Malware Funshopper

por Murillo Costa Qua 17 Dez 2014, 11:24

Bom dia,

Meu notebook foi infectado com um malware que afeta bastante minha navegação na web.
Já tentei usar alguns programas, mas não obtive sucesso. Esse malware fica redirecionando minhas paginas para uma outra pagina
desse funshopper.

Alguém poderia me ajudar nesse caso?

Desde já agradeço!

por **caedurodrigues** Qua 17 Dez 2014, 12:14

Boa tarde Murillo Costa,

Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ><[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ...Nicolas Coolman)
Salve-o no Disco local (C ou D).
Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Execute o ícone do pergaminho!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Clique na opção "COMPLETA" e aguarde a conclusão.
Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
Obs: O relatório por ser extenso deve ser postado em um desses sites:
Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
Ou anexe-o <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Link
Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !

Um grande abraço. malware - Malware Funshopper 648673379

por Murillo Costa Qua 17 Dez 2014, 22:43

Pronto. Anexei aí.

por **caedurodrigues** Qui 18 Dez 2014, 01:49

Boa noite Murillo Costa,

Execute este script na ferramenta ZHPFix.
Copie estas informações que estão em vermelho para o Bloco de notas.
Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
À seguir, minimize o Bloco de notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
Proxyfix
Hiddenfix
M2 - MFEP: prefs.js [Daniel Barbosa - t4fzhrnj.default-1410469601401\0y@e0L.edu] [] funshopper v5.5 (..)
M2 - MFEP: prefs.js [Daniel Barbosa - t4fzhrnj.default-1410469601401\tV@8J.com] [] dealsmarket v7.11 (..)
O2 - BHO: (no name) [64Bits] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Chave orfã
O2 - BHO: crazylowerprice [64Bits] - {817523c4-ae84-4d4e-947c-e71854368d3d} . (...) -- C:\ProgramData\crazylowerprice\zNfwUXMD5XwEXh.dll =>Adware.Graftor
O2 - BHO: (no name) [64Bits] - {a6c63b7f-2171-47fa-ab34-e64c4737169d} Chave orfã
O2 - BHO: (no name) [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} Chave orfã
O2 - BHO: boomcheap [64Bits] - {e71026ea-f6a7-4350-9321-ad08d00593c4} . (...) -- C:\ProgramData\boomcheap\5uMMWMpHDymWJp.dll
O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\QuickLaunch [Daniel Barbosa]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - GS\QuickLaunch [Daniel Barbosa]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Browsers
O4 - HKUS\.DEFAULT\..\RunOnce: [csafterinstall] C:\Program Files (x86)\PSafe\PSafeAV\csafterinstall.exe (.not file.)
O4 - HKUS\S-1-5-18\..\RunOnce: [csafterinstall] C:\Program Files (x86)\PSafe\PSafeAV\csafterinstall.exe (.not file.)
O15 - Trusted Zone: [HKCU\...\Domains] http.ogdev.net
O15 - Trusted Zone: [HKCU\...\Domains] http.sdo.com
O23 - Service: VideoCnv (fa6789c5) . (...) - c:\Program Files (x86)\VideoCnv\Zet.dll =>Adware.VideoCnv
[MD5.00000000000000000000000000000000] [APT] [Dealply] (...) -- C:\Users\Daniel Barbosa\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.) [0] =>PUP.DealPly
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000Core] (...) -- C:\Users\Daniel Barbosa\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000UA] (...) -- C:\Users\Daniel Barbosa\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
O39 - APT: Dealply - (...) -- C:\Windows\Tasks\Dealply.job [314] =>PUP.DealPly
O39 - APT: Dealply - (...) -- C:\Windows\System32\Tasks\Dealply [314] =>PUP.DealPly
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000Core - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000Core.job [942]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000Core - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000Core [942]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000UA - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000UA.job [964]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000UA - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3317269212-2404224059-2843594365-1000UA [964]
O42 - Logiciel: VideoCnv - (.Software Publisher.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5} =>Adware.VideoCnv
O42 - Logiciel: crazylowerprice - (."".) [HKLM][64Bits] -- {8348C1F2-1FE8-EADF-5C76-34B0728A3FBC} =>Adware.Graftor
O42 - Logiciel: rocketsaler - (.rocketsaler.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1
[HKCU\Software\AppDataLow\SProtector] =>PUP.Mocaflix
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\AppDataLow\Software\findlyrics] =>Adware.AddLyrics
[HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}]
[HKCU\Software\Baidu]
[HKCU\Software\Baixaki]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\FileScout] =>PUP.FileScout
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
O43 - CFD: 21/01/2014 - 21:21:02 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 22/05/2013 - 15:21:11 - [] ----D C:\Program Files (x86)\Spybot - Search & Destroy
O43 - CFD: 06/11/2014 - 20:56:38 - [] ----D C:\Program Files (x86)\VideoCnv =>Adware.VideoCnv
O43 - CFD: 10/09/2014 - 14:05:19 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 28/11/2014 - 14:34:03 - [] ----D C:\ProgramData\boomcheap
O43 - CFD: 05/09/2014 - 16:54:28 - [] ----D C:\ProgramData\cOnntiineuuetoyssave =>PUP.ContinueToSave
O43 - CFD: 12/12/2014 - 13:13:39 - [] ----D C:\ProgramData\crazylowerprice =>Adware.Graftor
O43 - CFD: 02/09/2013 - 20:37:31 - [] ----D C:\ProgramData\IBUpdaterService =>Adware.InstallBrain
O43 - CFD: 20/05/2013 - 19:26:55 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 21/01/2014 - 21:22:50 - [] ----D C:\ProgramData\Log
O43 - CFD: 22/01/2014 - 21:38:17 - [] ----D C:\ProgramData\PSafe
O43 - CFD: 17/04/2014 - 23:49:29 - [] ----D C:\ProgramData\Spybot - Search & Destroy
O43 - CFD: 24/07/2013 - 23:15:36 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 02/09/2013 - 20:37:50 - [] ----D C:\Users\Daniel Barbosa\AppData\Roaming\7go =>PUP.7GoGames
O43 - CFD: 22/01/2014 - 00:06:48 - [0] ----D C:\Users\Daniel Barbosa\AppData\Roaming\baidu
O43 - CFD: 10/09/2014 - 14:05:22 - [0] ----D C:\Users\Daniel Barbosa\AppData\Roaming\Baidu Security
O43 - CFD: 22/01/2014 - 00:06:48 - [0] ----D C:\Users\Daniel Barbosa\AppData\Roaming\baidu
O43 - CFD: 10/09/2014 - 14:05:22 - [0] ----D C:\Users\Daniel Barbosa\AppData\Roaming\Baidu Security
O43 - CFD: 05/09/2014 - 15:16:53 - [] ----D C:\Users\Daniel Barbosa\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 22/01/2014 - 21:38:07 - [] ----D C:\Users\Daniel Barbosa\AppData\Roaming\PSafe
O43 - CFD: 02/09/2013 - 20:37:37 - [] ----D C:\Users\Daniel Barbosa\AppData\Roaming\SpeedAnalysis3 =>PUP.SpeedAnalysis
O43 - CFD: 13/11/2013 - 21:03:47 - [] ----D C:\Users\Daniel Barbosa\AppData\Local\BeamriseUninstall =>Hijacker.Beamrise
O43 - CFD: 03/02/2014 - 15:20:28 - [] ----D C:\Users\Daniel Barbosa\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 22/01/2014 - 21:38:07 - [] ----D C:\Users\Daniel Barbosa\AppData\Local\PSafe
O53 - SMSR:HKLM\...\startupreg\Beamrise [Key] . (...) -- C:\Users\Daniel Barbosa\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O53 - SMSR:HKLM\...\startupreg\NextLive [Key] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Daniel Barbosa\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive
O58 - SDL:19/01/2014 - 00:59:20 R--A- . (.360.cn - 360杀毒文件监控驱动.) -- C:\Windows\System32\Drivers\360AvFlt.sys [71360]
O58 - SDL:21/01/2014 - 21:23:19 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O68 - StartMenuInternet: <Beamrise.PMQJKR2US5KNLVEOQM5GLKXVII> <Beamrise>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Daniel Barbosa\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>Hijacker.Beamrise
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {E802665B-FA85-4463-B5F4-F30FD51215EC} - (Secure Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe =>Rootkit.TDSS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32 =>Toolbar.Ask
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS =>Toolbar.Ask
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32 =>Toolbar.AskBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS =>Toolbar.AskBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BeamriseSetup_2304-1df765ae_RASAPI32 =>Hijacker.Beamrise
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BeamriseSetup_2304-1df765ae_RASMANCS =>Hijacker.Beamrise
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup51069_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup51069_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32 =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_Setup_2-1-37_60_RASAPI32 =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Mobogenie_Setup_2-1-37_60_RASMANCS =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASAPI32 =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASMANCS =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_bitcomet_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_bitcomet_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_flashget_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_flashget_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_hamachi_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_hamachi_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_mobogenie_RASAPI32 =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_mobogenie_RASMANCS =>PUP.Mobogenie
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32 =>Adware.WebCake
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS =>Adware.WebCake
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1550_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-1550_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooDesktop_RASMANCS =>Adware.Yontoo
[HKCR\CLSID\{817523c4-ae84-4d4e-947c-e71854368d3d}] (crazylowerprice) =>Adware.Graftor
SR - | Auto 06/11/2014 3752448 | (fa6789c5) . (...) - c:\Program Files (x86)\VideoCnv\Zet.dll =>Adware.VideoCnv
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{817523C4-AE84-4D4E-947C-E71854368D3D}] =>Adware.Graftor^
[HKLM\SYSTEM\CurrentControlSet\Services\fa6789c5] =>Adware.VideoCnv^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5}] =>Adware.VideoCnv^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8348C1F2-1FE8-EADF-5C76-34B0728A3FBC}] =>Adware.Graftor^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Beamrise] =>Hijacker.Beamrise^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\NextLive] =>PUP.NextLive^
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}] =>Toolbar.Ask
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasmancs] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASMANCS] =>PUP.Mobogenie
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\DealPly] =>PUP.DealPly
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASAPI32] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Iminent_RASMANCS] =>Adware.Bandoo
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Mobogenie_RASAPI32] =>PUP.Mobogenie
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Wow6432Node\Microsoft\Tracing\askpartnercobrandingtool_rasapi32] =>Toolbar.Ask
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\AppDataLow\Software\findlyrics] =>Adware.AddLyrics
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}] =>Adware.BDSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974c985-8151-4de5-b23c-b875f0a8522f}] =>Adware.BDSearch
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32] =>Adware.WebCake
[HKLM\Software\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS] =>Adware.WebCake
C:\Program Files (x86)\VideoCnv =>Adware.VideoCnv^
C:\ProgramData\cOnntiineuuetoyssave =>PUP.ContinueToSave^
C:\ProgramData\crazylowerprice =>Adware.Graftor^
C:\ProgramData\IBUpdaterService =>Adware.InstallBrain^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\Daniel Barbosa\AppData\Roaming\7go =>PUP.7GoGames^
C:\Users\Daniel Barbosa\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\Daniel Barbosa\AppData\Roaming\SpeedAnalysis3 =>PUP.SpeedAnalysis^
C:\Users\Daniel Barbosa\AppData\Local\BeamriseUninstall =>Hijacker.Beamrise^
C:\Users\Daniel Barbosa\AppData\Local\genienext =>PUP.NextLive^
C:\Windows\Tasks\Dealply.job =>PUP.DealPly^
C:\Windows\System32\Tasks\Dealply =>PUP.DealPly^
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\FileScout] =>PUP.FileScout^
[HKLM\Software\Wow6432Node\Conduit] =>Toolbar.Conduit^
[HKCR\CLSID\{817523c4-ae84-4d4e-947c-e71854368d3d}] (crazylowerprice) =>Adware.Graftor^
ServiceStop:fa6789c5
sysrestore
Abra a ferramenta ZHPFix. <[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]>
Clique em IMPORTAÇÃO > OK
Clique "GO".
Poste o Relatório!

Um grande abraço. malware - Malware Funshopper 648673379

por **joram** Sáb 07 Fev 2015, 08:15

Tópico Arquivado

Como o autor não respondeu por mais de 45 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.

por Conteúdo patrocinado

Malware Funshopper

Malware Funshopper

Re: Malware Funshopper

Script

Re: Malware Funshopper

Re: Malware Funshopper

Re: Malware Funshopper

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30