1D58C6AD73F25EB0DAD4F690560AD] [SPRF][22-02-2014] (.Facebook Inc. - Setup.) -- C:\Users\Utilizador\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [501248]
[MD5.972032F9CA03B3DA1EF34E3E9BD43F71] [SPRF][17-03-2014] (.FLVMPlayer - FLV Media Player Setup.) -- C:\Users\Utilizador\Desktop\FLVMPlayer.exe [4953944]
[MD5.348AD296FA2A5E0CCF6EE5CB13BBEFAB] [SPRF][17-03-2014] (.Appsinstaller - Application Installer.) -- C:\Users\Utilizador\Desktop\FLV_Media_Player.exe [299280]
[MD5.916EA7F9B2882A6E955DF42D6B037934] [SPRF][17-03-2014] (.BitTorrent Inc. - µTorrent.) -- C:\Users\Utilizador\Desktop\uTorrent-2-.exe [1852496] =>P2P.BitTorrent
[MD5.E1E94652EB813EBC06C3867E0D3F5E03] [SPRF][12-12-2013] (.John Drew - Yagi Calculator Setup.) -- C:\Users\Utilizador\Desktop\yagisetup (1).exe [717209]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][05-04-2014] (...) -- C:\Users\Utilizador\Desktop\zoek.exe [1285120]
~ Files: 12 Legitimates Filtered in 00mn 03s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BBCDC61C8AA8009FED0028798A761EE2] [WIS][17-08-2013] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\1877aa5.msi [10502144]
~ WIS: 125 Legitimates Filtered in 00mn 27s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 18-03-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 17-02-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17-02-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 23-10-2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 21-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07-09-2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 05-04-2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 05-04-2014 109048 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 21-02-2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14-07-2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 06-03-2009 364064 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 14-07-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-07-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 45s
---\\ Scâner Aditional (088)
Database Version : 13044 - (06-04-2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
C:\Users\Utilizador\Desktop\uTorrent-2-.exe =>P2P.BitTorrent^
~ Additionnel Scan: 212319 Items scanned in 01mn 06s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s
~ 1039 Legitimates filtered by white list
End of the scan (401 lines in 07mn 08s)(0)
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta
Última edição por Power Max em Ter 08 Abr 2014, 12:06, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Remover plugin do Banco do Brasil
Max Power grato mais esta vez pela sua dedicação.Aqui está o resultado do que me pediu para fazer
Rapport de ZHPFix 2014.4.6.1 par Nicolas Coolman, Update du 06/04/2014
Fichier d'export Registre :
Run by Utilizador at 06-04-2014 23:19:26
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 04s)
========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
ELIMINÉ: Service: GbpSv
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\gbplugin\gbieh.dll
ELIMINA REINICIAR: c:\windows\syswow64\drivers\gbpkm.sys
ELIMINÉ Temporários windows (3) (41.984 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 01mn 34s
========== Caminho do ficheiro do relatório ==========
C:\Users\Utilizador\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06-04-2014 09:34:11 [3180]
C:\Users\Utilizador\AppData\Roaming\ZHP\ZHPFix[R2].txt - 06-04-2014 23:19:31 [1086]
Rapport de ZHPFix 2014.4.6.1 par Nicolas Coolman, Update du 06/04/2014
Fichier d'export Registre :
Run by Utilizador at 06-04-2014 23:19:26
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 04s)
========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
ELIMINÉ: Service: GbpSv
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\program files (x86)\gbplugin\gbieh.dll
ELIMINA REINICIAR: c:\windows\syswow64\drivers\gbpkm.sys
ELIMINÉ Temporários windows (3) (41.984 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Chaves do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 01mn 34s
========== Caminho do ficheiro do relatório ==========
C:\Users\Utilizador\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06-04-2014 09:34:11 [3180]
C:\Users\Utilizador\AppData\Roaming\ZHP\ZHPFix[R2].txt - 06-04-2014 23:19:31 [1086]
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve-o no Desktop (Área de Trabalho)
Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version
*Execute o FRST e aceite o contrato
*Clique [Scan]
*Ao término clique [OK] > [OK]
*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt
Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version
*Execute o FRST e aceite o contrato
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Scan]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Ao término clique [OK] > [OK]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt
Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover plugin do Banco do Brasil
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Utilizador (administrator) on TOSHIBAA100 on 06-04-2014 23:54:30
Running from C:\Users\Utilizador\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Utilizador\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-3136738229-3321464536-2784466607-1000\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5283680 2012-06-22] (Piriform Ltd)
HKU\S-1-5-21-3136738229-3321464536-2784466607-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA04945B8BC4FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Pesquisa do Google) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (avast! Online Security) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-05] (AVAST Software)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
==================== Drivers (Whitelisted) ====================
R1 44278511; C:\Windows\System32\DRIVERS\44278511.sys [157712 2009-09-25] (Kaspersky Lab)
R0 44278512; C:\Windows\System32\DRIVERS\44278512.sys [40464 2009-10-22] (Kaspersky Lab)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-13] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] ()
S3 catchme; No ImagePath
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 esgiguard; No ImagePath
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R1 setup_9.0.0.722_22.04.2013_05-21drv; C:\Windows\System32\DRIVERS\4427851.sys [352784 2009-10-10] (Kaspersky Lab)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-17] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-06 23:53 - 2014-04-06 23:53 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64 (1).exe
2014-04-06 23:45 - 2014-04-06 23:45 - 00000926 _____ () C:\Users\Utilizador\ComboFix - Atalho.lnk
2014-04-06 23:42 - 2014-04-06 23:42 - 00000056 _____ () C:\Windows\setupact.log
2014-04-06 23:42 - 2014-04-06 23:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 23:39 - 2014-04-06 23:39 - 00030219 _____ () C:\Users\Utilizador\Desktop\FRST1.txt
2014-04-06 23:38 - 2014-04-06 23:38 - 00025674 _____ () C:\Users\Utilizador\Desktop\Addition1.txt
2014-04-06 23:36 - 2014-04-06 23:37 - 00025674 _____ () C:\Users\Utilizador\Downloads\Addition.txt
2014-04-06 23:33 - 2014-04-06 23:54 - 00009406 _____ () C:\Users\Utilizador\Downloads\FRST.txt
2014-04-06 23:32 - 2014-04-06 23:54 - 00000000 ____D () C:\FRST
2014-04-06 23:30 - 2014-04-06 23:31 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64.exe
2014-04-06 23:21 - 2014-04-06 23:19 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFixReport.txt
2014-04-06 23:20 - 2014-04-06 23:20 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R2]4.txt
2014-04-06 19:01 - 2014-04-06 19:01 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag3.txt
2014-04-06 15:35 - 2014-04-06 15:35 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.txt
2014-04-06 15:34 - 2014-04-06 15:34 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-04-06 15:11 - 2014-04-06 15:11 - 00027390 _____ () C:\Users\Utilizador\Desktop\ZHPDiag2.txt
2014-04-06 14:52 - 2014-04-06 14:52 - 00003168 _____ () C:\Windows\System32\Tasks\{090D53FE-5DFE-4B01-8D01-B349B0F40E93}
2014-04-06 10:52 - 2014-04-06 23:40 - 00035389 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 10:46 - 2014-04-06 10:46 - 00003196 _____ () C:\Windows\System32\Tasks\{4484B57A-3C80-43CF-A90B-B640234BD1A5}
2014-04-06 10:35 - 2014-04-06 10:35 - 00003180 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R1]1.txt
2014-04-05 23:32 - 2014-04-05 23:32 - 00030577 _____ () C:\Users\Utilizador\Desktop\ZHPDiag1.txt
2014-04-05 23:18 - 2014-04-06 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\ZHP
2014-04-05 23:18 - 2014-04-06 14:52 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-04-05 23:18 - 2014-04-06 14:51 - 00001991 _____ () C:\Users\Utilizador\Desktop\ZHPFix.lnk
2014-04-05 23:18 - 2014-04-06 14:51 - 00001864 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.lnk
2014-04-05 23:17 - 2014-04-05 23:17 - 06863616 _____ (Nicolas Coolman ) C:\Users\Utilizador\Downloads\ZHPDiag2.exe
2014-04-05 23:16 - 2014-04-05 23:16 - 00018697 _____ () C:\Users\Utilizador\Desktop\zoek-results.txt
2014-04-05 23:16 - 2014-04-05 23:16 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT1.txt
2014-04-05 23:14 - 2014-04-05 23:14 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT.txt
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Windows\ERUNT
2014-04-05 22:58 - 2014-04-05 22:58 - 01038974 _____ (Thisisu) C:\Users\Utilizador\Downloads\JRT.exe
2014-04-05 22:43 - 2014-04-05 22:13 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 22:15 - 2014-04-05 22:46 - 00018697 _____ () C:\zoek-results.log
2014-04-05 22:13 - 2014-04-05 22:33 - 00000000 ____D () C:\zoek_backup
2014-04-05 22:12 - 2014-04-05 22:13 - 01285120 _____ () C:\Users\Utilizador\Desktop\zoek.exe
2014-04-05 21:37 - 2014-04-05 21:37 - 00020920 _____ () C:\ComboFix.txt
2014-04-05 21:13 - 2014-04-05 21:14 - 05193579 ____R (Swearware) C:\Users\Utilizador\Desktop\ComboFix.exe
2014-04-05 20:46 - 2014-04-06 23:44 - 00000000 ___RD () C:\Users\Utilizador\Documents\Dropbox
2014-04-05 20:46 - 2014-04-05 20:46 - 00001006 _____ () C:\Users\Utilizador\Desktop\Dropbox.lnk
2014-04-05 20:43 - 2014-04-05 20:46 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\DropboxMaster
2014-04-05 20:42 - 2014-04-05 20:43 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 20:17 - 2014-04-05 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 20:16 - 2014-04-05 20:16 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-02 23:26 - 2014-04-02 23:26 - 00014479 _____ () C:\Users\Utilizador\Reclamação.htm
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Users\Utilizador\Reclamação_files
2014-03-30 01:12 - 2014-03-30 01:12 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Mozilla
2014-03-30 01:08 - 2014-03-30 01:09 - 00847856 _____ (Google Inc.) C:\Users\Utilizador\Desktop\GoogleVoiceAndVideoSetup.exe
2014-03-27 23:18 - 2014-03-27 23:24 - 00165888 _____ () C:\Users\Utilizador\Desktop\Melhores-taxas-de-juro-de-depósitos-a-prazo-Total41.xls
2014-03-23 23:23 - 2014-03-23 23:44 - 00013810 _____ () C:\Users\Utilizador\GESTÃO DO SKODA 2014.xlsx
2014-03-18 19:06 - 2014-03-18 19:06 - 00002122 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-03-18 19:06 - 2014-03-18 19:06 - 00001190 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-18 19:05 - 2014-03-18 19:05 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-03-18 19:02 - 2014-03-18 19:03 - 11928264 _____ (DsNET Corp) C:\Users\Utilizador\aTubeCatcher.exe
2014-03-18 00:47 - 2014-03-18 01:07 - 1464738954 _____ () C:\Users\Utilizador\Downloads\Baise-Moi.mkv
2014-03-17 13:24 - 2014-03-17 13:24 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-03-17 13:24 - 2014-03-17 13:24 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\SlimWare Utilities Inc
2014-03-17 13:23 - 2014-03-17 13:58 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-03-17 13:23 - 2014-03-17 13:23 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-17 11:30 - 2014-03-17 11:36 - 00000000 ____D () C:\Users\Utilizador\Downloads\We Are Explorers - 3D Printed Video
2014-03-17 11:29 - 2014-03-17 11:29 - 00000818 _____ () C:\Users\Utilizador\Desktop\µTorrent.lnk
2014-03-17 11:29 - 2014-03-17 11:29 - 00000798 _____ () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-03-17 11:27 - 2014-03-19 23:36 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\uTorrent
2014-03-17 11:24 - 2014-03-17 11:25 - 01852496 _____ (BitTorrent Inc.) C:\Users\Utilizador\Desktop\uTorrent-2-.exe
2014-03-17 10:09 - 2014-03-18 09:13 - 00001077 _____ () C:\Users\Public\Desktop\FLV Media Player.lnk
2014-03-17 10:09 - 2014-03-18 09:13 - 00000000 ____D () C:\Program Files (x86)\FLV Media Player
2014-03-17 10:01 - 2014-03-17 10:01 - 04953944 _____ (FLVMPlayer ) C:\Users\Utilizador\Desktop\FLVMPlayer.exe
2014-03-17 09:56 - 2014-03-17 09:57 - 00299280 _____ (Appsinstaller) C:\Users\Utilizador\FLV_Media_Player.exe
2014-03-15 01:01 - 2014-03-15 01:01 - 01950720 _____ () C:\Users\Utilizador\adwcleaner.exe
2014-03-13 23:21 - 2014-03-13 23:30 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\PFStaticIP
2014-03-13 23:21 - 2014-03-13 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-03-13 02:06 - 2014-03-13 12:16 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\MetaGeek,_LLC
2014-03-13 02:06 - 2014-03-13 02:06 - 00000037 ___SH () C:\Users\Utilizador\AppData\Local\70149b02515b3bb20dd492.47983420
2014-03-13 02:06 - 2014-03-13 02:06 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\IsolatedStorage
2014-03-11 12:26 - 2014-03-11 12:26 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Skype
2014-03-09 01:50 - 2014-03-09 01:51 - 00118149 _____ () C:\Users\Utilizador\Downloads\wmpChrome (3).crx
==================== One Month Modified Files and Folders =======
2014-04-06 23:55 - 2014-04-06 23:33 - 00009406 _____ () C:\Users\Utilizador\Downloads\FRST.txt
2014-04-06 23:54 - 2014-04-06 23:32 - 00000000 ____D () C:\FRST
2014-04-06 23:53 - 2014-04-06 23:53 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64 (1).exe
2014-04-06 23:48 - 2014-04-06 10:52 - 00035389 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 23:48 - 2013-11-28 02:33 - 00000000 ____D () C:\Users\Utilizador\Desktop\X_Receitas
2014-04-06 23:47 - 2012-06-21 10:50 - 00000000 ____D () C:\Users\Utilizador
2014-04-06 23:47 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 23:47 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 23:45 - 2014-04-06 23:45 - 00000926 _____ () C:\Users\Utilizador\ComboFix - Atalho.lnk
2014-04-06 23:44 - 2014-04-05 20:46 - 00000000 ___RD () C:\Users\Utilizador\Documents\Dropbox
2014-04-06 23:44 - 2012-07-14 21:56 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Dropbox
2014-04-06 23:42 - 2014-04-06 23:42 - 00000056 _____ () C:\Windows\setupact.log
2014-04-06 23:42 - 2014-04-06 23:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 23:42 - 2013-04-05 23:50 - 00016384 _____ () C:\Windows\system32\Ikeext.etl
2014-04-06 23:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 23:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-04-06 23:39 - 2014-04-06 23:39 - 00030219 _____ () C:\Users\Utilizador\Desktop\FRST1.txt
2014-04-06 23:38 - 2014-04-06 23:38 - 00025674 _____ () C:\Users\Utilizador\Desktop\Addition1.txt
2014-04-06 23:37 - 2014-04-06 23:36 - 00025674 _____ () C:\Users\Utilizador\Downloads\Addition.txt
2014-04-06 23:35 - 2013-12-23 00:20 - 00000000 ____D () C:\Users\Utilizador\Desktop\Anti
2014-04-06 23:31 - 2014-04-06 23:30 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64.exe
2014-04-06 23:21 - 2014-04-05 23:18 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\ZHP
2014-04-06 23:20 - 2014-04-06 23:20 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R2]4.txt
2014-04-06 23:19 - 2014-04-06 23:21 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFixReport.txt
2014-04-06 19:01 - 2014-04-06 19:01 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag3.txt
2014-04-06 15:35 - 2014-04-06 15:35 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.txt
2014-04-06 15:34 - 2014-04-06 15:34 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-04-06 15:11 - 2014-04-06 15:11 - 00027390 _____ () C:\Users\Utilizador\Desktop\ZHPDiag2.txt
2014-04-06 14:52 - 2014-04-06 14:52 - 00003168 _____ () C:\Windows\System32\Tasks\{090D53FE-5DFE-4B01-8D01-B349B0F40E93}
2014-04-06 14:52 - 2014-04-05 23:18 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-04-06 14:51 - 2014-04-05 23:18 - 00001991 _____ () C:\Users\Utilizador\Desktop\ZHPFix.lnk
2014-04-06 14:51 - 2014-04-05 23:18 - 00001864 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.lnk
2014-04-06 10:46 - 2014-04-06 10:46 - 00003196 _____ () C:\Windows\System32\Tasks\{4484B57A-3C80-43CF-A90B-B640234BD1A5}
2014-04-06 10:35 - 2014-04-06 10:35 - 00003180 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R1]1.txt
2014-04-06 10:23 - 2014-01-13 14:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-05 23:32 - 2014-04-05 23:32 - 00030577 _____ () C:\Users\Utilizador\Desktop\ZHPDiag1.txt
2014-04-05 23:17 - 2014-04-05 23:17 - 06863616 _____ (Nicolas Coolman ) C:\Users\Utilizador\Downloads\ZHPDiag2.exe
2014-04-05 23:16 - 2014-04-05 23:16 - 00018697 _____ () C:\Users\Utilizador\Desktop\zoek-results.txt
2014-04-05 23:16 - 2014-04-05 23:16 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT1.txt
2014-04-05 23:14 - 2014-04-05 23:14 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT.txt
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Windows\ERUNT
2014-04-05 22:58 - 2014-04-05 22:58 - 01038974 _____ (Thisisu) C:\Users\Utilizador\Downloads\JRT.exe
2014-04-05 22:46 - 2014-04-05 22:15 - 00018697 _____ () C:\zoek-results.log
2014-04-05 22:33 - 2014-04-05 22:13 - 00000000 ____D () C:\zoek_backup
2014-04-05 22:13 - 2014-04-05 22:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 22:13 - 2014-04-05 22:12 - 01285120 _____ () C:\Users\Utilizador\Desktop\zoek.exe
2014-04-05 21:37 - 2014-04-05 21:37 - 00020920 _____ () C:\ComboFix.txt
2014-04-05 21:37 - 2013-04-22 00:14 - 00000000 ____D () C:\Qoobox
2014-04-05 21:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-05 21:14 - 2014-04-05 21:13 - 05193579 ____R (Swearware) C:\Users\Utilizador\Desktop\ComboFix.exe
2014-04-05 21:11 - 2013-04-21 01:13 - 00000000 ____D () C:\Users\Utilizador\Downloads\backups
2014-04-05 21:05 - 2014-02-13 13:44 - 00006651 _____ () C:\Users\Utilizador\Downloads\hijackthis.log
2014-04-05 20:46 - 2014-04-05 20:46 - 00001006 _____ () C:\Users\Utilizador\Desktop\Dropbox.lnk
2014-04-05 20:46 - 2014-04-05 20:43 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\DropboxMaster
2014-04-05 20:45 - 2012-06-21 10:51 - 00000000 ___RD () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 20:43 - 2014-04-05 20:42 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 20:23 - 2014-01-29 11:36 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-04-05 20:18 - 2014-01-13 14:00 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-05 20:17 - 2014-04-05 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 20:17 - 2014-01-29 11:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-05 20:17 - 2014-01-13 13:59 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-05 20:17 - 2014-01-13 13:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-05 20:16 - 2014-04-05 20:16 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-05 01:10 - 2014-01-29 11:36 - 00002032 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-04-05 00:45 - 2012-07-03 10:50 - 00000000 ____D () C:\Program Files (x86)\HP
2014-04-05 00:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 00:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-04-05 00:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-05 00:28 - 2012-08-16 12:56 - 00000000 ____D () C:\Users\Guest
2014-04-05 00:15 - 2012-07-03 10:47 - 00008526 _____ () C:\ProgramData\hpzinstall.log
2014-04-04 12:36 - 2013-08-26 21:57 - 00000000 ____D () C:\AdwCleaner
2014-04-04 12:17 - 2013-12-23 00:23 - 00000000 ____D () C:\Users\Utilizador\Imagens
2014-04-03 23:33 - 2012-07-03 10:47 - 00000000 ____D () C:\ProgramData\HP
2014-04-02 23:26 - 2014-04-02 23:26 - 00014479 _____ () C:\Users\Utilizador\Reclamação.htm
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Users\Utilizador\Reclamação_files
2014-04-02 02:04 - 2013-02-26 09:23 - 00000000 ____D () C:\Program Files (x86)\ZON NET MOBILE
2014-03-31 19:52 - 2012-06-21 11:22 - 00721734 _____ () C:\Windows\system32\prfh0816.dat
2014-03-31 19:52 - 2012-06-21 11:22 - 00152656 _____ () C:\Windows\system32\prfc0816.dat
2014-03-31 19:52 - 2009-07-14 06:13 - 01656832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 02:53 - 2013-01-25 11:01 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Skype
2014-03-30 01:12 - 2014-03-30 01:12 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Mozilla
2014-03-30 01:12 - 2012-06-30 09:37 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Google
2014-03-30 01:09 - 2014-03-30 01:08 - 00847856 _____ (Google Inc.) C:\Users\Utilizador\Desktop\GoogleVoiceAndVideoSetup.exe
2014-03-27 23:24 - 2014-03-27 23:18 - 00165888 _____ () C:\Users\Utilizador\Desktop\Melhores-taxas-de-juro-de-depósitos-a-prazo-Total41.xls
2014-03-23 23:44 - 2014-03-23 23:23 - 00013810 _____ () C:\Users\Utilizador\GESTÃO DO SKODA 2014.xlsx
2014-03-19 23:36 - 2014-03-17 11:27 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\uTorrent
2014-03-19 10:52 - 2013-08-04 03:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 10:47 - 2012-06-21 13:25 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 19:32 - 2013-12-21 00:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 19:32 - 2013-12-21 00:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 19:06 - 2014-03-18 19:06 - 00002122 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-03-18 19:06 - 2014-03-18 19:06 - 00001190 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-18 19:05 - 2014-03-18 19:05 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-03-18 19:03 - 2014-03-18 19:02 - 11928264 _____ (DsNET Corp) C:\Users\Utilizador\aTubeCatcher.exe
2014-03-18 09:13 - 2014-03-17 10:09 - 00001077 _____ () C:\Users\Public\Desktop\FLV Media Player.lnk
2014-03-18 09:13 - 2014-03-17 10:09 - 00000000 ____D () C:\Program Files (x86)\FLV Media Player
2014-03-18 09:04 - 2012-06-21 17:52 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Windows Live
2014-03-18 01:07 - 2014-03-18 00:47 - 1464738954 _____ () C:\Users\Utilizador\Downloads\Baise-Moi.mkv
2014-03-17 21:22 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-17 21:22 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU(84).TXT
2014-03-17 13:58 - 2014-03-17 13:23 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-03-17 13:24 - 2014-03-17 13:24 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-03-17 13:24 - 2014-03-17 13:24 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\SlimWare Utilities Inc
2014-03-17 13:23 - 2014-03-17 13:23 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-17 11:36 - 2014-03-17 11:30 - 00000000 ____D () C:\Users\Utilizador\Downloads\We Are Explorers - 3D Printed Video
2014-03-17 11:29 - 2014-03-17 11:29 - 00000818 _____ () C:\Users\Utilizador\Desktop\µTorrent.lnk
2014-03-17 11:29 - 2014-03-17 11:29 - 00000798 _____ () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-03-17 11:25 - 2014-03-17 11:24 - 01852496 _____ (BitTorrent Inc.) C:\Users\Utilizador\Desktop\uTorrent-2-.exe
2014-03-17 10:01 - 2014-03-17 10:01 - 04953944 _____ (FLVMPlayer ) C:\Users\Utilizador\Desktop\FLVMPlayer.exe
2014-03-17 09:57 - 2014-03-17 09:56 - 00299280 _____ (Appsinstaller) C:\Users\Utilizador\FLV_Media_Player.exe
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-03-16 11:29 - 2013-09-14 02:16 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat
2014-03-16 11:29 - 2013-09-14 02:16 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
2014-03-15 19:07 - 2014-02-17 23:23 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 01:01 - 2014-03-15 01:01 - 01950720 _____ () C:\Users\Utilizador\adwcleaner.exe
2014-03-13 23:30 - 2014-03-13 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\PFStaticIP
2014-03-13 23:21 - 2014-03-13 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-03-13 12:16 - 2014-03-13 02:06 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\MetaGeek,_LLC
2014-03-13 02:06 - 2014-03-13 02:06 - 00000037 ___SH () C:\Users\Utilizador\AppData\Local\70149b02515b3bb20dd492.47983420
2014-03-13 02:06 - 2014-03-13 02:06 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\IsolatedStorage
2014-03-12 10:25 - 2012-06-21 16:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 10:25 - 2012-06-21 16:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:00 - 2012-06-21 16:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 12:26 - 2014-03-11 12:26 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Skype
2014-03-11 12:26 - 2013-01-25 11:00 - 00000000 ____D () C:\ProgramData\Skype
2014-03-11 12:25 - 2013-03-10 18:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 01:51 - 2014-03-09 01:50 - 00118149 _____ () C:\Users\Utilizador\Downloads\wmpChrome (3).crx
Files to move or delete:
====================
C:\Users\Utilizador\adwcleaner.exe
C:\Users\Utilizador\aTubeCatcher.exe
C:\Users\Utilizador\chromeinstall-7u51.exe
C:\Users\Utilizador\FLV_Media_Player.exe
C:\Users\Utilizador\MicrosoftFixit.wu.LB.27306334611135907.1.1.Run.exe
Some content of TEMP:
====================
C:\Users\Utilizador\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvnkf6m.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 01:01
==================== End Of Log ============================
Ran by Utilizador (administrator) on TOSHIBAA100 on 06-04-2014 23:54:30
Running from C:\Users\Utilizador\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Utilizador\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
HKU\S-1-5-21-3136738229-3321464536-2784466607-1000\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5283680 2012-06-22] (Piriform Ltd)
HKU\S-1-5-21-3136738229-3321464536-2784466607-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA04945B8BC4FCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Pesquisa do Google) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (avast! Online Security) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\Utilizador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-04-05] (AVAST Software)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
==================== Drivers (Whitelisted) ====================
R1 44278511; C:\Windows\System32\DRIVERS\44278511.sys [157712 2009-09-25] (Kaspersky Lab)
R0 44278512; C:\Windows\System32\DRIVERS\44278512.sys [40464 2009-10-22] (Kaspersky Lab)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [445304 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-13] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] ()
S3 catchme; No ImagePath
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 esgiguard; No ImagePath
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
R1 setup_9.0.0.722_22.04.2013_05-21drv; C:\Windows\System32\DRIVERS\4427851.sys [352784 2009-10-10] (Kaspersky Lab)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-03-17] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-06 23:53 - 2014-04-06 23:53 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64 (1).exe
2014-04-06 23:45 - 2014-04-06 23:45 - 00000926 _____ () C:\Users\Utilizador\ComboFix - Atalho.lnk
2014-04-06 23:42 - 2014-04-06 23:42 - 00000056 _____ () C:\Windows\setupact.log
2014-04-06 23:42 - 2014-04-06 23:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 23:39 - 2014-04-06 23:39 - 00030219 _____ () C:\Users\Utilizador\Desktop\FRST1.txt
2014-04-06 23:38 - 2014-04-06 23:38 - 00025674 _____ () C:\Users\Utilizador\Desktop\Addition1.txt
2014-04-06 23:36 - 2014-04-06 23:37 - 00025674 _____ () C:\Users\Utilizador\Downloads\Addition.txt
2014-04-06 23:33 - 2014-04-06 23:54 - 00009406 _____ () C:\Users\Utilizador\Downloads\FRST.txt
2014-04-06 23:32 - 2014-04-06 23:54 - 00000000 ____D () C:\FRST
2014-04-06 23:30 - 2014-04-06 23:31 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64.exe
2014-04-06 23:21 - 2014-04-06 23:19 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFixReport.txt
2014-04-06 23:20 - 2014-04-06 23:20 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R2]4.txt
2014-04-06 19:01 - 2014-04-06 19:01 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag3.txt
2014-04-06 15:35 - 2014-04-06 15:35 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.txt
2014-04-06 15:34 - 2014-04-06 15:34 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-04-06 15:11 - 2014-04-06 15:11 - 00027390 _____ () C:\Users\Utilizador\Desktop\ZHPDiag2.txt
2014-04-06 14:52 - 2014-04-06 14:52 - 00003168 _____ () C:\Windows\System32\Tasks\{090D53FE-5DFE-4B01-8D01-B349B0F40E93}
2014-04-06 10:52 - 2014-04-06 23:40 - 00035389 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 10:46 - 2014-04-06 10:46 - 00003196 _____ () C:\Windows\System32\Tasks\{4484B57A-3C80-43CF-A90B-B640234BD1A5}
2014-04-06 10:35 - 2014-04-06 10:35 - 00003180 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R1]1.txt
2014-04-05 23:32 - 2014-04-05 23:32 - 00030577 _____ () C:\Users\Utilizador\Desktop\ZHPDiag1.txt
2014-04-05 23:18 - 2014-04-06 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\ZHP
2014-04-05 23:18 - 2014-04-06 14:52 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-04-05 23:18 - 2014-04-06 14:51 - 00001991 _____ () C:\Users\Utilizador\Desktop\ZHPFix.lnk
2014-04-05 23:18 - 2014-04-06 14:51 - 00001864 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.lnk
2014-04-05 23:17 - 2014-04-05 23:17 - 06863616 _____ (Nicolas Coolman ) C:\Users\Utilizador\Downloads\ZHPDiag2.exe
2014-04-05 23:16 - 2014-04-05 23:16 - 00018697 _____ () C:\Users\Utilizador\Desktop\zoek-results.txt
2014-04-05 23:16 - 2014-04-05 23:16 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT1.txt
2014-04-05 23:14 - 2014-04-05 23:14 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT.txt
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Windows\ERUNT
2014-04-05 22:58 - 2014-04-05 22:58 - 01038974 _____ (Thisisu) C:\Users\Utilizador\Downloads\JRT.exe
2014-04-05 22:43 - 2014-04-05 22:13 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 22:15 - 2014-04-05 22:46 - 00018697 _____ () C:\zoek-results.log
2014-04-05 22:13 - 2014-04-05 22:33 - 00000000 ____D () C:\zoek_backup
2014-04-05 22:12 - 2014-04-05 22:13 - 01285120 _____ () C:\Users\Utilizador\Desktop\zoek.exe
2014-04-05 21:37 - 2014-04-05 21:37 - 00020920 _____ () C:\ComboFix.txt
2014-04-05 21:13 - 2014-04-05 21:14 - 05193579 ____R (Swearware) C:\Users\Utilizador\Desktop\ComboFix.exe
2014-04-05 20:46 - 2014-04-06 23:44 - 00000000 ___RD () C:\Users\Utilizador\Documents\Dropbox
2014-04-05 20:46 - 2014-04-05 20:46 - 00001006 _____ () C:\Users\Utilizador\Desktop\Dropbox.lnk
2014-04-05 20:43 - 2014-04-05 20:46 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\DropboxMaster
2014-04-05 20:42 - 2014-04-05 20:43 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 20:17 - 2014-04-05 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 20:16 - 2014-04-05 20:16 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-02 23:26 - 2014-04-02 23:26 - 00014479 _____ () C:\Users\Utilizador\Reclamação.htm
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Users\Utilizador\Reclamação_files
2014-03-30 01:12 - 2014-03-30 01:12 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Mozilla
2014-03-30 01:08 - 2014-03-30 01:09 - 00847856 _____ (Google Inc.) C:\Users\Utilizador\Desktop\GoogleVoiceAndVideoSetup.exe
2014-03-27 23:18 - 2014-03-27 23:24 - 00165888 _____ () C:\Users\Utilizador\Desktop\Melhores-taxas-de-juro-de-depósitos-a-prazo-Total41.xls
2014-03-23 23:23 - 2014-03-23 23:44 - 00013810 _____ () C:\Users\Utilizador\GESTÃO DO SKODA 2014.xlsx
2014-03-18 19:06 - 2014-03-18 19:06 - 00002122 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-03-18 19:06 - 2014-03-18 19:06 - 00001190 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-18 19:05 - 2014-03-18 19:05 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-03-18 19:02 - 2014-03-18 19:03 - 11928264 _____ (DsNET Corp) C:\Users\Utilizador\aTubeCatcher.exe
2014-03-18 00:47 - 2014-03-18 01:07 - 1464738954 _____ () C:\Users\Utilizador\Downloads\Baise-Moi.mkv
2014-03-17 13:24 - 2014-03-17 13:24 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-03-17 13:24 - 2014-03-17 13:24 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\SlimWare Utilities Inc
2014-03-17 13:23 - 2014-03-17 13:58 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-03-17 13:23 - 2014-03-17 13:23 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-17 11:30 - 2014-03-17 11:36 - 00000000 ____D () C:\Users\Utilizador\Downloads\We Are Explorers - 3D Printed Video
2014-03-17 11:29 - 2014-03-17 11:29 - 00000818 _____ () C:\Users\Utilizador\Desktop\µTorrent.lnk
2014-03-17 11:29 - 2014-03-17 11:29 - 00000798 _____ () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-03-17 11:27 - 2014-03-19 23:36 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\uTorrent
2014-03-17 11:24 - 2014-03-17 11:25 - 01852496 _____ (BitTorrent Inc.) C:\Users\Utilizador\Desktop\uTorrent-2-.exe
2014-03-17 10:09 - 2014-03-18 09:13 - 00001077 _____ () C:\Users\Public\Desktop\FLV Media Player.lnk
2014-03-17 10:09 - 2014-03-18 09:13 - 00000000 ____D () C:\Program Files (x86)\FLV Media Player
2014-03-17 10:01 - 2014-03-17 10:01 - 04953944 _____ (FLVMPlayer ) C:\Users\Utilizador\Desktop\FLVMPlayer.exe
2014-03-17 09:56 - 2014-03-17 09:57 - 00299280 _____ (Appsinstaller) C:\Users\Utilizador\FLV_Media_Player.exe
2014-03-15 01:01 - 2014-03-15 01:01 - 01950720 _____ () C:\Users\Utilizador\adwcleaner.exe
2014-03-13 23:21 - 2014-03-13 23:30 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\PFStaticIP
2014-03-13 23:21 - 2014-03-13 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-03-13 02:06 - 2014-03-13 12:16 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\MetaGeek,_LLC
2014-03-13 02:06 - 2014-03-13 02:06 - 00000037 ___SH () C:\Users\Utilizador\AppData\Local\70149b02515b3bb20dd492.47983420
2014-03-13 02:06 - 2014-03-13 02:06 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\IsolatedStorage
2014-03-11 12:26 - 2014-03-11 12:26 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Skype
2014-03-09 01:50 - 2014-03-09 01:51 - 00118149 _____ () C:\Users\Utilizador\Downloads\wmpChrome (3).crx
==================== One Month Modified Files and Folders =======
2014-04-06 23:55 - 2014-04-06 23:33 - 00009406 _____ () C:\Users\Utilizador\Downloads\FRST.txt
2014-04-06 23:54 - 2014-04-06 23:32 - 00000000 ____D () C:\FRST
2014-04-06 23:53 - 2014-04-06 23:53 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64 (1).exe
2014-04-06 23:48 - 2014-04-06 10:52 - 00035389 _____ () C:\Windows\WindowsUpdate.log
2014-04-06 23:48 - 2013-11-28 02:33 - 00000000 ____D () C:\Users\Utilizador\Desktop\X_Receitas
2014-04-06 23:47 - 2012-06-21 10:50 - 00000000 ____D () C:\Users\Utilizador
2014-04-06 23:47 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-06 23:47 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-06 23:45 - 2014-04-06 23:45 - 00000926 _____ () C:\Users\Utilizador\ComboFix - Atalho.lnk
2014-04-06 23:44 - 2014-04-05 20:46 - 00000000 ___RD () C:\Users\Utilizador\Documents\Dropbox
2014-04-06 23:44 - 2012-07-14 21:56 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Dropbox
2014-04-06 23:42 - 2014-04-06 23:42 - 00000056 _____ () C:\Windows\setupact.log
2014-04-06 23:42 - 2014-04-06 23:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-06 23:42 - 2013-04-05 23:50 - 00016384 _____ () C:\Windows\system32\Ikeext.etl
2014-04-06 23:42 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-06 23:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-04-06 23:39 - 2014-04-06 23:39 - 00030219 _____ () C:\Users\Utilizador\Desktop\FRST1.txt
2014-04-06 23:38 - 2014-04-06 23:38 - 00025674 _____ () C:\Users\Utilizador\Desktop\Addition1.txt
2014-04-06 23:37 - 2014-04-06 23:36 - 00025674 _____ () C:\Users\Utilizador\Downloads\Addition.txt
2014-04-06 23:35 - 2013-12-23 00:20 - 00000000 ____D () C:\Users\Utilizador\Desktop\Anti
2014-04-06 23:31 - 2014-04-06 23:30 - 02157056 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64.exe
2014-04-06 23:21 - 2014-04-05 23:18 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\ZHP
2014-04-06 23:20 - 2014-04-06 23:20 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R2]4.txt
2014-04-06 23:19 - 2014-04-06 23:21 - 00001171 _____ () C:\Users\Utilizador\Desktop\ZHPFixReport.txt
2014-04-06 19:01 - 2014-04-06 19:01 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag3.txt
2014-04-06 15:35 - 2014-04-06 15:35 - 00242059 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.txt
2014-04-06 15:34 - 2014-04-06 15:34 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-04-06 15:11 - 2014-04-06 15:11 - 00027390 _____ () C:\Users\Utilizador\Desktop\ZHPDiag2.txt
2014-04-06 14:52 - 2014-04-06 14:52 - 00003168 _____ () C:\Windows\System32\Tasks\{090D53FE-5DFE-4B01-8D01-B349B0F40E93}
2014-04-06 14:52 - 2014-04-05 23:18 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-04-06 14:51 - 2014-04-05 23:18 - 00001991 _____ () C:\Users\Utilizador\Desktop\ZHPFix.lnk
2014-04-06 14:51 - 2014-04-05 23:18 - 00001864 _____ () C:\Users\Utilizador\Desktop\ZHPDiag.lnk
2014-04-06 10:46 - 2014-04-06 10:46 - 00003196 _____ () C:\Windows\System32\Tasks\{4484B57A-3C80-43CF-A90B-B640234BD1A5}
2014-04-06 10:35 - 2014-04-06 10:35 - 00003180 _____ () C:\Users\Utilizador\Desktop\ZHPFix[R1]1.txt
2014-04-06 10:23 - 2014-01-13 14:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-05 23:32 - 2014-04-05 23:32 - 00030577 _____ () C:\Users\Utilizador\Desktop\ZHPDiag1.txt
2014-04-05 23:17 - 2014-04-05 23:17 - 06863616 _____ (Nicolas Coolman ) C:\Users\Utilizador\Downloads\ZHPDiag2.exe
2014-04-05 23:16 - 2014-04-05 23:16 - 00018697 _____ () C:\Users\Utilizador\Desktop\zoek-results.txt
2014-04-05 23:16 - 2014-04-05 23:16 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT1.txt
2014-04-05 23:14 - 2014-04-05 23:14 - 00002074 _____ () C:\Users\Utilizador\Desktop\JRT.txt
2014-04-05 23:00 - 2014-04-05 23:00 - 00000000 ____D () C:\Windows\ERUNT
2014-04-05 22:58 - 2014-04-05 22:58 - 01038974 _____ (Thisisu) C:\Users\Utilizador\Downloads\JRT.exe
2014-04-05 22:46 - 2014-04-05 22:15 - 00018697 _____ () C:\zoek-results.log
2014-04-05 22:33 - 2014-04-05 22:13 - 00000000 ____D () C:\zoek_backup
2014-04-05 22:13 - 2014-04-05 22:43 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-05 22:13 - 2014-04-05 22:12 - 01285120 _____ () C:\Users\Utilizador\Desktop\zoek.exe
2014-04-05 21:37 - 2014-04-05 21:37 - 00020920 _____ () C:\ComboFix.txt
2014-04-05 21:37 - 2013-04-22 00:14 - 00000000 ____D () C:\Qoobox
2014-04-05 21:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-05 21:14 - 2014-04-05 21:13 - 05193579 ____R (Swearware) C:\Users\Utilizador\Desktop\ComboFix.exe
2014-04-05 21:11 - 2013-04-21 01:13 - 00000000 ____D () C:\Users\Utilizador\Downloads\backups
2014-04-05 21:05 - 2014-02-13 13:44 - 00006651 _____ () C:\Users\Utilizador\Downloads\hijackthis.log
2014-04-05 20:46 - 2014-04-05 20:46 - 00001006 _____ () C:\Users\Utilizador\Desktop\Dropbox.lnk
2014-04-05 20:46 - 2014-04-05 20:43 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\DropboxMaster
2014-04-05 20:45 - 2012-06-21 10:51 - 00000000 ___RD () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 20:43 - 2014-04-05 20:42 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-05 20:23 - 2014-01-29 11:36 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-04-05 20:18 - 2014-01-13 14:00 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-04-05 20:17 - 2014-04-05 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-05 20:17 - 2014-01-29 11:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-05 20:17 - 2014-01-13 14:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-05 20:17 - 2014-01-13 13:59 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-05 20:17 - 2014-01-13 13:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-05 20:16 - 2014-04-05 20:16 - 00445304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-04-05 01:10 - 2014-01-29 11:36 - 00002032 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-04-05 00:45 - 2012-07-03 10:50 - 00000000 ____D () C:\Program Files (x86)\HP
2014-04-05 00:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 00:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-04-05 00:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-05 00:28 - 2012-08-16 12:56 - 00000000 ____D () C:\Users\Guest
2014-04-05 00:15 - 2012-07-03 10:47 - 00008526 _____ () C:\ProgramData\hpzinstall.log
2014-04-04 12:36 - 2013-08-26 21:57 - 00000000 ____D () C:\AdwCleaner
2014-04-04 12:17 - 2013-12-23 00:23 - 00000000 ____D () C:\Users\Utilizador\Imagens
2014-04-03 23:33 - 2012-07-03 10:47 - 00000000 ____D () C:\ProgramData\HP
2014-04-02 23:26 - 2014-04-02 23:26 - 00014479 _____ () C:\Users\Utilizador\Reclamação.htm
2014-04-02 23:26 - 2014-04-02 23:26 - 00000000 ____D () C:\Users\Utilizador\Reclamação_files
2014-04-02 02:04 - 2013-02-26 09:23 - 00000000 ____D () C:\Program Files (x86)\ZON NET MOBILE
2014-03-31 19:52 - 2012-06-21 11:22 - 00721734 _____ () C:\Windows\system32\prfh0816.dat
2014-03-31 19:52 - 2012-06-21 11:22 - 00152656 _____ () C:\Windows\system32\prfc0816.dat
2014-03-31 19:52 - 2009-07-14 06:13 - 01656832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 02:53 - 2013-01-25 11:01 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Skype
2014-03-30 01:12 - 2014-03-30 01:12 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Mozilla
2014-03-30 01:12 - 2012-06-30 09:37 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Google
2014-03-30 01:09 - 2014-03-30 01:08 - 00847856 _____ (Google Inc.) C:\Users\Utilizador\Desktop\GoogleVoiceAndVideoSetup.exe
2014-03-27 23:24 - 2014-03-27 23:18 - 00165888 _____ () C:\Users\Utilizador\Desktop\Melhores-taxas-de-juro-de-depósitos-a-prazo-Total41.xls
2014-03-23 23:44 - 2014-03-23 23:23 - 00013810 _____ () C:\Users\Utilizador\GESTÃO DO SKODA 2014.xlsx
2014-03-19 23:36 - 2014-03-17 11:27 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\uTorrent
2014-03-19 10:52 - 2013-08-04 03:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 10:47 - 2012-06-21 13:25 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 19:32 - 2013-12-21 00:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 19:32 - 2013-12-21 00:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 19:06 - 2014-03-18 19:06 - 00002122 _____ () C:\Users\Public\Desktop\Video Search.lnk
2014-03-18 19:06 - 2014-03-18 19:06 - 00001190 _____ () C:\Users\Public\Desktop\aTube Catcher.lnk
2014-03-18 19:05 - 2014-03-18 19:05 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-03-18 19:03 - 2014-03-18 19:02 - 11928264 _____ (DsNET Corp) C:\Users\Utilizador\aTubeCatcher.exe
2014-03-18 09:13 - 2014-03-17 10:09 - 00001077 _____ () C:\Users\Public\Desktop\FLV Media Player.lnk
2014-03-18 09:13 - 2014-03-17 10:09 - 00000000 ____D () C:\Program Files (x86)\FLV Media Player
2014-03-18 09:04 - 2012-06-21 17:52 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Windows Live
2014-03-18 01:07 - 2014-03-18 00:47 - 1464738954 _____ () C:\Users\Utilizador\Downloads\Baise-Moi.mkv
2014-03-17 21:22 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-17 21:22 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU(84).TXT
2014-03-17 13:58 - 2014-03-17 13:23 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-03-17 13:24 - 2014-03-17 13:24 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-03-17 13:24 - 2014-03-17 13:24 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\SlimWare Utilities Inc
2014-03-17 13:23 - 2014-03-17 13:23 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-17 11:36 - 2014-03-17 11:30 - 00000000 ____D () C:\Users\Utilizador\Downloads\We Are Explorers - 3D Printed Video
2014-03-17 11:29 - 2014-03-17 11:29 - 00000818 _____ () C:\Users\Utilizador\Desktop\µTorrent.lnk
2014-03-17 11:29 - 2014-03-17 11:29 - 00000798 _____ () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-03-17 11:25 - 2014-03-17 11:24 - 01852496 _____ (BitTorrent Inc.) C:\Users\Utilizador\Desktop\uTorrent-2-.exe
2014-03-17 10:01 - 2014-03-17 10:01 - 04953944 _____ (FLVMPlayer ) C:\Users\Utilizador\Desktop\FLVMPlayer.exe
2014-03-17 09:57 - 2014-03-17 09:56 - 00299280 _____ (Appsinstaller) C:\Users\Utilizador\FLV_Media_Player.exe
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-03-16 11:29 - 2013-09-14 02:16 - 00010266 _____ () C:\Windows\SysWOW64\Drivers\ndisrd.cat
2014-03-16 11:29 - 2013-09-14 02:16 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
2014-03-15 19:07 - 2014-02-17 23:23 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 01:01 - 2014-03-15 01:01 - 01950720 _____ () C:\Users\Utilizador\adwcleaner.exe
2014-03-13 23:30 - 2014-03-13 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\PFStaticIP
2014-03-13 23:21 - 2014-03-13 23:21 - 00000000 ____D () C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-03-13 12:16 - 2014-03-13 02:06 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\MetaGeek,_LLC
2014-03-13 02:06 - 2014-03-13 02:06 - 00000037 ___SH () C:\Users\Utilizador\AppData\Local\70149b02515b3bb20dd492.47983420
2014-03-13 02:06 - 2014-03-13 02:06 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\IsolatedStorage
2014-03-12 10:25 - 2012-06-21 16:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 10:25 - 2012-06-21 16:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 10:00 - 2012-06-21 16:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 12:26 - 2014-03-11 12:26 - 00000000 ____D () C:\Users\Utilizador\AppData\Local\Skype
2014-03-11 12:26 - 2013-01-25 11:00 - 00000000 ____D () C:\ProgramData\Skype
2014-03-11 12:25 - 2013-03-10 18:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 01:51 - 2014-03-09 01:50 - 00118149 _____ () C:\Users\Utilizador\Downloads\wmpChrome (3).crx
Files to move or delete:
====================
C:\Users\Utilizador\adwcleaner.exe
C:\Users\Utilizador\aTubeCatcher.exe
C:\Users\Utilizador\chromeinstall-7u51.exe
C:\Users\Utilizador\FLV_Media_Player.exe
C:\Users\Utilizador\MicrosoftFixit.wu.LB.27306334611135907.1.1.Run.exe
Some content of TEMP:
====================
C:\Users\Utilizador\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvnkf6m.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-30 01:01
==================== End Of Log ============================
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
(RESOLVIDO) Remover plugin do Banco do Brasil
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Utilizador at 2014-04-07 00:01:57
Running from C:\Users\Utilizador\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30660 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version: - Microsoft)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version: - Microsoft)
Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version: - Microsoft)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.6610 - DsNET Corp)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CPUID CPU-Z 1.61 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FLV Media Player version 1.3 (HKLM-x32\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.2.1 - Kobo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Antimalware Service PT-PT Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client PT-PT Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
RegHunter (HKLM\...\{F94A63D7-9A61-403B-8F6F-90B1BF77211A}) (Version: 1.3.3.1613 - Enigma Software Group USA, LLC)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{72AAF455-1E54-475B-B0AB-5413C78D0E63}) (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Suporte para Aplicações Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{6A112399-633E-4C18-B796-0F175DC2F2F2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Viber (HKCU\...\Viber) (Version: 3.0.0.133634 - Viber Media Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
ZON NET MOBILE (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
==================== Restore Points =========================
22-03-2014 23:53:55 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
25-03-2014 20:48:42 Windows Update
31-03-2014 02:24:08 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
02-04-2014 10:02:54 Windows Update
04-04-2014 23:20:52 Operação de Restauro
04-04-2014 23:30:12 avast! antivirus system restore point
04-04-2014 23:35:21 Operação de Restauro
04-04-2014 23:36:21 Device Driver Package Install: Avast Network Service
05-04-2014 00:03:23 avast! antivirus system restore point
05-04-2014 00:07:48 Windows Update
05-04-2014 19:14:50 avast! antivirus system restore point
05-04-2014 19:19:45 Device Driver Package Install: Avast Network Service
05-04-2014 21:15:59 zoek.exe restore point
06-04-2014 09:32:32 ZHPFix Restore System Point
06-04-2014 22:18:14 ZHPFix Restore System Point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-04-05 22:17 - 00000840 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2DEE7B10-06EC-4B88-A1BB-3FB902F4BAD3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software)
Task: {4533E05D-C03B-4CD1-B15F-C6DBDBDE71FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {588F13FD-46F7-4A2E-A03E-8FA8E56652E9} - \BackgroundContainer Startup Task No Task File
Task: {970538B7-1B2C-42B8-B229-1E272D3181AD} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2013-08-13] (Enigma Software Group USA, LLC.)
==================== Loaded Modules (whitelisted) =============
2014-04-06 10:26 - 2014-04-06 10:26 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-13 13:59 - 2014-01-13 13:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-06 23:44 - 2014-04-06 23:44 - 00041984 _____ () C:\Users\Utilizador\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvnkf6m.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows\System32:4EC39D70_Bb.gbp
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: uTorrent => "C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
==================== Faulty Device Manager Devices =============
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Controlador de armazenamento em massa
Description: Controlador de armazenamento em massa
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet Professional P 1102w
Description: HP LaserJet Professional P 1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/06/2014 11:51:21 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: O firmware da plataforma danificou memória durante a transição anterior de energia do sistema. Verifique se existe firmware actualizado para o sistema.
Error: (04/06/2014 10:27:12 AM) (Source: Service Control Manager) (User: )
Description: O serviço HP Network Devices Support desligou-se ao iniciar.
Error: (04/06/2014 00:37:38 AM) (Source: Service Control Manager) (User: )
Description: O serviço Windows Time terminou com o seguinte erro:
%%1115
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-07-04 10:02:44.102
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-04 10:02:44.024
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-04 10:02:43.930
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-04 10:02:43.852
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.964
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.652
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-04-28 22:45:16.567
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-04-28 22:45:16.489
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 94%
Total physical RAM: 1022.05 MB
Available physical RAM: 58.99 MB
Total Pagefile: 2046.05 MB
Available Pagefile: 309.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:247.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 298 GB) (Disk ID: A289A289)
Partition: GPT Partition Type.
==================== End Of Log ============================
Ran by Utilizador at 2014-04-07 00:01:57
Running from C:\Users\Utilizador\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30660 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version: - Microsoft)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version: - Microsoft)
Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version: - Microsoft)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.6610 - DsNET Corp)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
CPUID CPU-Z 1.61 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FLV Media Player version 1.3 (HKLM-x32\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.2.1 - Kobo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Antimalware Service PT-PT Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Portugal)) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Portugal)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client PT-PT Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
RegHunter (HKLM\...\{F94A63D7-9A61-403B-8F6F-90B1BF77211A}) (Version: 1.3.3.1613 - Enigma Software Group USA, LLC)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpyHunter (HKLM\...\{72AAF455-1E54-475B-B0AB-5413C78D0E63}) (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Suporte para Aplicações Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{6A112399-633E-4C18-B796-0F175DC2F2F2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
Viber (HKCU\...\Viber) (Version: 3.0.0.133634 - Viber Media Inc)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
ZON NET MOBILE (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
==================== Restore Points =========================
22-03-2014 23:53:55 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
25-03-2014 20:48:42 Windows Update
31-03-2014 02:24:08 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
02-04-2014 10:02:54 Windows Update
04-04-2014 23:20:52 Operação de Restauro
04-04-2014 23:30:12 avast! antivirus system restore point
04-04-2014 23:35:21 Operação de Restauro
04-04-2014 23:36:21 Device Driver Package Install: Avast Network Service
05-04-2014 00:03:23 avast! antivirus system restore point
05-04-2014 00:07:48 Windows Update
05-04-2014 19:14:50 avast! antivirus system restore point
05-04-2014 19:19:45 Device Driver Package Install: Avast Network Service
05-04-2014 21:15:59 zoek.exe restore point
06-04-2014 09:32:32 ZHPFix Restore System Point
06-04-2014 22:18:14 ZHPFix Restore System Point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-04-05 22:17 - 00000840 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {2DEE7B10-06EC-4B88-A1BB-3FB902F4BAD3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software)
Task: {4533E05D-C03B-4CD1-B15F-C6DBDBDE71FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {588F13FD-46F7-4A2E-A03E-8FA8E56652E9} - \BackgroundContainer Startup Task No Task File
Task: {970538B7-1B2C-42B8-B229-1E272D3181AD} - System32\Tasks\RegHunterStartup => C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe [2013-08-13] (Enigma Software Group USA, LLC.)
==================== Loaded Modules (whitelisted) =============
2014-04-06 10:26 - 2014-04-06 10:26 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-13 13:59 - 2014-01-13 13:59 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-06 23:44 - 2014-04-06 23:44 - 00041984 _____ () C:\Users\Utilizador\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvnkf6m.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Utilizador\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 19:07 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows\System32:4EC39D70_Bb.gbp
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: uTorrent => "C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
==================== Faulty Device Manager Devices =============
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Controlador de armazenamento em massa
Description: Controlador de armazenamento em massa
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HP LaserJet Professional P 1102w
Description: HP LaserJet Professional P 1102w
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/06/2014 11:51:21 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: O firmware da plataforma danificou memória durante a transição anterior de energia do sistema. Verifique se existe firmware actualizado para o sistema.
Error: (04/06/2014 10:27:12 AM) (Source: Service Control Manager) (User: )
Description: O serviço HP Network Devices Support desligou-se ao iniciar.
Error: (04/06/2014 00:37:38 AM) (Source: Service Control Manager) (User: )
Description: O serviço Windows Time terminou com o seguinte erro:
%%1115
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-07-04 10:02:44.102
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-04 10:02:44.024
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-04 10:02:43.930
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-07-04 10:02:43.852
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.964
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.730
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-06-18 23:41:15.652
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-04-28 22:45:16.567
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-04-28 22:45:16.489
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 94%
Total physical RAM: 1022.05 MB
Available physical RAM: 58.99 MB
Total Pagefile: 2046.05 MB
Available Pagefile: 309.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:247.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 298 GB) (Disk ID: A289A289)
Partition: GPT Partition Type.
==================== End Of Log ============================
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no mesmo lugar onde você deixou o FRST (Farbar) que é este local abaixo:
C:\Users\Utilizador\Downloads
Execute o FRST. Clique no botão Fix.
Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.
C:\Users\Utilizador\Downloads
Execute o FRST. Clique no botão Fix.
Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.
Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover plugin do Banco do Brasil
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Utilizador at 2014-04-07 01:16:53 Run:1
Running from C:\Users\Utilizador\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-03-16 11:29 - 2013-09-14 02:16 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Task: {588F13FD-46F7-4A2E-A03E-8FA8E56652E9} - \BackgroundContainer Startup Task No Task File
end
*****************
[804] C:\Program Files (x86)\GbPlugin\gbpsv.exe => Process closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000} => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => Key deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
GbpSv => Service stopped successfully.
GbpSv => Service deleted successfully.
GbpKm => Service deleted successfully.
C:\ProgramData\GbPlugin => Moved successfully.
C:\Program Files (x86)\GbPlugin => Moved successfully.
C:\Windows\SysWOW64\Drivers\gas.cer => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{588F13FD-46F7-4A2E-A03E-8FA8E56652E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{588F13FD-46F7-4A2E-A03E-8FA8E56652E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key not found.
==== End of Fixlog ====
Ran by Utilizador at 2014-04-07 01:16:53 Run:1
Running from C:\Users\Utilizador\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
BHO-x32: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1582632 2014-02-21] (Banco do Brasil)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720 2014-02-21] (GAS Tecnologia)
S0 GbpKm; C:\Windows\SysWOW64\drivers\GbpKm.sys [49536 2013-05-08] (GAS Tecnologia)
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-03-17 08:54 - 2013-09-14 02:15 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-03-16 11:29 - 2013-09-14 02:16 - 00001402 _____ () C:\Windows\SysWOW64\Drivers\gas.cer
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Task: {588F13FD-46F7-4A2E-A03E-8FA8E56652E9} - \BackgroundContainer Startup Task No Task File
end
*****************
[804] C:\Program Files (x86)\GbPlugin\gbpsv.exe => Process closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C41A1C0E-EA6C-11D4-B1B8-444553540000} => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{E37CB5F0-51F5-4395-A808-5FA49E399F83} => Key deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
GbpSv => Service stopped successfully.
GbpSv => Service deleted successfully.
GbpKm => Service deleted successfully.
C:\ProgramData\GbPlugin => Moved successfully.
C:\Program Files (x86)\GbPlugin => Moved successfully.
C:\Windows\SysWOW64\Drivers\gas.cer => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{588F13FD-46F7-4A2E-A03E-8FA8E56652E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{588F13FD-46F7-4A2E-A03E-8FA8E56652E9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key not found.
==== End of Fixlog ====
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
Como está o PC após este procedimento? O plugin ainda aparece?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover plugin do Banco do Brasil
Power Max por agora você resolveu o meu problema.Muito obrigado.
No relatório dos erros no registro do ccleaner apareceu como erro este relatório e eu nem arrisquei corrigir receando que isso ponha repor o plugin. Que me diz? Faço a correcção?
Erro no ActiveX/COM Gbieh.GbIehObj - {C41A1C0E-EA6C-11D4-B1B8-444553540000} HKCR\Gbieh.GbIehObj
Erro no ActiveX/COM Gbieh.GbIehObj.1 - {C41A1C0E-EA6C-11D4-B1B8-444553540000} HKCR\Gbieh.GbIehObj.1
Erro no ActiveX/COM Gbieh.GbPluginObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} HKCR\Gbieh.GbPluginObj
Erro no ActiveX/COM Gbieh.GbPluginObj.1 - {E37CB5F0-51F5-4395-A808-5FA49E399F83} HKCR\Gbieh.GbPluginObj.1
Erro no ActiveX/COM InProcServer32\C:\Program Files (x86)\GbPlugin\gbieh.dll HKCR\CLSID\{98C11555-BC81-40aa-A053-DAADC5630000}
Chave de Software obsoleta ZebHelpProcess Helper HKCU\Software\ZebHelpProcess Helper
Referência MUI em falta C:\Users\Utilizador\Desktop\MicrosoftFixit.wu.LB.27306334611135907.1.1.Run.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Referência MUI em falta C:\Users\Utilizador\Desktop\chromeinstall-7u51.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Referência MUI em falta C:\Users\Utilizador\Desktop\FLV_Media_Player.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Referência MUI em falta C:\Users\Utilizador\Desktop\adwcleaner.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
No relatório dos erros no registro do ccleaner apareceu como erro este relatório e eu nem arrisquei corrigir receando que isso ponha repor o plugin. Que me diz? Faço a correcção?
Erro no ActiveX/COM Gbieh.GbIehObj - {C41A1C0E-EA6C-11D4-B1B8-444553540000} HKCR\Gbieh.GbIehObj
Erro no ActiveX/COM Gbieh.GbIehObj.1 - {C41A1C0E-EA6C-11D4-B1B8-444553540000} HKCR\Gbieh.GbIehObj.1
Erro no ActiveX/COM Gbieh.GbPluginObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} HKCR\Gbieh.GbPluginObj
Erro no ActiveX/COM Gbieh.GbPluginObj.1 - {E37CB5F0-51F5-4395-A808-5FA49E399F83} HKCR\Gbieh.GbPluginObj.1
Erro no ActiveX/COM InProcServer32\C:\Program Files (x86)\GbPlugin\gbieh.dll HKCR\CLSID\{98C11555-BC81-40aa-A053-DAADC5630000}
Chave de Software obsoleta ZebHelpProcess Helper HKCU\Software\ZebHelpProcess Helper
Referência MUI em falta C:\Users\Utilizador\Desktop\MicrosoftFixit.wu.LB.27306334611135907.1.1.Run.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Referência MUI em falta C:\Users\Utilizador\Desktop\chromeinstall-7u51.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Referência MUI em falta C:\Users\Utilizador\Desktop\FLV_Media_Player.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Referência MUI em falta C:\Users\Utilizador\Desktop\adwcleaner.exe HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
Este tutorial abaixo mostra como fazer a limpeza com o Ccleaner corretamente:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aproveite e faça também uma limpeza com o PureRa:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Depois nos diga o resultado.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aproveite e faça também uma limpeza com o PureRa:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Depois nos diga o resultado.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Remover plugin do Banco do Brasil
Power Max boa noite!
OBRIGADÂO pelo tanto que me deu.Me ajudou muito. Seu trabalho foi árduo demais. Tenho uma grande dívida.
OBRIGADÂO pelo tanto que me deu.Me ajudou muito. Seu trabalho foi árduo demais. Tenho uma grande dívida.
JoseCarlos- Membro
- Mensagens : 163
Reputação : 0
Data de inscrição : 05/04/2014
Re: Remover plugin do Banco do Brasil
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes
» Remoção3 plugin do banco do Brasil e alguns pup maliciosos
» Remoção do plugin do Banco do Brasil e alguns PUPs maliciosos
» Plugin galeria de vídeo wordpress
» Entrando no Fórum PC Brasil
» Amando Fórum PC Brasil
» Remoção do plugin do Banco do Brasil e alguns PUPs maliciosos
» Plugin galeria de vídeo wordpress
» Entrando no Fórum PC Brasil
» Amando Fórum PC Brasil
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|