Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 16 usuários online :: 0 registrados, 0 invisíveis e 16 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Remoção de Rootkit..
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Remoção de Rootkit..
por SoldierThe00002 Ter 29 Jul 2014, 14:55
Boa tarde pessoal
Ultimamente estava fazendo a varredura do meu notebook, meu antivírus paro no 99% e estava verificando o seguinte item da varredura ROOTKIT, apos isso fiz pesquisas no google mas não encontrei como remove-lo, olhei esse forum e vi um tópico parecido com meu problema, fiz oque indicaram pra ele, baixei um Malwarebytes Anti-Malware, so nao sei se foi o certo pois meu windows é o 8.1, mesmo assim esse programa detectou um monte de Malware menos esse Rootkit, Coloquei-os todos em quarentena, e depois exclui-los, Passei de novo a varredura, e não encontrou mais nada.
Mas ai quando vou fazer a varredura no Mcafee ele continua parando no 99%, com o item de RootKit.
OBS: meu antivírus é original
OBS: o topico dito acima que eu vi é : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Gostaria de saber como posso remover ele
Agradeço desde já.
Muito Obrigado
Ultimamente estava fazendo a varredura do meu notebook, meu antivírus paro no 99% e estava verificando o seguinte item da varredura ROOTKIT, apos isso fiz pesquisas no google mas não encontrei como remove-lo, olhei esse forum e vi um tópico parecido com meu problema, fiz oque indicaram pra ele, baixei um Malwarebytes Anti-Malware, so nao sei se foi o certo pois meu windows é o 8.1, mesmo assim esse programa detectou um monte de Malware menos esse Rootkit, Coloquei-os todos em quarentena, e depois exclui-los, Passei de novo a varredura, e não encontrou mais nada.
Mas ai quando vou fazer a varredura no Mcafee ele continua parando no 99%, com o item de RootKit.
OBS: meu antivírus é original
OBS: o topico dito acima que eu vi é : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Gostaria de saber como posso remover ele
Agradeço desde já.
Muito Obrigado
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Ter 29 Jul 2014, 15:23
Olá. Poste o relatório do Malwarebytes para que possamos analisar.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Ter 29 Jul 2014, 19:11
Olá, desculpe a demora, Muito obrigado pela ajuda.
desculpa por ter ficado Grande, eu fiz três varreduras, mas a primeira varredura é muito grande nao cabe no post, terei que dividi-lo e manda-lo em 2 post
As três primeiras varreduras que eu fiz foram essas:
1º
Scan Date: 28/07/2014
Scan Time: 13:58:22
Logfile: Malwarebytes.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.28.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alfeu
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340471
Time Elapsed: 34 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1484, Delete-on-Reboot, [0fd5e0c4e99243f3cb7eb3ac0df416ea]
Modules: 1
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
Registry Keys: 49
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, Quarantined, [0fd5e0c4e99243f3cb7eb3ac0df416ea],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [31b3970d423968ce3419296cd72a0ff1],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [c024b5ef04774aec42b33b5b5da57c84],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [c024b5ef04774aec42b33b5b5da57c84],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [5292dec680fb89add1f51b4617ebb64a],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [5292dec680fb89add1f51b4617ebb64a],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [4b990a9abbc085b11dbb2438bb47f50b],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [6381d4d0cead78be8356dd7f4cb6dd23],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [6381d4d0cead78be8356dd7f4cb6dd23],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a242c4e02457d75fe79ce2816f9352ae],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [25bf7331bebd0d297dd46ea9768e0ff1],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, Quarantined, [ffe5a30187f438fedc2290854eb604fc],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [a93bc0e4067594a206bf8762a55de719],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [885c851fdaa136000f426aad659f8a76],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [7f653272daa1ac8a9f658b47ff031de3],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [ce16891b0675aa8ca09a8d3e40c2966a],
PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Quarantined, [ca1a069e6b10082e780930b9d1313cc4],
PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WEDLMNGR, Quarantined, [2aba52522952b086adccf6d47d854cb4],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [51930d970f6c87af3c7e5f6b08fad030],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [756fcada4536d26476866cb3eb19fa06],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [01e3baea5e1d1e187db009201ee64cb4],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [7371a5ff86f5b3839666ec034ab8f30d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [1fc5ecb8d4a70f27b9cf0beab84a44bc],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [dd07d4d02b5077bfb6ec52b9ec18b050],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [3ba94d57e49743f37c418d441ce6d22e],
PUP.Optional.Qone8, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [e6fe5b49e695cb6b490746d14bb938c8],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [697b554f126939fd1d84de06dd2513ed],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444904474}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444904474}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
Registry Values: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [7f653272daa1ac8a9f658b47ff031de3]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, Quarantined, [ce16891b0675aa8ca09a8d3e40c2966a]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, Quarantined, [dd07d4d02b5077bfb6ec52b9ec18b050]
Registry Data: 12
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\SupTab\SEARCH~1.DLL, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Replaced,[13d10f956f0cb086a2ab4a4b54add729]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\SupTab\SEARCH~2.DLL, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Replaced,[a73d5d47443738febe8f0c89ff0224dc]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\SupTab\SEARCH~1.DLL, Good: (), Bad: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Replaced,[70746c38a9d2dd59d70560678280a65a]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\SupTab\SEARCH~2.DLL, Good: (), Bad: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Replaced,[70746c38a9d2dd59d70560678280a65a]
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://start.qone8.com/?type=hp&ts=1395602316&from=adks&uid=3219913727_198313_12345688),Replaced,[21c3a004b4c76acc0893674614f0ac54]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[b72dc9db9ae1bc7a67cde7d07d87df21]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://start.qone8.com/?type=hp&ts=1395602316&from=adks&uid=3219913727_198313_12345688),Replaced,[8e56693b6813ff37d3c826870103768a]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[c420cadabebd8ea852e2a611bf4548b8]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MAC124200-C721-42E4-A675-AD76DDB605A6&SearchSource=55&CUI=&UM=5&UP=SP8A854E82-C8EC-4712-92B4-7102BF8EF315&SSPV=&SSPV=),Replaced,[2cb8e6bec2b93cfa066dcfddf70da759]
Hijack.StartPage, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://start.qone8.com/?type=hp&ts=1395602316&from=adks&uid=3219913727_198313_12345688),Replaced,[0dd7fda7f784fb3b306c2b822bd9e818]
Folders: 125
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Delete-on-Reboot, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Delete-on-Reboot, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\CT3310393, Quarantined, [578d376d8bf05fd7934e60497191a957],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Delete-on-Reboot, [f8ec00a4b1ca270fb66cd7d54ab81de3],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [f8ec00a4b1ca270fb66cd7d54ab81de3],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\de, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\en, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es_419, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-BE, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CA, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CH, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-LU, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it-CH, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ja, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pl, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_BR, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_PT, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ru, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\tr, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\vi, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_CN, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_TW, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_metadata, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\UI, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\UI\rep, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Managera.A, C:\Users\Alfeu\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [de06fca84635ed49cdd9d3eede249a66],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Users\Alfeu\AppData\Roaming\SupTab, Quarantined, [ca1a5a4adba01323cb1210b7b34fda26],
desculpa por ter ficado Grande, eu fiz três varreduras, mas a primeira varredura é muito grande nao cabe no post, terei que dividi-lo e manda-lo em 2 post
As três primeiras varreduras que eu fiz foram essas:
1º
Scan Date: 28/07/2014
Scan Time: 13:58:22
Logfile: Malwarebytes.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.28.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alfeu
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340471
Time Elapsed: 34 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1484, Delete-on-Reboot, [0fd5e0c4e99243f3cb7eb3ac0df416ea]
Modules: 1
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
Registry Keys: 49
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, Quarantined, [0fd5e0c4e99243f3cb7eb3ac0df416ea],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [31b3970d423968ce3419296cd72a0ff1],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [c024b5ef04774aec42b33b5b5da57c84],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [c024b5ef04774aec42b33b5b5da57c84],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [5292dec680fb89add1f51b4617ebb64a],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [5292dec680fb89add1f51b4617ebb64a],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3da753514c2f48ee111744523dc5669a],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [4b990a9abbc085b11dbb2438bb47f50b],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [6381d4d0cead78be8356dd7f4cb6dd23],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [6381d4d0cead78be8356dd7f4cb6dd23],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a242c4e02457d75fe79ce2816f9352ae],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [25bf7331bebd0d297dd46ea9768e0ff1],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, Quarantined, [ffe5a30187f438fedc2290854eb604fc],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [a93bc0e4067594a206bf8762a55de719],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [885c851fdaa136000f426aad659f8a76],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [7f653272daa1ac8a9f658b47ff031de3],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [ce16891b0675aa8ca09a8d3e40c2966a],
PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Quarantined, [ca1a069e6b10082e780930b9d1313cc4],
PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WEDLMNGR, Quarantined, [2aba52522952b086adccf6d47d854cb4],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, Quarantined, [51930d970f6c87af3c7e5f6b08fad030],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [756fcada4536d26476866cb3eb19fa06],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [01e3baea5e1d1e187db009201ee64cb4],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [7371a5ff86f5b3839666ec034ab8f30d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [1fc5ecb8d4a70f27b9cf0beab84a44bc],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [dd07d4d02b5077bfb6ec52b9ec18b050],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Quarantined, [3ba94d57e49743f37c418d441ce6d22e],
PUP.Optional.Qone8, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [e6fe5b49e695cb6b490746d14bb938c8],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [697b554f126939fd1d84de06dd2513ed],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444904474}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440444904474}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110411901174}, Quarantined, [8064b8eca4d74aeceb3c526bd43027d9],
Registry Values: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [7f653272daa1ac8a9f658b47ff031de3]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, Quarantined, [ce16891b0675aa8ca09a8d3e40c2966a]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, Quarantined, [dd07d4d02b5077bfb6ec52b9ec18b050]
Registry Data: 12
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\SupTab\SEARCH~1.DLL, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Replaced,[13d10f956f0cb086a2ab4a4b54add729]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\SupTab\SEARCH~2.DLL, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Replaced,[a73d5d47443738febe8f0c89ff0224dc]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll C:\PROGRA~2\SupTab\SEARCH~1.DLL, Good: (), Bad: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Replaced,[70746c38a9d2dd59d70560678280a65a]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\SupTab\SEARCH~2.DLL, Good: (), Bad: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Replaced,[70746c38a9d2dd59d70560678280a65a]
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://start.qone8.com/?type=hp&ts=1395602316&from=adks&uid=3219913727_198313_12345688),Replaced,[21c3a004b4c76acc0893674614f0ac54]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[b72dc9db9ae1bc7a67cde7d07d87df21]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://start.qone8.com/?type=hp&ts=1395602316&from=adks&uid=3219913727_198313_12345688),Replaced,[8e56693b6813ff37d3c826870103768a]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[c420cadabebd8ea852e2a611bf4548b8]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=MAC124200-C721-42E4-A675-AD76DDB605A6&SearchSource=55&CUI=&UM=5&UP=SP8A854E82-C8EC-4712-92B4-7102BF8EF315&SSPV=&SSPV=),Replaced,[2cb8e6bec2b93cfa066dcfddf70da759]
Hijack.StartPage, HKU\S-1-5-21-1917907808-739808921-3490598619-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://start.qone8.com/?type=hp&ts=1395602316&from=adks&uid=3219913727_198313_12345688),Replaced,[0dd7fda7f784fb3b306c2b822bd9e818]
Folders: 125
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Delete-on-Reboot, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Delete-on-Reboot, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\CT3310393, Quarantined, [578d376d8bf05fd7934e60497191a957],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Delete-on-Reboot, [f8ec00a4b1ca270fb66cd7d54ab81de3],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [f8ec00a4b1ca270fb66cd7d54ab81de3],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\de, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\en, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es_419, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-BE, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CA, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CH, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-LU, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it-CH, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ja, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pl, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_BR, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_PT, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ru, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\tr, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\vi, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_CN, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_TW, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_metadata, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\UI, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\UI\rep, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Managera.A, C:\Users\Alfeu\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [de06fca84635ed49cdd9d3eede249a66],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Users\Alfeu\AppData\Roaming\SupTab, Quarantined, [ca1a5a4adba01323cb1210b7b34fda26],
Última edição por SoldierThe00002 em Ter 29 Jul 2014, 19:16, editado 1 vez(es)
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Ter 29 Jul 2014, 19:13
Esta é a segunda parte da primeira varredura, é que cabeu no primeiro post
Files: 379
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Delete-on-Reboot, [0fd5e0c4e99243f3cb7eb3ac0df416ea],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Delete-on-Reboot, [13d10f956f0cb086a2ab4a4b54add729],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Quarantined, [687c5450fe7d51e59db07c19847d6f91],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Quarantined, [a73d5d47443738febe8f0c89ff0224dc],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantined, [31b3970d423968ce3419296cd72a0ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, C:\Users\Alfeu\AppData\Roaming\SupTab\SupTab.dll, Quarantined, [6e76bee6e09b3ff7f473a78ea55ba35d],
PUP.Optional.SearchProtect.A, C:\Windows\SysWOW64\uniiprct.exe, Quarantined, [40a45d470c6fc4726ca72a6003fef20e],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsc10A0.exe, Quarantined, [7470d2d2205b5fd75005df5338c922de],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsc15F3.tmp, Quarantined, [dc085f45710a54e2a1ac7124669b4eb2],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsc334.exe, Quarantined, [a242edb736453bfb89a0ec9fe31e9967],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsc7A4C.exe, Quarantined, [dc083371007bf73f3aef7318ac555ea2],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsc8453.exe, Quarantined, [eafa2e763a4180b617123952f809738d],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsc8B6B.tmp, Quarantined, [1bc9109494e71323222bd0c517ea01ff],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsd27E4.exe, Quarantined, [a53f9b097cff8fa7b99cbc769a67e020],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsd8C23.exe, Quarantined, [a73d52525427f4425bce32590ff2cd33],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsn6A94.exe, Quarantined, [a440c7dd44379a9c6cbdccbf996834cc],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nso1333.exe, Quarantined, [c0244c58ceada2949c8d52392bd6758b],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsq714.exe, Quarantined, [776d9212e398e65038f15833a65b3cc4],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nss13F3.tmp, Quarantined, [8c58bfe56714b383e5680f863bc67789],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nst1BB6.exe, Quarantined, [43a16a3a26552b0b87a21b70ac5543bd],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsv98A9.exe, Quarantined, [b82cb2f25328f14538f1bccfb74ac739],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsvC23.exe, Quarantined, [895b44600a71ae8884a57516e71a718f],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsw54EB.exe, Quarantined, [558f04a084f73ff778b1a0ebbf4247b9],
PUP.Optional.AdLyrics, C:\Users\Alfeu\AppData\Local\Temp\3de14ayx.l1k.exe, Quarantined, [18cc0e96ff7cd75f3e2f533bd0314cb4],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsx88B4.exe, Quarantined, [974dbbe96e0d270fdc4d04879170d62a],
PUP.Optional.OptimumInstaller.A, C:\Users\Alfeu\AppData\Local\Temp\Setup.exe, Quarantined, [6e7661439ae1dd591490421410f1fd03],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsh5C83.exe, Quarantined, [855fdaca611a47efb1787318fe035ba5],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsi78F8.exe, Quarantined, [fee6eaba314acb6bb37686053dc4d828],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsj3E12.exe, Quarantined, [e400158fee8df34365c44843837ee21e],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsjE494.exe, Quarantined, [8064a004aad1d95deb3ec7c47889718f],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsk4F7.exe, Quarantined, [17cd1e866318da5cc98c45ed33cecd33],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsn2515.exe, Quarantined, [459f366e502b013589ccbc760df4e21e],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\GPUpd53D4044D0.exe, Quarantined, [bd27356f89f2d066799ac4c62ad7ae52],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\GPUpd53D555D20.exe, Quarantined, [bc28baeac6b55dd95db6d3b79f627b85],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\GPUpd53D59CB10.exe, Quarantined, [edf72a7ae59668ce100394f6966b8878],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nseCB51.tmp, Quarantined, [07ddbfe5c7b4d264e766ccc903fec53b],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nseD948.exe, Quarantined, [7b691a8a126972c4a9809bf0f90806fa],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsf321B.exe, Quarantined, [9f456e3684f744f25acf7f0cf40d8d73],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsf906B.exe, Quarantined, [d50fffa55f1c6ec889a0ddaee21f3ac6],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsg6718.exe, Quarantined, [f3f1564ed5a6dc5a9c8d1774b849bc44],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsgDB7E.exe, Quarantined, [16ce54501c5f54e25fcac9c26e93e719],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsgE831.exe, Quarantined, [17cd495bef8c79bdc5649dee4db4bb45],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsgF21.exe, Quarantined, [e5ffeeb6a6d5a3932306c0cb2dd419e7],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsx925E.exe, Quarantined, [1dc7a6febac11f1796938ffc16eb2bd5],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsy246.exe, Quarantined, [f5ef485c1f5cf73f2e27d9593ec3a060],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsy401A.exe, Quarantined, [766ecadaaccf96a0e247a5e6df220000],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsy6B69.exe, Quarantined, [e5ff40641269c571ef3ae4a78180d32d],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\e33f6be1-c721-449f-a736-bb3f1d1b78f5\bs_AppServ.exe, Quarantined, [6a7a673db0cb7bbb1582b582ea163ac6],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\9f3051a2-6b21-45ae-ae55-8f013746ab64\bs_AppServ.exe, Quarantined, [e9fb9b09e299ce6810876bcccc34926e],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsb7140\SpSetup.exe, Quarantined, [d410ffa54b30270fbf863deaa45d2ed2],
PUP.Optional.SkyTech.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\alilog.dll, Quarantined, [4d972d774a31c3730b26e25077893ec2],
PUP.Optional.SkyTech.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\package1.zip, Quarantined, [1ec6059fe89312244be6f43e54ac3bc5],
PUP.Optional.V9.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\qSE.exe, Quarantined, [07dd356fe59667cfaf3074d4af5126da],
PUP.Optional.SupTab.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\tmp\SupTab.exe, Quarantined, [b72d61438dee7fb73e295adb15ebf709],
PUP.Optional.WpManager, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\tmp\wpm.exe, Quarantined, [05df7430512a191dbb104f1a19e836ca],
PUP.Optional.MySearchDial.A, C:\Users\Alfeu\AppData\Local\Temp\is3896765\mysearchdial.dll, Quarantined, [469e257f4536d75f925e8dcecc358f71],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsiAC9D\SpSetup.exe, Quarantined, [38acc6de3348e3532a230a8bfe034fb1],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsxB5BF.tmp\DynamicOffer1\sp-downloader.exe, Quarantined, [eafa099beb9064d2fb8661c422df9e62],
PUP.Optional.Wajam.A, C:\Users\Alfeu\AppData\Local\Temp\nsxB5BF.tmp\DynamicOffer2\wajam_download.exe, Quarantined, [6381287c5b207abc9f7395b2fe0225db],
PUP.Optional.Superfish.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [19cb2f75750674c22f4bd30a6999ec14],
PUP.Optional.Superfish.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [b2322a7a5d1ecc6a9fdb3f9e07fbbc44],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [f0f4bbe94635dd59797c10d7fd057b85],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.MySpeedDial.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, Quarantined, [5b89f8ac403b280e27c283a40ff5f40c],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Quarantined, [4e96c1e3aad10432d1c9d753996b39c7],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, Quarantined, [fee6c4e0641740f69dfd3cee51b38977],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\CT3310393\ddt.csf, Quarantined, [578d376d8bf05fd7934e60497191a957],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [f8ec00a4b1ca270fb66cd7d54ab81de3],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\background.html, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\index.html, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\jump.html, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\manifest.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\bookmarks.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img\searchButton.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\classification.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\del.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\main.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\selected.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloud.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloudApp.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloudWebsite.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\createWebsite.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\buttonBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\categoryBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\icons.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchButton.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchLeft.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\selected.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\tabsBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img\skin\headerBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\extensions.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\guide.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\lastVisited.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\notice.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\search.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\google-new-logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\searchicon.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\searchicon2.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\setup.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin\dialBoxStyle.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin\icons.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oBookmarks.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oDownloads.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oExtensions.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oHistory.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oNewtab.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\cloudWallpaper.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\skins.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\categoryBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\delete.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\download.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\icons.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\loading.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\weather.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\line.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\locationIcon.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\searchButton.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\weather.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\css\all.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\game.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_128.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_16.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_48.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\NEW.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\shopping.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\weather.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\webstore.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\default.jpg, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\iconsprite.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\idialog_s.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\ios5_button.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\left.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\loading.gif, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\loading2.gif, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\qBoxBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_bg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_bg0.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_left.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_left0.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_right.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_right0.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\right.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\selected.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\titleBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\all.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\background.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\ga.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\jq.mobi.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\jump.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\pop.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\redirect.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\xagainit.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\de\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\en\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es_419\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-BE\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CA\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CH\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-LU\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it-CH\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ja\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pl\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_BR\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_PT\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ru\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\tr\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\vi\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_CN\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_TW\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_metadata\verified_contents.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Managera.A, C:\Users\Alfeu\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [de06fca84635ed49cdd9d3eede249a66],
PUP.Optional.Managera.A, C:\Users\Alfeu\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [de06fca84635ed49cdd9d3eede249a66],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\27.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\1.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\10.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\11.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\12.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\13.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\14.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\15.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\16.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\17.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\18.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\19.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\2.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\20.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\21.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\22.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\23.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\24.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\25.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\26.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\28.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\29.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\3.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\30.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\31.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\32.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\33.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\34.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\35.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\36.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\37.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\38.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\39.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\4.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\40.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\41.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\42.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\43.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\44.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\45.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\46.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\47.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\5.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\6.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\7.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\8.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\9.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\background.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-base.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
Physical Sectors: 0
(No malicious items detected)
(end)
Files: 379
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Delete-on-Reboot, [0fd5e0c4e99243f3cb7eb3ac0df416ea],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Delete-on-Reboot, [13d10f956f0cb086a2ab4a4b54add729],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Quarantined, [687c5450fe7d51e59db07c19847d6f91],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Quarantined, [a73d5d47443738febe8f0c89ff0224dc],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Quarantined, [31b3970d423968ce3419296cd72a0ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Quarantined, [ca1a7a2a5229d85ee24fde8321e1ae52],
PUP.Optional.SupTab.A, C:\Users\Alfeu\AppData\Roaming\SupTab\SupTab.dll, Quarantined, [6e76bee6e09b3ff7f473a78ea55ba35d],
PUP.Optional.SearchProtect.A, C:\Windows\SysWOW64\uniiprct.exe, Quarantined, [40a45d470c6fc4726ca72a6003fef20e],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsc10A0.exe, Quarantined, [7470d2d2205b5fd75005df5338c922de],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsc15F3.tmp, Quarantined, [dc085f45710a54e2a1ac7124669b4eb2],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsc334.exe, Quarantined, [a242edb736453bfb89a0ec9fe31e9967],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsc7A4C.exe, Quarantined, [dc083371007bf73f3aef7318ac555ea2],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsc8453.exe, Quarantined, [eafa2e763a4180b617123952f809738d],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsc8B6B.tmp, Quarantined, [1bc9109494e71323222bd0c517ea01ff],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsd27E4.exe, Quarantined, [a53f9b097cff8fa7b99cbc769a67e020],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsd8C23.exe, Quarantined, [a73d52525427f4425bce32590ff2cd33],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsn6A94.exe, Quarantined, [a440c7dd44379a9c6cbdccbf996834cc],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nso1333.exe, Quarantined, [c0244c58ceada2949c8d52392bd6758b],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsq714.exe, Quarantined, [776d9212e398e65038f15833a65b3cc4],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nss13F3.tmp, Quarantined, [8c58bfe56714b383e5680f863bc67789],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nst1BB6.exe, Quarantined, [43a16a3a26552b0b87a21b70ac5543bd],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsv98A9.exe, Quarantined, [b82cb2f25328f14538f1bccfb74ac739],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsvC23.exe, Quarantined, [895b44600a71ae8884a57516e71a718f],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsw54EB.exe, Quarantined, [558f04a084f73ff778b1a0ebbf4247b9],
PUP.Optional.AdLyrics, C:\Users\Alfeu\AppData\Local\Temp\3de14ayx.l1k.exe, Quarantined, [18cc0e96ff7cd75f3e2f533bd0314cb4],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsx88B4.exe, Quarantined, [974dbbe96e0d270fdc4d04879170d62a],
PUP.Optional.OptimumInstaller.A, C:\Users\Alfeu\AppData\Local\Temp\Setup.exe, Quarantined, [6e7661439ae1dd591490421410f1fd03],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsh5C83.exe, Quarantined, [855fdaca611a47efb1787318fe035ba5],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsi78F8.exe, Quarantined, [fee6eaba314acb6bb37686053dc4d828],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsj3E12.exe, Quarantined, [e400158fee8df34365c44843837ee21e],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsjE494.exe, Quarantined, [8064a004aad1d95deb3ec7c47889718f],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsk4F7.exe, Quarantined, [17cd1e866318da5cc98c45ed33cecd33],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsn2515.exe, Quarantined, [459f366e502b013589ccbc760df4e21e],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\GPUpd53D4044D0.exe, Quarantined, [bd27356f89f2d066799ac4c62ad7ae52],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\GPUpd53D555D20.exe, Quarantined, [bc28baeac6b55dd95db6d3b79f627b85],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\GPUpd53D59CB10.exe, Quarantined, [edf72a7ae59668ce100394f6966b8878],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nseCB51.tmp, Quarantined, [07ddbfe5c7b4d264e766ccc903fec53b],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nseD948.exe, Quarantined, [7b691a8a126972c4a9809bf0f90806fa],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsf321B.exe, Quarantined, [9f456e3684f744f25acf7f0cf40d8d73],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsf906B.exe, Quarantined, [d50fffa55f1c6ec889a0ddaee21f3ac6],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsg6718.exe, Quarantined, [f3f1564ed5a6dc5a9c8d1774b849bc44],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsgDB7E.exe, Quarantined, [16ce54501c5f54e25fcac9c26e93e719],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsgE831.exe, Quarantined, [17cd495bef8c79bdc5649dee4db4bb45],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsgF21.exe, Quarantined, [e5ffeeb6a6d5a3932306c0cb2dd419e7],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsx925E.exe, Quarantined, [1dc7a6febac11f1796938ffc16eb2bd5],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsy246.exe, Quarantined, [f5ef485c1f5cf73f2e27d9593ec3a060],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsy401A.exe, Quarantined, [766ecadaaccf96a0e247a5e6df220000],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsy6B69.exe, Quarantined, [e5ff40641269c571ef3ae4a78180d32d],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\e33f6be1-c721-449f-a736-bb3f1d1b78f5\bs_AppServ.exe, Quarantined, [6a7a673db0cb7bbb1582b582ea163ac6],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\9f3051a2-6b21-45ae-ae55-8f013746ab64\bs_AppServ.exe, Quarantined, [e9fb9b09e299ce6810876bcccc34926e],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsb7140\SpSetup.exe, Quarantined, [d410ffa54b30270fbf863deaa45d2ed2],
PUP.Optional.SkyTech.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\alilog.dll, Quarantined, [4d972d774a31c3730b26e25077893ec2],
PUP.Optional.SkyTech.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\package1.zip, Quarantined, [1ec6059fe89312244be6f43e54ac3bc5],
PUP.Optional.V9.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\qSE.exe, Quarantined, [07dd356fe59667cfaf3074d4af5126da],
PUP.Optional.SupTab.A, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\tmp\SupTab.exe, Quarantined, [b72d61438dee7fb73e295adb15ebf709],
PUP.Optional.WpManager, C:\Users\Alfeu\AppData\Local\Temp\fullpackage_temp1395602301\tmp\wpm.exe, Quarantined, [05df7430512a191dbb104f1a19e836ca],
PUP.Optional.MySearchDial.A, C:\Users\Alfeu\AppData\Local\Temp\is3896765\mysearchdial.dll, Quarantined, [469e257f4536d75f925e8dcecc358f71],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Temp\nsiAC9D\SpSetup.exe, Quarantined, [38acc6de3348e3532a230a8bfe034fb1],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\nsxB5BF.tmp\DynamicOffer1\sp-downloader.exe, Quarantined, [eafa099beb9064d2fb8661c422df9e62],
PUP.Optional.Wajam.A, C:\Users\Alfeu\AppData\Local\Temp\nsxB5BF.tmp\DynamicOffer2\wajam_download.exe, Quarantined, [6381287c5b207abc9f7395b2fe0225db],
PUP.Optional.Superfish.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [19cb2f75750674c22f4bd30a6999ec14],
PUP.Optional.Superfish.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [b2322a7a5d1ecc6a9fdb3f9e07fbbc44],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [f0f4bbe94635dd59797c10d7fd057b85],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [4f95c0e4413acf678f285db8d92b30d0],
PUP.Optional.MySpeedDial.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, Quarantined, [5b89f8ac403b280e27c283a40ff5f40c],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Quarantined, [4e96c1e3aad10432d1c9d753996b39c7],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, Quarantined, [fee6c4e0641740f69dfd3cee51b38977],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Temp\CT3310393\ddt.csf, Quarantined, [578d376d8bf05fd7934e60497191a957],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [f8ec00a4b1ca270fb66cd7d54ab81de3],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\background.html, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\index.html, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\jump.html, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\manifest.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\bookmarks.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\bookmarks\img\searchButton.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\classification.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\del.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\main.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\classification\img\skin\selected.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloud.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloudApp.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\cloudWebsite.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\createWebsite.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\buttonBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\categoryBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\icons.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchButton.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\searchLeft.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\selected.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\cloud\img\skin\tabsBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\dialog\img\skin\headerBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\extensions.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\extensions\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\guide.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\guide\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\lastVisited.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\lastVisited\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\notice.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\notice\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\search.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\google-new-logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\searchicon.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\search\img\searchicon2.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\setup.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin\dialBoxStyle.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\setup\img\skin\icons.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oBookmarks.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oDownloads.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oExtensions.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oHistory.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\shortcuts\img\oNewtab.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\cloudWallpaper.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\skins.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\categoryBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\delete.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\download.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\icons.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\skins\img\skin\loading.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\weather.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\css\style.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\logo.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\line.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\locationIcon.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\searchButton.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\app\weather\img\skin\weather.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\css\all.css, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\game.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_128.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_16.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\icon_48.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\NEW.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\shopping.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\weather.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\webstore.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\default.jpg, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\iconsprite.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\idialog_s.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\ios5_button.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\left.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\loading.gif, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\loading2.gif, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\qBoxBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_bg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_bg0.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_left.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_left0.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_right.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\q_right0.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\right.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\selected.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\img\skin\titleBg.png, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\all.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\background.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\ga.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\jq.mobi.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\jump.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\pop.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\redirect.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\js\xagainit.js, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\de\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\en\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\es_419\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-BE\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CA\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-CH\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\fr-LU\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\it-CH\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ja\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pl\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_BR\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\pt_PT\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\ru\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\tr\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\vi\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_CN\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_locales\zh_TW\messages.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.QuickStart.A, C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\_metadata\verified_contents.json, Quarantined, [e9fb396b740748eeba045857af53a55b],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [27bd426253281224f64cf4cb818115eb],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Extutil.A, C:\Users\Alfeu\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [0dd7a10381fa9d99dacbfac751b1639d],
PUP.Optional.Managera.A, C:\Users\Alfeu\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [de06fca84635ed49cdd9d3eede249a66],
PUP.Optional.Managera.A, C:\Users\Alfeu\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [de06fca84635ed49cdd9d3eede249a66],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.Updater.A, C:\Users\Alfeu\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, Quarantined, [a0444361d2a94aecfb5bcdfa956d9967],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Delete-on-Reboot, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\27.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\1.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\10.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\11.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\12.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\13.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\14.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\15.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\16.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\17.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\18.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\19.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\2.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\20.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\21.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\22.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\23.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\24.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\25.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\26.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\28.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\29.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\3.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\30.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\31.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\32.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\33.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\34.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\35.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\36.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\37.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\38.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\39.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\4.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\40.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\41.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\42.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\43.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\44.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\45.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\46.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\47.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\5.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\6.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\7.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\8.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\9.png, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\background.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-base.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [70746c38a9d2dd59d70560678280a65a],
Physical Sectors: 0
(No malicious items detected)
(end)
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Ter 29 Jul 2014, 19:15
Esta é a segunda varredura que eu fiz no Malwarebytes
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 28/07/2014
Scan Time: 15:17:14
Logfile: Malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.28.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alfeu
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339594
Time Elapsed: 20 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1484, Delete-on-Reboot, [7272f4b0ceada492252465fa728f2dd3]
Modules: 1
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Replaced,[5f85337124572c0a0c41692cfb06c53b]
Folders: 3
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [13d1c6de63181c1a7e8a0f9c10f231cf],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Delete-on-Reboot, [25bfa5ff3249dc5a77ab6e3eb64c2dd3],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
Files: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Delete-on-Reboot, [7272f4b0ceada492252465fa728f2dd3],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Delete-on-Reboot, [5f85337124572c0a0c41692cfb06c53b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
Physical Sectors: 0
(No malicious items detected)
(end)
----------
Terceira varredura no Malwarebytes
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 28/07/2014
Scan Time: 15:47:25
Logfile: Malware bytes.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.28.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alfeu
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 526155
Time Elapsed: 3 hr, 10 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 4
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\IE\4HK089W3\SPSetup[2].exe, Quarantined, [4e530a96a0db4fe788c5d6bf778a37c9],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\IE\4HK089W3\spstub[1].exe, Quarantined, [465b0d933a412e08177b7a157d848a76],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\IE\7ZF7EM66\SPSetup[1].exe, Quarantined, [435e2c74f586290dc18ce2b35fa2817f],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Quarantined, [6041c5db5b2030065af3d3c252af4cb4],
Physical Sectors: 0
(No malicious items detected)
(end)
OBS: Apesar de na terceira varredura nao ter encontrado o Rootkit, o Mcafee continua parando em 99% aparecendo o item rootkit
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 28/07/2014
Scan Time: 15:17:14
Logfile: Malware.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.28.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alfeu
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339594
Time Elapsed: 20 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1484, Delete-on-Reboot, [7272f4b0ceada492252465fa728f2dd3]
Modules: 1
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Replaced,[5f85337124572c0a0c41692cfb06c53b]
Folders: 3
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [13d1c6de63181c1a7e8a0f9c10f231cf],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Delete-on-Reboot, [25bfa5ff3249dc5a77ab6e3eb64c2dd3],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
Files: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Delete-on-Reboot, [7272f4b0ceada492252465fa728f2dd3],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Delete-on-Reboot, [5f85337124572c0a0c41692cfb06c53b],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, Delete-on-Reboot, [a53f3d67314a9a9c8c505374f2104bb5],
Physical Sectors: 0
(No malicious items detected)
(end)
----------
Terceira varredura no Malwarebytes
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 28/07/2014
Scan Time: 15:47:25
Logfile: Malware bytes.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.28.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alfeu
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 526155
Time Elapsed: 3 hr, 10 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 4
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\IE\4HK089W3\SPSetup[2].exe, Quarantined, [4e530a96a0db4fe788c5d6bf778a37c9],
PUP.Optional.Conduit.A, C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\IE\4HK089W3\spstub[1].exe, Quarantined, [465b0d933a412e08177b7a157d848a76],
PUP.Optional.SearchProtect.A, C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\IE\7ZF7EM66\SPSetup[1].exe, Quarantined, [435e2c74f586290dc18ce2b35fa2817f],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\SPVCLdr64.dll, Quarantined, [6041c5db5b2030065af3d3c252af4cb4],
Physical Sectors: 0
(No malicious items detected)
(end)
OBS: Apesar de na terceira varredura nao ter encontrado o Rootkit, o Mcafee continua parando em 99% aparecendo o item rootkit
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Ter 29 Jul 2014, 19:19
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Ter 29 Jul 2014, 19:43
ai o log do Adwcleaner, muito obrigado
/ # AdwCleaner v3.301 - Relatório criado 29/07/2014 às 19:37:55
# Atualizado 28/07/2014 por Xplode
# Sistema Operacional : Windows 8.1 Pro (64 bits)
# Usuário : Suryan - XPS14Z
# Executando de : C:\Users\Suryan\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : CltMngSvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Program Files (x86)\GetPrivate
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Users\Suryan\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Suryan\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Suryan\AppData\Local\Webinternetsecurity
Pasta Deletada : C:\Users\Suryan\AppData\Local\Temp\Mega Browse
Pasta Deletada : C:\Users\Suryan\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Suryan\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Suryan\AppData\Roaming\GetPrivate
Arquivo Deletada : C:\Users\Suryan\daemonprocess.txt
***** [ Tarefas ] *****
***** [ Atalhos ] *****
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Suryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WebInternetSecurity]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17126
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v36.0.1985.125
[ Arquivo : C:\Users\Suryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deletedo [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [5763 octets] - [29/07/2014 19:35:17]
AdwCleaner[S0].txt - [4522 octets] - [29/07/2014 19:37:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4582 octets] ##########
/ # AdwCleaner v3.301 - Relatório criado 29/07/2014 às 19:37:55
# Atualizado 28/07/2014 por Xplode
# Sistema Operacional : Windows 8.1 Pro (64 bits)
# Usuário : Suryan - XPS14Z
# Executando de : C:\Users\Suryan\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : CltMngSvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Program Files (x86)\GetPrivate
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Users\Suryan\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Suryan\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Suryan\AppData\Local\Webinternetsecurity
Pasta Deletada : C:\Users\Suryan\AppData\Local\Temp\Mega Browse
Pasta Deletada : C:\Users\Suryan\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Suryan\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\Suryan\AppData\Roaming\GetPrivate
Arquivo Deletada : C:\Users\Suryan\daemonprocess.txt
***** [ Tarefas ] *****
***** [ Atalhos ] *****
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Suryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WebInternetSecurity]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17126
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v36.0.1985.125
[ Arquivo : C:\Users\Suryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deletedo [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [5763 octets] - [29/07/2014 19:35:17]
AdwCleaner[S0].txt - [4522 octets] - [29/07/2014 19:37:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4582 octets] ##########
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Qua 30 Jul 2014, 10:43
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Qua 30 Jul 2014, 15:59
Zoek.exe v5.0.0.0 Updated 29-07-2014
Tool run by Alfeu on 30/07/2014 at 15:22:14,25.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alfeu\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30/07/2014 15:25:17 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1917907808-739808921-3490598619-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9517348B-7985-41E4-826C-C3313D4B8899} deleted successfully
HKEY_USERS\S-1-5-21-1917907808-739808921-3490598619-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BBC98FB9-73AB-402C-9CAF-A437784D64C1} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Alfeu\.android deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\Users\Alfeu\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Alfeu\Searches deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\WINDOWS\tasks\Digital Sites.job deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted
C:\Users\Alfeu\IRPF2014win32v1.4 (1).exe deleted
C:\Users\Alfeu\IRPF2014win32v1.4.exe deleted
C:\Users\Alfeu\jre-7u55-windows-x64.exe deleted
C:\Users\Alfeu\Receitanet-1.04.exe deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [03/07/2014 17:11]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
Google Drive - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Battlefield Play4Free - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
Gmail - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
==== Reset Google Chrome ======================
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Alfeu\Desktop\Alliance of Valiant Arms.lnk - C:\AeriaGames\AVA\aeria_launcher.exe av
C:\Users\Alfeu\Desktop\Nova pasta\Dragon - Hawk - Atalho.lnk - C:\Users\Alfeu\Desktop\Nova pasta\Dragon - Hawk
C:\Users\UpdatusUser\Desktop\Magebot.lnk - C:\Program Files (x86)\Magebot\magebotv55.exe
C:\Users\UpdatusUser\Desktop\Magebot_SAFEMODE.lnk - C:\Program Files (x86)\Magebot\magebotv55_SAFEMODE.exe
C:\Users\UpdatusUser\Desktop\Tibia.lnk - C:\Program Files (x86)\Tibia\Tibia.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\EA Sports FIFA World.lnk - C:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Center.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
C:\Users\Public\Desktop\Need For Speed World.lnk - C:\Program Files (x86)\Electronic Arts\Need For Speed World\GameLauncher.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
==== shortcuts in Quick Launch ======================
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"=""
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=211 folders=27 86451039 bytes)
==== Empty Temp Folders ======================
C:\Users\Alfeu\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Alfeu\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 30/07/2014 at 15:53:24,68 ======================
Tool run by Alfeu on 30/07/2014 at 15:22:14,25.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alfeu\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
30/07/2014 15:25:17 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1917907808-739808921-3490598619-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9517348B-7985-41E4-826C-C3313D4B8899} deleted successfully
HKEY_USERS\S-1-5-21-1917907808-739808921-3490598619-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BBC98FB9-73AB-402C-9CAF-A437784D64C1} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Alfeu\.android deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\Users\Alfeu\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Alfeu\Searches deleted
C:\windows\SysNative\tasks\Digital Sites deleted
C:\WINDOWS\tasks\Digital Sites.job deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted
C:\Users\Alfeu\IRPF2014win32v1.4 (1).exe deleted
C:\Users\Alfeu\IRPF2014win32v1.4.exe deleted
C:\Users\Alfeu\jre-7u55-windows-x64.exe deleted
C:\Users\Alfeu\Receitanet-1.04.exe deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [03/07/2014 17:11]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
Google Drive - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Battlefield Play4Free - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
Gmail - Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
==== Reset Google Chrome ======================
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Alfeu\Desktop\Alliance of Valiant Arms.lnk - C:\AeriaGames\AVA\aeria_launcher.exe av
C:\Users\Alfeu\Desktop\Nova pasta\Dragon - Hawk - Atalho.lnk - C:\Users\Alfeu\Desktop\Nova pasta\Dragon - Hawk
C:\Users\UpdatusUser\Desktop\Magebot.lnk - C:\Program Files (x86)\Magebot\magebotv55.exe
C:\Users\UpdatusUser\Desktop\Magebot_SAFEMODE.lnk - C:\Program Files (x86)\Magebot\magebotv55_SAFEMODE.exe
C:\Users\UpdatusUser\Desktop\Tibia.lnk - C:\Program Files (x86)\Tibia\Tibia.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\EA Sports FIFA World.lnk - C:\Program Files (x86)\Origin Games\FIFA World\fifaworld.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Center.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
C:\Users\Public\Desktop\Need For Speed World.lnk - C:\Program Files (x86)\Electronic Arts\Need For Speed World\GameLauncher.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /desktopicon /platui
==== shortcuts in Quick Launch ======================
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\Alfeu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Alfeu\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=211 folders=27 86451039 bytes)
==== Empty Temp Folders ======================
C:\Users\Alfeu\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Alfeu\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 30/07/2014 at 15:53:24,68 ======================
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Qua 30 Jul 2014, 16:11
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Qua 30 Jul 2014, 16:47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Alfeu on 30/07/2014 at 16:28:08,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/07/2014 at 16:45:48,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Alfeu on 30/07/2014 at 16:28:08,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/07/2014 at 16:45:48,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Qua 30 Jul 2014, 16:50
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Obs: estou saindo agora para o trabalho e amanhã te passo o próximo procedimento depois que você tiver postado o relatório pedido nesta postagem.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Qua 30 Jul 2014, 17:05
~ Relatório do ZHPDiag v2014.7.30.111 - Nicolas Coolman (30/07/2014)
~ Iniciado por Alfeu (30/07/2014 16:57:29)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Pro, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8074 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 411 GB (88%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: XPS14Z
~ User Name: Alfeu
~ All Users Names: UpdatusUser, Convidado, Alfeu, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alfeu\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alfeu\AppData\Roaming\
~ %Desktop% : C:\Users\Alfeu\Desktop\
~ %Favorites% : C:\Users\Alfeu\Favorites\
~ %LocalAppData% : C:\Users\Alfeu\AppData\Local\
~ %StartMenu% : C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 411 Go of 465 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.11/03/2014 - 18:36:30.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.11/03/2014 - 18:37:31.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:59.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 5/13
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/798
~ Mon Bureau (My Desktop) : 5/40
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.3604]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe [4672920] [PID.4132]
[MD5.88354CCEE11A1621B5C7951BFF999474] - (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe [195248] [PID.4292]
[MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.4992]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4088]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083968] [PID.3116]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\Alfeu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [ChicaPasswordManager] C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe (.not file.)
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Alfeu\AppData\Local\Apps\2.0\JY5P7ND6.8RE\5YPGL95N.39Z\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [ChicaPasswordManager] C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe (.not file.)
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [DellSystemDetect] C:\Users\Alfeu\AppData\Local\Apps\2.0\JY5P7ND6.8RE\5YPGL95N.39Z\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu AntiVirus Service (bavsvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe (.not file.)
O23 - Service: Baidu Hips Service (bhipssvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe (.not file.)
~ Services: 18 Legitimates Filtered in 00mn 15s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [GPUpdate] (...) -- C:\Program Files (x86)\GetPrivate\gpup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [GPUpdateCheck] (...) -- C:\Program Files (x86)\GetPrivate\gpup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{243E6645-4002-446E-814E-88D1F3DE4C87}] (...) -- C:\Users\Alfeu\AppData\Local\Unity\WebPlayer\Uninstall.exe (.not file.) [0]
[MD5.2E9D9D64F1C45E1982533BD74601E537] [APT] [{42674071-945D-422B-AD55-E3BF831F8ABE}] (...) -- C:\Program Files\Magebot\uninstall.exe [34562]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1080]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 07s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\WINDOWS\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\WINDOWS\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\WINDOWS\system32\drivers\Bprotect.sys
~ Drivers: 40 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ElfBot NG 4.5.9 - (.NGSoft, LLC.) [HKLM][64Bits] -- ElfBot NG_is1
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Asprate]
[HKLM\Software\Wow6432Node\Baidu Security]
~ Key Software: 163 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/03/2014 - 18:20:23 - [] ----D C:\Program Files (x86)\Asprate
O43 - CFD: 23/03/2014 - 16:09:38 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 24/05/2014 - 14:52:44 - [] ----D C:\Program Files (x86)\ElfBot NG
O43 - CFD: 17/06/2014 - 17:49:49 - [] ----D C:\Program Files (x86)\Magebot
O43 - CFD: 22/04/2014 - 20:40:37 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 24/05/2014 - 14:45:13 - [] ----D C:\Users\Alfeu\AppData\Roaming\wi_upd
O43 - CFD: 10/05/2014 - 12:43:24 - [] ----D C:\Users\Alfeu\AppData\Local\OtLand
~ Program Folder: 129 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5E0CCB311CE22835EBC8FEF2226E6F35] - 15/07/2014 - 21:53:59 ---A- . (...) -- C:\Windows\DirectX.log [79985]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/07/2014 - 15:22:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2724DD1FEAA69D5B9239C544DFD7B50A] - 30/07/2014 - 15:53:24 ---A- . (...) -- C:\zoek-results.log [12885]
O44 - LFC:[MD5.ACDECAF00017E1C3DA2273487DF40C04] - 30/07/2014 - 15:57:32 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [159030]
O44 - LFC:[MD5.2E7269CD69A85196CF1C5AF635711644] - 30/07/2014 - 15:57:32 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [775938]
~ Files: 15 Legitimates Filtered in 02mn 06s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 57 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4D124C4F40B471DFFEDF0ED8A79CCCAD] [SPRF][29/07/2014] (...) -- C:\Users\Alfeu\Desktop\AdwCleaner.exe [1365551]
[MD5.5858247140E9FA0E87206FD0ADDA3FD9] [SPRF][10/05/2014] (.OTLand - OTLand IP Changer.) -- C:\Users\Alfeu\Desktop\ipchanger.exe [152576]
[MD5.77120B7C8FE0983B6E84B9A19649B39A] [SPRF][18/12/2011] (...) -- C:\Users\Alfeu\Desktop\NeoMc.exe [9728]
[MD5.642F163AF2D2600185E9894DF5FA5FEA] [SPRF][20/05/2009] (...) -- C:\Users\Alfeu\Desktop\VolumeSerial.exe [24576]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASAPI32 =>Spyware.Binternet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASMANCS =>Spyware.Binternet
~ BTK: 54 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 10/07/1658 0 | (bavsvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe
SS - | Auto 10/07/1658 0 | (bhipssvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe
SS - | Demand 25/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 01/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/06/2014 603424 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/06/2013 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 01/09/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 30/07/2013 328928 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/06/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 20/06/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 20/06/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 08/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 27s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 203280 Items scanned in 01mn 02s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.Binternet
~ MSI: 1 link(s) detected in 00mn 00s
~ 552 Legitimates filtered by white list
End of the scan (411 lines in 04mn 48s)(0)
~ Iniciado por Alfeu (30/07/2014 16:57:29)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Pro, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8074 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 411 GB (88%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: XPS14Z
~ User Name: Alfeu
~ All Users Names: UpdatusUser, Convidado, Alfeu, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alfeu\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alfeu\AppData\Roaming\
~ %Desktop% : C:\Users\Alfeu\Desktop\
~ %Favorites% : C:\Users\Alfeu\Favorites\
~ %LocalAppData% : C:\Users\Alfeu\AppData\Local\
~ %StartMenu% : C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 411 Go of 465 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.11/03/2014 - 18:36:30.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.11/03/2014 - 18:37:31.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:59.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 5/13
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/798
~ Mon Bureau (My Desktop) : 5/40
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.3604]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe [4672920] [PID.4132]
[MD5.88354CCEE11A1621B5C7951BFF999474] - (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe [195248] [PID.4292]
[MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.4992]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4088]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083968] [PID.3116]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\Alfeu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [ChicaPasswordManager] C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe (.not file.)
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Alfeu\AppData\Local\Apps\2.0\JY5P7ND6.8RE\5YPGL95N.39Z\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [ChicaPasswordManager] C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe (.not file.)
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [DellSystemDetect] C:\Users\Alfeu\AppData\Local\Apps\2.0\JY5P7ND6.8RE\5YPGL95N.39Z\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Baidu AntiVirus Service (bavsvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe (.not file.)
O23 - Service: Baidu Hips Service (bhipssvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe (.not file.)
~ Services: 18 Legitimates Filtered in 00mn 15s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [GPUpdate] (...) -- C:\Program Files (x86)\GetPrivate\gpup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [GPUpdateCheck] (...) -- C:\Program Files (x86)\GetPrivate\gpup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{243E6645-4002-446E-814E-88D1F3DE4C87}] (...) -- C:\Users\Alfeu\AppData\Local\Unity\WebPlayer\Uninstall.exe (.not file.) [0]
[MD5.2E9D9D64F1C45E1982533BD74601E537] [APT] [{42674071-945D-422B-AD55-E3BF831F8ABE}] (...) -- C:\Program Files\Magebot\uninstall.exe [34562]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1080]
~ Scheduled Task: 9 Legitimates Filtered in 00mn 07s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\WINDOWS\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\WINDOWS\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\WINDOWS\system32\drivers\Bprotect.sys
~ Drivers: 40 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: ElfBot NG 4.5.9 - (.NGSoft, LLC.) [HKLM][64Bits] -- ElfBot NG_is1
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Asprate]
[HKLM\Software\Wow6432Node\Baidu Security]
~ Key Software: 163 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/03/2014 - 18:20:23 - [] ----D C:\Program Files (x86)\Asprate
O43 - CFD: 23/03/2014 - 16:09:38 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 24/05/2014 - 14:52:44 - [] ----D C:\Program Files (x86)\ElfBot NG
O43 - CFD: 17/06/2014 - 17:49:49 - [] ----D C:\Program Files (x86)\Magebot
O43 - CFD: 22/04/2014 - 20:40:37 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 24/05/2014 - 14:45:13 - [] ----D C:\Users\Alfeu\AppData\Roaming\wi_upd
O43 - CFD: 10/05/2014 - 12:43:24 - [] ----D C:\Users\Alfeu\AppData\Local\OtLand
~ Program Folder: 129 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.5E0CCB311CE22835EBC8FEF2226E6F35] - 15/07/2014 - 21:53:59 ---A- . (...) -- C:\Windows\DirectX.log [79985]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/07/2014 - 15:22:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2724DD1FEAA69D5B9239C544DFD7B50A] - 30/07/2014 - 15:53:24 ---A- . (...) -- C:\zoek-results.log [12885]
O44 - LFC:[MD5.ACDECAF00017E1C3DA2273487DF40C04] - 30/07/2014 - 15:57:32 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [159030]
O44 - LFC:[MD5.2E7269CD69A85196CF1C5AF635711644] - 30/07/2014 - 15:57:32 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [775938]
~ Files: 15 Legitimates Filtered in 02mn 06s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 57 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4D124C4F40B471DFFEDF0ED8A79CCCAD] [SPRF][29/07/2014] (...) -- C:\Users\Alfeu\Desktop\AdwCleaner.exe [1365551]
[MD5.5858247140E9FA0E87206FD0ADDA3FD9] [SPRF][10/05/2014] (.OTLand - OTLand IP Changer.) -- C:\Users\Alfeu\Desktop\ipchanger.exe [152576]
[MD5.77120B7C8FE0983B6E84B9A19649B39A] [SPRF][18/12/2011] (...) -- C:\Users\Alfeu\Desktop\NeoMc.exe [9728]
[MD5.642F163AF2D2600185E9894DF5FA5FEA] [SPRF][20/05/2009] (...) -- C:\Users\Alfeu\Desktop\VolumeSerial.exe [24576]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASAPI32 =>Spyware.Binternet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASMANCS =>Spyware.Binternet
~ BTK: 54 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 10/07/1658 0 | (bavsvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavsvc.exe
SS - | Auto 10/07/1658 0 | (bhipssvc) . (...) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bhipssvc.exe
SS - | Demand 25/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 01/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/06/2014 603424 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/06/2013 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 01/09/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 30/07/2013 328928 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/06/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 20/06/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 20/06/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 08/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 27s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 203280 Items scanned in 01mn 02s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.Binternet
~ MSI: 1 link(s) detected in 00mn 00s
~ 552 Legitimates filtered by white list
End of the scan (411 lines in 04mn 48s)(0)
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Sex 01 Ago 2014, 09:23
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
__________________________________________________________________________________________________________
Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em negrito abaixo para ser analisado (se o site informar que ele já foi analisado, peça para analisar novamente):
C:\Program Files\Magebot\uninstall.exe
Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com os outros logs pedidos nesta postagem.
Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.
Última edição por Power Max em Sáb 02 Ago 2014, 19:54, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Sex 01 Ago 2014, 14:42
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
------
Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by Alfeu at 01/08/2014 14:37:46
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: Service: bavsvc
ELIMINÉ: Service: bhipssvc
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASMANCS
========== Valores do Registo ==========
ELIMINÉ RunValue: ChicaPasswordManager
ELIMINÉ RunValue: DellSystemDetect
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: GPUpdate
ELIMINÉ: GPUpdate
ELIMINÉ: GPUpdateCheck
ELIMINÉ: {243E6645-4002-446E-814E-88D1F3DE4C87}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
9 : Chaves do Registo
2 : Valores do Registo
1 : Pastas
5 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 54s
========== Caminho do ficheiro do relatório ==========
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/07/2014 22:57:51 [667]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/07/2014 22:58:24 [741]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R3].txt - 01/08/2014 14:37:50 [1875]
------
Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by Alfeu at 01/08/2014 14:37:46
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: Service: bavsvc
ELIMINÉ: Service: bhipssvc
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebInternetSecurity_RASMANCS
========== Valores do Registo ==========
ELIMINÉ RunValue: ChicaPasswordManager
ELIMINÉ RunValue: DellSystemDetect
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: GPUpdate
ELIMINÉ: GPUpdate
ELIMINÉ: GPUpdateCheck
ELIMINÉ: {243E6645-4002-446E-814E-88D1F3DE4C87}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
9 : Chaves do Registo
2 : Valores do Registo
1 : Pastas
5 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 54s
========== Caminho do ficheiro do relatório ==========
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/07/2014 22:57:51 [667]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/07/2014 22:58:24 [741]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R3].txt - 01/08/2014 14:37:50 [1875]
Última edição por SoldierThe00002 em Sex 01 Ago 2014, 15:10, editado 3 vez(es)
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Sex 01 Ago 2014, 14:47
Reinicie o PC, para que a limpeza seja completada.
Depois de reiniciar faça o seguinte:
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Depois de reiniciar faça o seguinte:
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Sex 01 Ago 2014, 15:18
achei um arquivo, de um programa da aeriagames com vírus, oque faço ? ;s, paro de jogar ? kkk, não sei se é o Need for Speed ou se é o Fifa World, mas acho que é o Need que ta infectado, teria como vocês tirarem satisfação com a aeriagames por favor ? se não der tudo bem aosheia, agradeço pela toda atenção
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
------
~ Relatório do ZHPDiag v2014.7.30.111 - Nicolas Coolman (30/07/2014)
~ Iniciado por Alfeu (01/08/2014 15:10:54)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Pro, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8074 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 416 GB (89%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: XPS14Z
~ User Name: Alfeu
~ All Users Names: UpdatusUser, Convidado, Alfeu, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alfeu\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alfeu\AppData\Roaming\
~ %Desktop% : C:\Users\Alfeu\Desktop\
~ %Favorites% : C:\Users\Alfeu\Favorites\
~ %LocalAppData% : C:\Users\Alfeu\AppData\Local\
~ %StartMenu% : C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 416 Go of 465 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.11/03/2014 - 18:36:30.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.11/03/2014 - 18:37:31.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:59.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 5/13
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/807
~ Mon Bureau (My Desktop) : 0/36
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.4376]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe [4672920] [PID.4536]
[MD5.88354CCEE11A1621B5C7951BFF999474] - (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe [195248] [PID.4600]
[MD5.80086ED442941DE2CA18CB6DAE8C1422] - (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656] [PID.4728]
[MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.3140]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.1956]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083968] [PID.2344]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 07s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\Alfeu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.2E9D9D64F1C45E1982533BD74601E537] [APT] [{42674071-945D-422B-AD55-E3BF831F8ABE}] (...) -- C:\Program Files\Magebot\uninstall.exe [34562]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1080]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 07s
---\\ Software instalados (042)
O42 - Logiciel: ElfBot NG 4.5.9 - (.NGSoft, LLC.) [HKLM][64Bits] -- ElfBot NG_is1
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\Asprate]
~ Key Software: 160 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/03/2014 - 18:20:23 - [] ----D C:\Program Files (x86)\Asprate
O43 - CFD: 24/05/2014 - 14:52:44 - [] ----D C:\Program Files (x86)\ElfBot NG
O43 - CFD: 17/06/2014 - 17:49:49 - [] ----D C:\Program Files (x86)\Magebot
O43 - CFD: 24/05/2014 - 14:45:13 - [] ----D C:\Users\Alfeu\AppData\Roaming\wi_upd
O43 - CFD: 10/05/2014 - 12:43:24 - [] ----D C:\Users\Alfeu\AppData\Local\OtLand
~ Program Folder: 127 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.ACDECAF00017E1C3DA2273487DF40C04] - 01/08/2014 - 15:13:48 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [159030]
O44 - LFC:[MD5.2E7269CD69A85196CF1C5AF635711644] - 01/08/2014 - 15:13:48 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [775938]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/07/2014 - 15:22:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2724DD1FEAA69D5B9239C544DFD7B50A] - 30/07/2014 - 15:53:24 ---A- . (...) -- C:\zoek-results.log [12885]
~ Files: 15 Legitimates Filtered in 03mn 11s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 57 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4D124C4F40B471DFFEDF0ED8A79CCCAD] [SPRF][29/07/2014] (...) -- C:\Users\Alfeu\Desktop\AdwCleaner.exe [1365551]
[MD5.5858247140E9FA0E87206FD0ADDA3FD9] [SPRF][10/05/2014] (.OTLand - OTLand IP Changer.) -- C:\Users\Alfeu\Desktop\ipchanger.exe [152576]
[MD5.77120B7C8FE0983B6E84B9A19649B39A] [SPRF][18/12/2011] (...) -- C:\Users\Alfeu\Desktop\NeoMc.exe [9728]
[MD5.642F163AF2D2600185E9894DF5FA5FEA] [SPRF][20/05/2009] (...) -- C:\Users\Alfeu\Desktop\VolumeSerial.exe [24576]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 01/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/06/2014 603424 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/06/2013 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 01/09/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 30/07/2013 328928 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/06/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 20/06/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 20/06/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 08/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 28s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 203057 Items scanned in 00mn 59s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
~ 538 Legitimates filtered by white list
End of the scan (369 lines in 06mn 06s)(0)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
------
~ Relatório do ZHPDiag v2014.7.30.111 - Nicolas Coolman (30/07/2014)
~ Iniciado por Alfeu (01/08/2014 15:10:54)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17207 (Defaut)
GCIE: Google Chrome v36.0.1985.125
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Pro, 64-bit (Build 9600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Reader XI
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8074 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 416 GB (89%) free of 465 GB
---\\ Modo de conexão ao sistema
~ Computer Name: XPS14Z
~ User Name: Alfeu
~ All Users Names: UpdatusUser, Convidado, Alfeu, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alfeu\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alfeu\AppData\Roaming\
~ %Desktop% : C:\Users\Alfeu\Desktop\
~ %Favorites% : C:\Users\Alfeu\Favorites\
~ %LocalAppData% : C:\Users\Alfeu\AppData\Local\
~ %StartMenu% : C:\Users\Alfeu\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 416 Go of 465 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.04/03/2014 - 09:25:49.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.2EE102DF0EDD8A1EDD3D1E9B99A91BEC] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/06/2014 - 19:58:27.) -- C:\Windows\System32\wininet.dll [2266112]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.22/02/2014 - 06:45:48.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.11/03/2014 - 18:36:30.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.374E27295F0A9DCAA8FC96370F9BEEA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 00:03:03.) -- C:\Windows\system32\Drivers\AFD.sys [563200]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/03/2014 - 06:22:50.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.498288DD5CA42C2D36D125893E968C53] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.18/03/2014 - 05:19:14.) -- C:\Windows\system32\Drivers\HDAudBus.sys [77312]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.11/03/2014 - 18:37:31.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.0696F66E4D423793951A60562F794D14] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.02/04/2014 - 23:23:05.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402432]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.20/03/2014 - 00:41:24.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.14/11/2013 - 04:15:59.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.4BB9BC49DEE1A319EC58274A7BBED663] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/03/2014 - 09:42:44.) -- C:\Windows\system32\Drivers\volsnap.sys [310616]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 5/13
~ Mes Favoris (My Favorites) : 1/4
~ Mes Documents (My Documents) : 1/807
~ Mon Bureau (My Desktop) : 0/36
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.449E6CD914920B84DDDF0F12880411EE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224] [PID.4376]
[MD5.CC78200C3ECFFA178E78308A0E160D80] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe [4672920] [PID.4536]
[MD5.88354CCEE11A1621B5C7951BFF999474] - (.Microsoft Corporation - Send to OneNote Tool.) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.exe [195248] [PID.4600]
[MD5.80086ED442941DE2CA18CB6DAE8C1422] - (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656] [PID.4728]
[MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.3140]
[MD5.B43E68B8A022FB00FF54360D408E871B] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.1956]
[MD5.B3593D56E802DE2C61B755B85669B2B4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083968] [PID.2344]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Alfeu\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [kmendfapggjehodndflmmgagdbamhnfd] CryptoTokenExtension v.0.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 07s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (...) -- C:\Users\Alfeu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (.not file.)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [Aeria Ignite] . (.Aeria Games & Entertainment - Aeria Ignite.) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Alfeu\AppData\Local\Akamai\netsession_win.exe
O4 - HKUS\S-1-5-21-1917907808-739808921-3490598619-1001\..\Run: [EADM] . (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B6B19F0D-FBEF-42F0-B7DD-89641DE80871}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.2E9D9D64F1C45E1982533BD74601E537] [APT] [{42674071-945D-422B-AD55-E3BF831F8ABE}] (...) -- C:\Program Files\Magebot\uninstall.exe [34562]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1080]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 07s
---\\ Software instalados (042)
O42 - Logiciel: ElfBot NG 4.5.9 - (.NGSoft, LLC.) [HKLM][64Bits] -- ElfBot NG_is1
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\Asprate]
~ Key Software: 160 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/03/2014 - 18:20:23 - [] ----D C:\Program Files (x86)\Asprate
O43 - CFD: 24/05/2014 - 14:52:44 - [] ----D C:\Program Files (x86)\ElfBot NG
O43 - CFD: 17/06/2014 - 17:49:49 - [] ----D C:\Program Files (x86)\Magebot
O43 - CFD: 24/05/2014 - 14:45:13 - [] ----D C:\Users\Alfeu\AppData\Roaming\wi_upd
O43 - CFD: 10/05/2014 - 12:43:24 - [] ----D C:\Users\Alfeu\AppData\Local\OtLand
~ Program Folder: 127 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.ACDECAF00017E1C3DA2273487DF40C04] - 01/08/2014 - 15:13:48 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [159030]
O44 - LFC:[MD5.2E7269CD69A85196CF1C5AF635711644] - 01/08/2014 - 15:13:48 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [775938]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 30/07/2014 - 15:22:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2724DD1FEAA69D5B9239C544DFD7B50A] - 30/07/2014 - 15:53:24 ---A- . (...) -- C:\zoek-results.log [12885]
~ Files: 15 Legitimates Filtered in 03mn 11s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 57 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4D124C4F40B471DFFEDF0ED8A79CCCAD] [SPRF][29/07/2014] (...) -- C:\Users\Alfeu\Desktop\AdwCleaner.exe [1365551]
[MD5.5858247140E9FA0E87206FD0ADDA3FD9] [SPRF][10/05/2014] (.OTLand - OTLand IP Changer.) -- C:\Users\Alfeu\Desktop\ipchanger.exe [152576]
[MD5.77120B7C8FE0983B6E84B9A19649B39A] [SPRF][18/12/2011] (...) -- C:\Users\Alfeu\Desktop\NeoMc.exe [9728]
[MD5.642F163AF2D2600185E9894DF5FA5FEA] [SPRF][20/05/2009] (...) -- C:\Users\Alfeu\Desktop\VolumeSerial.exe [24576]
~ Files: 4 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 25/01/2014 279000 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 01/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 01/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/06/2014 603424 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 25/06/2013 208384 | (AtherosSvc) . (.Atheros Commnucations.) - C:\Windows\System32\AdminService.exe
SR - | Auto 30/07/2013 328928 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 01/09/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 30/07/2013 328928 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 25/04/2014 178528 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Auto 30/07/2013 328928 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 30/07/2013 328928 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 18/06/2014 1041192 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 20/06/2014 219752 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 20/06/2014 189912 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe
SR - | Auto 30/07/2013 328928 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 23/10/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SR - | Auto 08/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Demand 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 28s
---\\ Scâner Aditional (088)
Database Version : 13026 - (30/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 203057 Items scanned in 00mn 59s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Barras do Internet Explorer (03))
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s
~ 538 Legitimates filtered by white list
End of the scan (369 lines in 06mn 06s)(0)
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Sáb 02 Ago 2014, 09:30
Quanto aquele arquivo que você enviou para ser analisado tudo indica que ele é seguro, só um antivirus dentre 46 é que o detectou, o que mostra ser um falso positivo (um engano por parte deste antivirus).
________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois destes procedimentos.
________________________________________________________________________________________________________
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois destes procedimentos.
Última edição por Power Max em Sáb 02 Ago 2014, 19:56, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Sáb 02 Ago 2014, 12:09
Rapport de ZHPFix 2014.7.27.5 par Nicolas Coolman, Update du 27/07/2014
Fichier d'export Registre :
Run by Alfeu at 02/08/2014 12:07:46
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (3) (26.530 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 03s
========== Caminho do ficheiro do relatório ==========
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/07/2014 22:57:51 [667]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/07/2014 22:58:24 [741]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R3].txt - 01/08/2014 14:37:50 [1955]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R4].txt - 02/08/2014 12:07:48 [1186]
Fichier d'export Registre :
Run by Alfeu at 02/08/2014 12:07:46
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (3) (26.530 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 03s
========== Caminho do ficheiro do relatório ==========
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/07/2014 22:57:51 [667]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/07/2014 22:58:24 [741]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R3].txt - 01/08/2014 14:37:50 [1955]
C:\Users\Alfeu\AppData\Roaming\ZHP\ZHPFix[R4].txt - 02/08/2014 12:07:48 [1186]
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Sáb 02 Ago 2014, 13:43
Então, antes tava rapidim também, mas foi bom ter feito tudo isso, parece que removeu um tanto de malware, e outros problemas, mas acabou dando uma diferença na velocidade sim, foi bom.
eu tinha um problema com a internet, Quone8 ficava trocando as configurações, mudando minha pagina inicial, e era um saco, você sabe me dizer se esses procedimentos feitos retiraram o quone8 ?
eu não entendi muito as varreduras, oque tinha no meu not ?
Precisa fazer mais algum procedimento ?
Muito Obrigado
Agradeço pela ajuda.
deixa eu te pedi uma outra ajuda, eu tava querendo formata o not, o problema que ele não tem disco rigido, como vou instalar o windows 8.1, da dell ? como faço ?
denovo, Muito Obrigado pela ajuda
eu tinha um problema com a internet, Quone8 ficava trocando as configurações, mudando minha pagina inicial, e era um saco, você sabe me dizer se esses procedimentos feitos retiraram o quone8 ?
eu não entendi muito as varreduras, oque tinha no meu not ?
Precisa fazer mais algum procedimento ?
Muito Obrigado
Agradeço pela ajuda.
deixa eu te pedi uma outra ajuda, eu tava querendo formata o not, o problema que ele não tem disco rigido, como vou instalar o windows 8.1, da dell ? como faço ?
denovo, Muito Obrigado pela ajuda
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Sáb 02 Ago 2014, 14:12
Quanto ao Qone8, o Malwarebytes já tinha removido ele.
______________________________________________
Vários adwares e outros problemas foram removidos do seu PC.
Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
______________________________________________
Vários adwares e outros problemas foram removidos do seu PC.
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Sáb 02 Ago 2014, 16:08
Antes de fazer os ultimos procedimentos, decidi repassar o procedimento desdo 0, passei o malware, passei o zphdiag, e quando passei o adwcleaner aconteceu isto, por que?
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Obrigado
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Obrigado
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Re: Remoção de Rootkit..
por Power Max Sáb 02 Ago 2014, 17:23
Este erro que você citou está associado ao Origin, é só reinstalá-lo que deverá resolver.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Ajuda para remoção Rootkit
por SoldierThe00002 Sáb 02 Ago 2014, 17:47
Eu tinha dado uma procurada pra sabe também vi que era do origin, mas preferia espera a resposta de quem sabe.
fiz os ultimos procedimentos e esta tudo certo.
so fiquei com uma duvida eu tinha algum virus ?
Muito Obrigado
fiz os ultimos procedimentos e esta tudo certo.
so fiquei com uma duvida eu tinha algum virus ?
Muito Obrigado
SoldierThe00002- Iniciante
- Mensagens : 15
Reputação : 0
Data de inscrição : 28/07/2014
Página 1 de 2 • 1, 2
Tópicos semelhantes» Rootkit... para a vossa remoção!
» Como posso saber se meu PC tem rootkit
» COMO ELIMINAR ROOTKIT ?
» Ajuda para remover rootkit
» Tutorial: SOPHOS Anti-RootKit
» Como posso saber se meu PC tem rootkit
» COMO ELIMINAR ROOTKIT ?
» Ajuda para remover rootkit
» Tutorial: SOPHOS Anti-RootKit
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|