Alguem pode me ajudar a retirar o virus Win32:RmnDrp?

Preciso urgentemente de ajuda!

Olá.

* Faça o download do Dr. Web CureIt neste link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Surgirá a tela de confirmação do download, onde você irá marcar a caixinha com a frase I accept Dr.Web License Agreement e clicará no botão Continue para fazer o download do programa.

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Dr. Web CureIt.

Ficamos no aguardo.

Power Max escreveu:Olá.

* Faça o download do Dr. Web CureIt neste link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Surgirá a tela de confirmação do download, onde você irá marcar a caixinha com a frase I accept Dr.Web License Agreement e clicará no botão Continue para fazer o download do programa.

 Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas do tutorial abaixo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Dr. Web CureIt.

Ficamos no aguardo.

Terminei mas nao consegui mandar o log(relatório) pq quando colo ele o navegador trava! E salvo ele fica com 48 Mb  e não é possivel enviar por anexo.

Acesse o site Cjoint:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

Clique no botão Créer le lien Cjoint

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Se mesmo no site acima o arquivo não couber todo, é só você copiar a parte final dele que é a que mostra os arquivos que foram desinfectados e a quantidade deles, esta é a parte mais importante do relatório.

Power Max escreveu:Se mesmo no site acima o arquivo não couber todo, é só você copiar a parte final dele que é a que mostra os arquivos que foram desinfectados e a quantidade deles, esta é a parte mais importante do relatório.

Acho q é isso:


Total 484521897474 bytes in 399961 files scanned (735100 objects)
Total 396086 files (725227 objects) are clean
Total 3739 files (6747 objects) are infected
Total 1 file are suspicious
Total 3735 files (6721 objects) are neutralized
Total 143 files (138 objects) are raised error condition
Scan time is 02:39:33.235


Pode me dizer oque esse vírus pode fazer?

Faltou você postar uma parte mais acima desta que você copiou, onde ele mostra o nome (tipo) dos vírus.
______________________________

Siga, por gentileza, as dicas deste tutorial abaixo e depois disso poste o relatório dele:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Power Max escreveu:Faltou você postar uma parte mais acima desta que você copiou, onde ele mostra o nome (tipo) dos vírus.
______________________________

Siga, por gentileza, as dicas deste tutorial abaixo e depois disso poste o relatório dele:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

No log do cureIT não achei oque vc queria.

Aqui esta o log do Kaspersky:

Status: Quarantined (events: 19)
07/08/2014 19:58:29 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\pbsv.dll High
07/08/2014 19:58:29 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\pbsv.dll//PE_Patch High
07/08/2014 19:58:37 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\dll\ws001880.dll High
07/08/2014 19:58:37 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\dll\ws001891.dll High
07/08/2014 19:58:37 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\dll\ws001880.dll//PE_Patch High
07/08/2014 19:58:37 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\dll\ws001891.dll//PE_Patch High
07/08/2014 19:58:38 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\dll\ws001894.dll High
07/08/2014 19:58:38 Quarantined virus Virus.Win32.Suspic.gen C:\Arquivos de Programas\Battlefield 4\pb\dll\ws001894.dll//PE_Patch High
07/08/2014 20:18:28 Quarantined Trojan program HEUR:Trojan-Dropper.Script.Generic C:\Documents and Settings\All Users\Origin\Logs\1007968-1011575-1011576-1011577-1010268-1010269-1010270-1010271-1010958-1010959-1010960-1010961-1007077-1016751-1016757-1016754-1015365-1015364-1015363-1015362_OnlineActivation_Log.html High
07/08/2014 20:31:41 Quarantined virus Virus.Win32.Suspic.gen C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\BF3\pb\pbsv.dll High
07/08/2014 20:31:41 Quarantined virus Virus.Win32.Suspic.gen C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\BF3\pb\pbsv.dll//PE_Patch High
07/08/2014 20:32:15 Quarantined virus Virus.Win32.Suspic.gen C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\BF4\pb\pbsv.dll High
07/08/2014 20:32:15 Quarantined virus Virus.Win32.Suspic.gen C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\BF4\pb\pbsv.dll//PE_Patch High
07/08/2014 21:06:04 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\FapCF\FapCF 2.9.exe High
07/08/2014 21:27:30 Quarantined Trojan program HEUR:Trojan-Dropper.Script.Generic C:\Program Files (x86)\Aspyr\Guitar Hero III\Readme.html High
07/08/2014 21:42:38 Quarantined virus Virus.Win32.Suspic.gen C:\Program Files (x86)\Origin Games\Battlefield 3\pb\dll\ws001893.dll High
07/08/2014 21:42:38 Quarantined virus Virus.Win32.Suspic.gen C:\Program Files (x86)\Origin Games\Battlefield 3\pb\dll\ws001893.dll//PE_Patch High
07/08/2014 22:54:16 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Windows\FAPCF\1Qo7AbznJee6yXCv0U92fPBbsBrrEm.EXE High
07/08/2014 22:54:16 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Windows\FAPCF\1Qo7AbznJee6yXCv0U92fPBbsBrrEm.EXE//PE_Patch.Juba High
Status: Disinfected (events: 45)
07/08/2014 19:58:39 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\va001390.htm High
07/08/2014 19:58:39 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\vc002332.htm High
07/08/2014 19:58:40 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\vc002333.htm High
07/08/2014 19:58:40 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\vc002343.htm High
07/08/2014 19:58:41 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\vs001891.htm High
07/08/2014 19:58:41 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\vs001894.htm High
07/08/2014 19:58:41 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\wa001390.htm High
07/08/2014 19:58:43 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\wc002332.htm High
07/08/2014 19:58:43 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\wc002333.htm High
07/08/2014 19:58:44 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\wc002343.htm High
07/08/2014 19:58:44 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\ws001880.htm High
07/08/2014 19:58:45 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\ws001891.htm High
07/08/2014 19:58:49 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Arquivos de Programas\Battlefield 4\pb\htm\ws001894.htm High
07/08/2014 20:16:41 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\All Users\Origin\Logs\1007968-1011575-1011576-1011577-1010268-1010269-1010270-1010271-1010958-1010959-1010960-1010961-1007077-1016751-1016757-1016754_OnlineActivation_Log.html High
07/08/2014 20:29:22 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\BF3\pb\htm\wc002342.htm High
07/08/2014 20:29:23 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\BF4\pb\htm\vc002333.htm High
07/08/2014 20:29:31 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\GRO\pb\htm\wc002334.htm High
07/08/2014 20:29:32 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\user-pc\AppData\Local\PunkBuster\TWZ\pb\htm\wa001374.htm High
07/08/2014 20:35:38 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\user-pc\AppData\Roaming\TS3Client\chats\ZW5Ud1RYS05DU0kyTVJmRkRvZHlmVTVyU2Y0PQ==\server.html High
07/08/2014 20:51:12 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\user-pc\Documents\Infestation Survivor Stories\pb\htm\wa001374.htm High
07/08/2014 20:51:18 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Documents and Settings\user-pc\Documents\Infestation Survivor Stories\pb\htm\wc002316.htm High
07/08/2014 21:39:43 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\va001386.htm High
07/08/2014 21:39:45 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\vc002325.htm High
07/08/2014 21:39:46 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\vc002342.htm High
07/08/2014 21:39:46 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\vs001867.htm High
07/08/2014 21:39:47 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\vs001893.htm High
07/08/2014 21:39:47 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\wa001386.htm High
07/08/2014 21:39:49 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\wc002331.htm High
07/08/2014 21:39:51 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\wc002342.htm High
07/08/2014 21:39:51 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\ws001867.htm High
07/08/2014 21:39:53 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\Battlefield 3\pb\htm\ws001893.htm High
07/08/2014 21:40:25 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\BFH Beta\pb\htm\va001381.htm High
07/08/2014 21:40:28 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\BFH Beta\pb\htm\vc002337.htm High
07/08/2014 21:40:33 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\BFH Beta\pb\htm\wa001381.htm High
07/08/2014 21:40:36 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Origin Games\BFH Beta\pb\htm\wc002337.htm High
07/08/2014 21:45:18 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\common\shaders\BuildLog.htm High
07/08/2014 21:54:22 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Online\Game\NCSA-Live\pb\htm\wa001381.htm High
07/08/2014 21:54:23 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Online\Game\NCSA-Live\pb\htm\wa001382.htm High
07/08/2014 21:54:24 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Online\Game\NCSA-Live\pb\htm\wc002249.htm High
07/08/2014 21:54:25 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Online\Game\NCSA-Live\pb\htm\wc002272.htm High
07/08/2014 21:54:26 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Online\Game\NCSA-Live\pb\htm\ws001805.htm High
07/08/2014 21:54:27 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Steam\SteamApps\common\Tom Clancy's Ghost Recon Online\Game\NCSA-Live\pb\htm\ws001830.htm High
07/08/2014 21:55:53 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\htm\wa001383.htm High
07/08/2014 21:55:58 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\htm\wc002312.htm High
07/08/2014 21:55:59 Disinfected Trojan program Trojan-Dropper.VBS.Agent.bp C:\Program Files (x86)\Ubisoft\FarCry 3\bin\pb\htm\ws001853.htm High
Status: Deleted (events:
07/08/2014 21:38:09 Deleted adware not-a-virus:AdWare.Win32.Hao123.a C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe Medium
07/08/2014 21:38:09 Deleted adware not-a-virus:AdWare.Win32.Hao123.a C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe//data0002.res Medium
07/08/2014 21:38:09 Deleted adware not-a-virus:AdWare.Win32.Hao123.a C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe//# Medium
07/08/2014 21:57:15 Deleted adware not-a-virus:AdWare.Win32.Agent.aljt C:\Program Files (x86)\SupTab\SupTab.dll Medium
07/08/2014 22:53:49 Deleted Trojan program Trojan.MSIL.Crypt.aooi C:\Windows\Marijuana.dll High
07/08/2014 22:53:49 Deleted Trojan program Trojan.MSIL.Crypt.aooi C:\Windows\Marijuana.dll//PE_Patch.PECompact High
07/08/2014 22:53:49 Deleted Trojan program Trojan.MSIL.Crypt.aooi C:\Windows\Marijuana.dll//PE_Patch.PECompact//PecBundle High
07/08/2014 22:53:49 Deleted Trojan program Trojan.MSIL.Crypt.aooi C:\Windows\Marijuana.dll//PE_Patch.PECompact//PecBundle//PECompact High

Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:
C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

Na sua próxima resposta poste este log do Nod32 Online.

Fiz o scan duas vezes porque na primeira eu exclui o programa, o log e os vírus que estavam em quarentena.

Log do segundo scan: C:\Users\user-pc\AppData\Local\Temp\NODD8F0.tmp Win32/HackKMS.A potentially unsafe application deleted (after the next restart) - quarantined

Só isso. Creio que já tenha sido deletado esse arquivo infectado pois assinalei as opções desinstalar programa ao fechar e excluir arquivos da quarentena.

No primeiro scan com o Nod32 ele removeu vários vírus?
_____________________________________________________

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Power Max escreveu:  No primeiro scan com o Nod32 ele removeu vários vírus?
_____________________________________________________

 Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Ele removeu todos os encontrados. Mais ou menos 30 vírus.

Siga então, por gentileza, a dica que te passei com o Malwarebytes e poste o relatório dele.

Power Max escreveu:Siga então, por gentileza, a dica que te passei com o Malwarebytes e poste o relatório dele.

Todos os arquivos foram automaticamente para quarentena como esta aparecendo no log. Posso exclui-los?
Log do Malwarebytes:


Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 09/08/2014
Hora da Verificação: 21:20:26
Logfile: log.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.08.09.07
Rootkit Database: v2014.08.04.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 8
CPU: x64
Sistema de Arquivo: NTFS
Usuário: user-pc

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 654646
Tempo Decorrido: 2 hr, 12 min, 31 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 99
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [dcaf07bde893d660fbc3396635cde11f],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [c5c61ba9c5b6bf777748742b9c66e11f],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [9bf0b70ddba0999d6be8009fd42e926e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [ff8c33919be040f67e0fe68414ee1fe1],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [b4d74084b0cbbf7797213ba5758d966a],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, Quarantined, [a8e31da748334cea8a099859ac56a45c],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [2269b212df9c11257af3be1a5fa3aa56],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [048771539cdf56e013f72319b153a957],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [97f403c13a41ea4c6b23fc264bb9fa06],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [7a11b0141368ad890d5f87511be707f9],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [19723f852a516bcbb65516264eb6a35d],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [b6d59b2937444ee80962696fca38e61a],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [06853a8adba0072f52ba9ca06d97ff01],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [5c2f8f35790254e2c19e8d4b1ee48977],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [0685962e384382b4b459d66663a15ba5],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [414afec68af141f5db852aaed72b926e],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [6f1c7e46d5a642f4907ecd6fcb39946c],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [f2994f75e19a7bbb3f22f4e4e81a9967],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [d5b6cff56c0f82b447c8be7e05ff6997],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [0883c0040f6cbf77f76c8f4938ca42be],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [1d6eb1135a21b581f31d60dc5fa5d22e],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\jumpflip, Quarantined, [ddae8e36ed8eca6c70a1b68683811fe1],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [5c2f50743c3f47ef590bdff9dc26867a],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [b4d7e9db7cff73c3b062db615fa550b0],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchinstaller.exe, Quarantined, [d0bb6b59d0abf343be554eeeb54fbd43],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [404b14b01d5e70c6263fb91fed15c43c],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [1972982cef8c80b6f91b3a0254b07987],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, Quarantined, [8209992b562520160d592fa9dd25a15f],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, Quarantined, [a1ea962e3249b581af660b3129dbc43c],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings.exe, Quarantined, [1c6f81432b5024127e983b0113f16e92],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings64.exe, Quarantined, [1873bf051b6087af65b250ec28dc3bc5],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [404ba321196278be7becb91f6a98ef11],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [2c5f9d279be093a359bfda62b74d9f61],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [1774576d0675c670194fcd0bbf43be42],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [b5d6269e4a310234df3a5ce04cb84bb5],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [286324a00477280ede8beaeea65c669a],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [fc8f82425724f64078a1043848bc7b85],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\umbrella.exe, Quarantined, [ee9d15afdf9cd561ef2b6dcf91737d83],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [5932af15c4b744f2dd8dffd9ad556e92],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [9eedf2d29cdfe84e29f2cd6fe2220ff1],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\volaro, Quarantined, [4645a91bc6b56fc79785ae8e4fb541bf],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\vonteera, Quarantined, [15765b694338a1955dc00b312ed63bc5],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroids.exe, Quarantined, [9dee9430b9c2c86e2cf2f4488d77af51],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroidsservice.exe, Quarantined, [2c5f398b4734c76fd04fb785a85c7c84],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [1d6e665ea7d4f2442c238283996a3cc4],
PUP.Optional.NationZoom.A, HKLM\SOFTWARE\WOW6432NODE\nationzoomSoftware, Quarantined, [a4e794305b20e65058449f8b22e213ed],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\WOW6432NODE\SystemK, Quarantined, [25666a5adf9c9f970a4c1abf2ad8f60a],
PUP.Optional.Elex.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ifohbjbgfchkkfhphahclmkpgejiplfo, Quarantined, [39524084dba0f442d0772cf2a36148b8],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [9af1bb09bbc01c1aa1cc30a87e8456aa],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, Quarantined, [99f2774d4239f34368a276c6ff0541bf],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [ed9e477d33480c2ae2ac4dd512f2c13f],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [ccbff9cbc9b2c472ea82b5238b7716ea],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, Quarantined, [9eed92326516c96d769590ac1ee65ca4],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [48439b29f388ab8baac14296d52da759],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [49422d970873ba7c3dcfae8e31d37090],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [56354a7aabd0c86ed58a97415fa3857b],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, Quarantined, [e4a7497b512a70c611fcd8640bf93ec2],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [5a315c686615f145a5bb835561a1f907],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, Quarantined, [2368279d6f0c48ee7a94c7750cf8aa56],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [67245a6a74071521bea323b5dd25d42c],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [3e4debd9b1ca55e18f80e05cdf259d63],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [98f3cdf7cbb0dc5adb88637544be9e62],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, Quarantined, [206bbd0791ea84b2739dab916b9956aa],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\jumpflip, Quarantined, [117ae1e3205bfd3970a145f7d72d7a86],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [9cef5f65d1aada5c352f3c9cba48b947],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [711aae160378171f25edb38954b05ba5],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchinstaller.exe, Quarantined, [e8a34e76bbc0e353f320ed4fe0241de3],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [90fb883c7ffc0a2c1f4611c7689ab54b],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [92f9c6fe5724dc5a918371cb1de7d42c],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, Quarantined, [1e6dc2024833b48285e1eaee5ca646ba],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, Quarantined, [701bfbc97dfe45f1799cce6ee1238e72],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings.exe, Quarantined, [2f5c7c483f3c8fa746d0a19bb64eb54b],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings64.exe, Quarantined, [5635dbe9f289f83e2becf349e81c857b],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [93f8537114670a2c234420b8966c35cb],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [4c3ff0d4136887afdc3cc4786e96bf41],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [5d2e22a25f1c61d599cfe5f306fc3ac6],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [8dfec301bac1e353d94052ea19ebbb45],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [2863378d16650b2bc5a400d85ba7a858],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [e0ab972d0477bf77d247f04caa5a29d7],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\umbrella.exe, Quarantined, [fe8df2d20b701c1a57c371cb64a09c64],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [4d3ea51f82f9b383b0badcfcab5724dc],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, Quarantined, [6229dce82c4f2e08cd4e013b21e3cd33],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\volaro, Quarantined, [7c0f774d0f6cb77fe7352814bb49c937],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\vonteera, Quarantined, [b6d582421d5e0e2860bd2913d034e917],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroids.exe, Quarantined, [800b3b8904776dc92df11a22689c4eb2],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroidsservice.exe, Quarantined, [9fecb31193e8e74f839ce45805ff45bb],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Quarantined, [2f5cf8ccb7c41026d159f8ffef1308f8],
Backdoor.Agent, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\((Mutex)), Quarantined, [0b80893be19a6dc9a5ea0215a75c6d93],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, Quarantined, [cbc070548fecec4a4546fc2646beb947],
Malware.Trace, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Quarantined, [87042c9808736dc9a04decba887bd52b],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, Quarantined, [1873754fdf9cf046f3a48b6606fc6e92],
PUP.Optional.SimplyTech.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SIMPLYTECH\Toolbar, Quarantined, [434806be96e50e288056f2f552b0669a],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [0685299b562567cf99c10df731d248b8],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [0c7f20a499e2b581660ffd1dd232946c],
Backdoor.Trace, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LAMMER, Quarantined, [93f8952f5823a29468b3d82fde26bd43],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [e3a8faca77049b9b029f9f64aa594eb2],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [6823ab19b1ca69cdc1b56f84b949c43c],
Backdoor.Trace, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VÍTIMA, Quarantined, [612aebd9b6c5fe38a97b868f7b88bc44],
Malware.Trace, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\XTREMERAT, Quarantined, [a8e3299b89f25dd9c2a4d1e005fe5ba5],

Valores de Registro: 7
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr1O1I1S2WtM0U0EtR0A1Q2Y2X, Quarantined, [0c7f20a499e2b581660ffd1dd232946c]
Backdoor.Trace, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LAMMER|FirstExecution, 30/07/2014 -- 19:25, Quarantined, [93f8952f5823a29468b3d82fde26bd43]
Backdoor.Agent.MPG, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Avirnt, C:\Users\user-pc\AppData\Roaming\Microsoft\Pluguin.exe, Quarantined, [ff8c4b79fd7e013595a07988c0436e92]
Backdoor.Agent.Gen, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Win32, %Windows%, Quarantined, [aeddcef62a510432395cd15922e1867a]
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [e3a8faca77049b9b029f9f64aa594eb2]
Backdoor.Trace, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\VÍTIMA|FirstExecution, 18/04/2014 -- 13:18, Quarantined, [612aebd9b6c5fe38a97b868f7b88bc44]
Malware.Trace, HKU\S-1-5-21-3826540325-501424537-789613966-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\XTREMERAT|Mutex, ZG1nEiQ, Quarantined, [a8e3299b89f25dd9c2a4d1e005fe5ba5]

Dados do Registro: 3
PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://www.nationzoom.com/?type=hp&ts=1389648594&from=amt&uid=WDCXWD5000AAKX-00U6AA0_WD-WCC2ENA5094350943),Replaced,[8dfe8d3726553501f718952a17ed4cb4]
Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, C:\Windows\system32\userinit.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\avasT\msdcsc.exe, Good: (userinit.exe), Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\MSDCSC\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\bSXP3NFrd2R6\MSupdater.exe,C:\Windows\system32\MSDCSC\msdcsc.exe,C:\Windows\system32\avasT\msdcsc.exe),Replaced,[f992d5ef700bef4745a7655b3ec6bf41]
PUP.Optional.NationZoom.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Good: ([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Bad: (http://www.nationzoom.com/?type=hp&ts=1389648594&from=amt&uid=WDCXWD5000AAKX-00U6AA0_WD-WCC2ENA5094350943),Replaced,[5239eed61d5ead89e6292c93de26f30d]

Pastas: 14
Stolen.Data, C:\Users\user-pc\AppData\Roaming\dclogs, Quarantined, [4843c7fd522972c407a1f5e08e757090],
Backdoor.Bifrose, C:\Windows\SysWOW64\SYSTEM 32, Quarantined, [4d3e0db724576ec8601ddbd314ee33cd],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, Quarantined, [0a81ae166417fa3c4875cae9ef13c13f],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, Quarantined, [0a81ae166417fa3c4875cae9ef13c13f],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, Quarantined, [0a81ae166417fa3c4875cae9ef13c13f],
PUP.Optional.BonanzaDeals.A, C:\Users\user-pc\AppData\Local\BonanzaDealsLive, Quarantined, [a3e8f5cf6516da5c615df1c2f2101ce4],
PUP.Optional.BonanzaDeals.A, C:\Users\user-pc\AppData\Local\BonanzaDealsLive\CrashReports, Quarantined, [a3e8f5cf6516da5c615df1c2f2101ce4],
PUP.Optional.NextLive.A, C:\Users\user-pc\AppData\Roaming\newnext.me, Quarantined, [9dee3f85a4d7ee488becc5efb84a8977],
PUP.Optional.NextLive.A, C:\Users\user-pc\AppData\Roaming\newnext.me\cache, Quarantined, [9dee3f85a4d7ee488becc5efb84a8977],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, [4744f8cc07741224cab7e3d29d658a76],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [4744f8cc07741224cab7e3d29d658a76],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, Quarantined, [107bc1038bf01125c48509b505fd9a66],
PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, Quarantined, [107bc1038bf01125c48509b505fd9a66],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Quarantined, [850622a2611a8fa781b1a22f2cd64ab6],

Arquivos: 20
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\amtlib.dll, Quarantined, [8dfea123661565d179d322f6c83a7f81],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, Quarantined, [57344381ceadd56138149f79699934cc],
PUP.Optional.Iminent.A, C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [d3b822a2fc7ff343d0347f6f7e84f30d],
PUP.Optional.NewTab.A, C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [414a586cfa812d0949d62ed326dd14ec],
Bifrose.Trace, C:\Users\user-pc\AppData\Roaming\logs.dat, Quarantined, [e3a86064760578bea853ad873cc745bb],
Malware.Trace, C:\Users\user-pc\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg, Quarantined, [e4a740846b105adc9487ab1705fee21e],
Malware.Trace, C:\Users\user-pc\AppData\Roaming\Microsoft\Windows\((Mutex)).dat, Quarantined, [f59664606f0cec4a120a6d5505fe43bd],
Stolen.Data, C:\Users\user-pc\AppData\Roaming\dclogs\2014-01-08-4.dc, Quarantined, [4843c7fd522972c407a1f5e08e757090],
Stolen.Data, C:\Users\user-pc\AppData\Roaming\dclogs\2014-03-23-1.dc, Quarantined, [4843c7fd522972c407a1f5e08e757090],
Stolen.Data, C:\Users\user-pc\AppData\Roaming\dclogs\2014-04-14-2.dc, Quarantined, [4843c7fd522972c407a1f5e08e757090],
Stolen.Data, C:\Users\user-pc\AppData\Roaming\dclogs\2014-04-15-3.dc, Quarantined, [4843c7fd522972c407a1f5e08e757090],
Stolen.Data, C:\Users\user-pc\AppData\Roaming\dclogs\2014-05-08-5.dc, Quarantined, [4843c7fd522972c407a1f5e08e757090],
Malware.Trace.E, C:\zbzsys.vbr, Quarantined, [c7c4f9cb1c5f52e48eb22a0bd331857b],
Malware.Trace.E, C:\zbzsys.vbr--, Quarantined, [e9a23b89b4c7102690b0b67f55af32ce],
Backdoor.Agent.MPG, C:\Users\user-pc\AppData\Roaming\Microsoft\Pluguin.exe, Quarantined, [ff8c4b79fd7e013595a07988c0436e92],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, Quarantined, [0a81ae166417fa3c4875cae9ef13c13f],
PUP.Optional.NextLive.A, C:\Users\user-pc\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [9dee3f85a4d7ee488becc5efb84a8977],
PUP.Optional.NextLive.A, C:\Users\user-pc\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [9dee3f85a4d7ee488becc5efb84a8977],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [4744f8cc07741224cab7e3d29d658a76],
PUP.Optional.DefaultSearch.A, C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www.default-search.net?sid=476&aid=133&itype=n&ver=12302&tm=318&src=hmp",), Replaced,[97f4a123dc9fb97da92fbf399a6a8977]

Physical Sectors: 0
(No malicious items detected)


(end)

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Power Max escreveu:Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Ta ai:


# AdwCleaner v3.304 - Relatório criado 11/08/2014 às 12:01:49
# Atualizado 08/08/2014 por Xplode
# Sistema Operacional : Windows 8 Pro (64 bits)
# Usuário : user-pc - USER
# Executando de : C:\Users\user-pc\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : AppleChargerSrv

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\rvlkl
Pasta Deletada : C:\ProgramData\SoftWarehouse
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Users\user-pc\AppData\Local\genienext
Pasta Deletada : C:\Users\user-pc\AppData\Local\lollipop
Pasta Deletada : C:\Users\user-pc\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\user-pc\AppData\Roaming\baidu
Pasta Deletada : C:\Users\user-pc\Documents\Mobogenie
Pasta Deletada : C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Arquivo Deletada : C:\Windows\System32\AppleChargerSrv.exe
Arquivo Deletada : C:\Users\user-pc\daemonprocess.txt
Arquivo Deletada : C:\Users\user-pc\AppData\Roaming\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Users\user-pc\AppData\Roaming\regsvr32.exe_log.txt

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKCU\Software\0834daba34fc76fcb705a66b2338d64f
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKCU\Software\anchorfree
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Linkey
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Myfree Codec
Chave Deletedo : HKCU\Software\simplytech
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Software\simplytech
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\Myfree Codec
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (pt-BR)

[ Arquivo : C:\Users\user-pc\AppData\Roaming\Mozilla\Firefox\Profiles\z7j8fukw.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ Arquivo : C:\Users\user-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
Deletedo [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
Deletedo [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [5167 octets] - [11/08/2014 07:14:37]
AdwCleaner[S0].txt - [4490 octets] - [11/08/2014 12:01:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4550 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.