Crossrider Malware como remover?

Meu Avira identificou o vírus   Crossrider Malware porem não consigo remove-lo. Poderia me orientar?

  Olá Regis.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

Olá Power Max olha eu mais uma vez aqui ...

Obrigado pelo suporte.  

# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 00:22:05
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language  (64 bits)
# Usuário : Regis e Thais - PRECIOSO
# Executando de : C:\Users\Regis e Thais\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\Extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\WINDOWS\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
Arquivo Deletada : C:\WINDOWS\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422822292}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444824492}
Chave Deletedo : HKCU\Software\AppDataLow\Software

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js ]

Linha deletada : user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.crossrider.bic", "1463655f6aef47eace97cb6bc4a3d55b");

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2799 octets] - [26/05/2014 00:20:43]
AdwCleaner[S0].txt - [2620 octets] - [26/05/2014 00:22:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2680 octets] ##########

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executá-lo corretamente siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
________________________________________________________________________________

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Regis e Thais on 26/05/2014 at  0:34:07,38.
Microsoft Windows 8.1 Single Language 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Regis e Thais\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26/05/2014 00:35:05 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default

user.js not found
---- Lines a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292 removed from prefs.js ----
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.active", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.addressbar", "NA");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.addressbarenhanced", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb.was_copied", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb_dbWasSet", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb.was_copied", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.backgroundver", 1);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.certdomaininstaller", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.changeprevious", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_aoi.value", "%221401071096%22");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_parent_zoneid.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_parent_zoneid.value", "%22532302%22"
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallationTime.value", "%221401070083%2
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.description", ".");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.domain", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.enablesearch", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.homepage", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.iframe", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.InstallationThankYouPage", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.InstallationTime", 1401070083);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb._installer_additional_info.expiration
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb._installer_additional_info.value", "%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_appVer.value", "57");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_nextCheck.expiration", "Mon
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.lastDailyReport", "1401070953962");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.lastUpdate", "1401070943186");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.manifesturl", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.name", "Sense");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.newtab", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.opensearch", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.pluginsurl", "http://js.clientstatsservice.com/p
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.pluginsversion", 52);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.publisher", "Object Browser");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.searchstatus", 0);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.setnewtab", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.thankyou", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.updateinterval", 360);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.ver", 57);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.apps", "48292");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.bic", "1463655f6aef47eace97cb6bc4a3d55b");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.cid", 48292);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.firstrun", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.hadappinstalled", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.installationdate", 1401070942);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.modetype", "production");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.reportInstall", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_052014_0045_.backup
prefs_052014_1609_.backup
prefs_052014_2214_.backup

==== Firefox Extensions ======================

ProfilePath: C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
- Battlefield Heroes Updater - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\battlefieldheroespatcher@ea.com
- Undetermined - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
AA2B0803778428522D1CF29EF5AC2DDB - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll - EA Battlefield Heroes Updater
A58DE0A570148AF5FF3512B2A340D09F - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
4523D2D6A7AEC9BE0B5746475AD611AF - C:\Users\Regis e Thais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chrome Look ======================

Google Docs - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Sense - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba
Desprotetor de Links - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei
Google Wallet - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0.localstorage deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0.localstorage-journal deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0 deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfohdbmjdkfijghgklbickfnaepghgba deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira na Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Iniciar Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Regis e Thais\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Regis e Thais\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Regis e Thais\AppData\Local\Mozilla\Firefox\Profiles\lphp0fd5.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=98 folders=13 1553405 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Regis e Thais\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\REGISE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 26/05/2014 at  0:56:50,84 ======================

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by Regis e Thais on 26/05/2014 at  1:04:37,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Regis e Thais\AppData\Roaming\mozilla\firefox\profiles\lphp0fd5.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at  1:11:15,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman  (24/05/2014)
~ Iniciado por Regis e Thais (26/05/2014 01:23:01)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit  (Build 9600)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1931 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 161 GB (86%) free of 186 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PRECIOSO
~ User Name: Regis e Thais
~ All Users Names: Regis e Thais, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Regis e Thais\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Regis e Thais\AppData\Roaming\
~ %Desktop% : C:\Users\Regis e Thais\Desktop\
~ %Favorites% : C:\Users\Regis e Thais\Favorites\
~ %LocalAppData% : C:\Users\Regis e Thais\AppData\Local\
~ %StartMenu% : C:\Users\Regis e Thais\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 161 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified  =>Hijacker.Application
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.06/05/2014 - 23:28:34.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3792
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/104
~ Mon Bureau (My Desktop) : 0/14
~ Menu demarrer (Programs) : 1/24
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processos lançados
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe   [689744] [PID.3400]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe   [328064] [PID.4008]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe   [205184] [PID.2864]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe   [91432] [PID.3852]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe   [1559936] [PID.2836]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe   [54488] [PID.2684]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe   [176240] [PID.3764]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe   [1124032] [PID.816]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe   [20792] [PID.2948]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [860488] [PID.4308]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7879168] [PID.4832]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Regis e Thais - lphp0fd5.default\battlefieldheroespatcher@ea.com] [] Battlefield Heroes Updater v5.0.203.0 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
~ Application:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.D07FA05385562DE06B794C497194AAC8] [APT] [Installer_sense] (...) -- C:\Users\Regis e Thais\AppData\Local\Installer\Install_7083\ytaia.exe   [962960]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1096]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1100]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/05/2014 - 01:07:44 - [] ----D C:\Users\Regis e Thais\AppData\Local\Installer
~ Program Folder: 116 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [774900]
O44 - LFC:[MD5.4B0E056436CC128CA28B56A921B59174] - 25/05/2014 - 22:54:40 ---A- . (...) -- C:\PureRa.txt   [4568]
O44 - LFC:[MD5.437325EC41E714BF5587080AB0A042C3] - 25/05/2014 - 22:56:49 ---A- . (...) -- C:\DelFix.txt   [1377]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 00:33:57 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.5725D0F391929F29AF72FAA22007F85E] - 26/05/2014 - 00:56:50 ---A- . (...) -- C:\zoek-results.log   [24095]
~ Files: 43 Legitimates Filtered in 00mn 07s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys   [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
~ Drivers: 47 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe   [24576]
[MD5.ED4039AC31D7B2E85AC1373C49C01CD7] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\AppData\Roaming\sp_data.sys   [74]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\AdwCleaner.exe   [1327971]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\zoek.exe   [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS:  - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS:  - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS:  - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS:  - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS:  - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2014 1017424 |  (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 13/12/2012 277616 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 13/05/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/05/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/06/2013 1281640 |  (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 25/05/2014 440400 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/05/2014 440400 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 05/10/2012 110976 |  (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Demand 13/04/2012 277120 |  (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 |  (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 21/11/2011 96896 |  (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Demand 24/04/2012 169752 |  (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 13/09/2012 2466448 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 20/04/2012 635104 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 27/06/2012 129856 |  (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 25/06/2012 166720 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Demand 17/07/2012 277824 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 |  (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Demand 17/07/2012 365376 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
~ Services:  Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 1
Fichiers trouvés  (Files found) : 1

C:\Users\Regis e Thais\AppData\Local\Installer   =>Adware.InstallPedia
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified   =>Hijacker.Application^
~ Additionnel Scan: 172052 Items scanned in 00mn 33s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.InstallPedia
~ MSI: 1 link(s) detected in 00mn 00s



~ 563 Legitimates filtered by white list
End of the scan (358 lines in 01mn 34s)(0)

Próximo passo? Estou no aguardo!

Regis Schelenger escreveu:Próximo passo? Estou no aguardo!

Leia o prazo de espera pela resposta, Regis:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Todo o trabalho prestado no fórum é voluntário e feito em nosso horário de folga. Não recebemos pagamento pelo trabalho feito aqui e portanto temos o nosso trabalho diário em nossos outros serviços, obrigações familiares, etc.

Ok... Obrigado fico no aguardo...  

 Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Regis e Thais at 26/05/2014 16:23:39
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 16s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (25) (4.380.164 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: Installer_sense

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema


End of clean in 01mn 13s

========== Caminho do ficheiro do relatório ==========
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 10:18:37 [1124]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/05/2014 16:23:56 [1486]

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman  (24/05/2014)
~ Iniciado por Regis e Thais (26/05/2014 16:34:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit  (Build 9600)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Windows Defender W8 (Deactivate)

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1931 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 161 GB (86%) free of 186 GB

---\\ Modo de conexão ao sistema
~ Computer Name: PRECIOSO
~ User Name: Regis e Thais
~ All Users Names: Regis e Thais, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Regis e Thais\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Regis e Thais\AppData\Roaming\
~ %Desktop% : C:\Users\Regis e Thais\Desktop\
~ %Favorites% : C:\Users\Regis e Thais\Favorites\
~ %LocalAppData% : C:\Users\Regis e Thais\AppData\Local\
~ %StartMenu% : C:\Users\Regis e Thais\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 161 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.06/05/2014 - 23:28:34.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes:  Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3792
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/104
~ Mon Bureau (My Desktop) : 0/15
~ Menu demarrer (Programs) : 1/24
~ Hidden Files:  Scanned in 00mn 01s



---\\ Processos lançados
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe   [689744] [PID.3696]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe   [205184] [PID.236]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe   [328064] [PID.3808]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe   [91432] [PID.1824]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe   [1559936] [PID.4116]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe   [54488] [PID.4596]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe   [176240] [PID.5064]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe   [1124032] [PID.4288]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe   [20792] [PID.4828]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7879168] [PID.796]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [dfohdbmjdkfijghgklbickfnaepghgba] CSS reload! v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Regis e Thais - lphp0fd5.default\battlefieldheroespatcher@ea.com] [] Battlefield Heroes Updater v5.0.203.0 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
~ Application:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
~ Services: 7 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1] (...) -- C:\Program Files (x86)\Sense\Sense-codedownloader.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1.job   [1680]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1   [1680]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.job   [1668]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2   [1668]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job   [4160]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3   [4160]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job   [2460]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4   [2460]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.job   [1778]  =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5   [1778]  =>PUP.CrossRider
O39 - APT:  - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job   [986]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore   [986]
O39 - APT:  - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job   [990]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA   [990]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1096]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1100]
~ Scheduled Task: 36 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: Sense - (.Object Browser.) [HKLM][64Bits] -- Sense  =>PUP.ObjectBrowser
~ Logic: 6 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\InstalledBrowserExtensions]  =>Adware.VidSaver
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions]  =>Adware.VidSaver
[HKLM\Software\Wow6432Node\iSafe]  =>Trojan.Staser
~ Key Software: 157 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 11:34:49 - [] ----D C:\Program Files (x86)\Sense
O43 - CFD: 26/05/2014 - 11:14:29 - [] ----D C:\Users\Regis e Thais\AppData\Roaming\iSafe  =>Trojan.Staser
~ Program Folder: 118 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CF04660B4CDFEEDB7307E4D9D26750AF] - 20/05/2014 - 06:05:59 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [43520]  =>Trojan.Staser
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [774900]
O44 - LFC:[MD5.437325EC41E714BF5587080AB0A042C3] - 25/05/2014 - 22:56:49 ---A- . (...) -- C:\DelFix.txt   [1377]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 00:33:57 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.5725D0F391929F29AF72FAA22007F85E] - 26/05/2014 - 00:56:50 ---A- . (...) -- C:\zoek-results.log   [24095]
O44 - LFC:[MD5.BBEF799C6F6A11369D04FF23EFF43825] - 26/05/2014 - 11:57:19 ---A- . (...) -- C:\PureRa.txt   [7944]
~ Files: 44 Legitimates Filtered in 01mn 22s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2  Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys   [17624]
O58 - SDL:20/05/2014 - 06:05:59 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [43520]  =>Trojan.Staser
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys   [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [31072]
~ Drivers: 48 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files (x86)\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe   [24576]
[MD5.ED4039AC31D7B2E85AC1373C49C01CD7] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\AppData\Roaming\sp_data.sys   [74]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\AdwCleaner.exe   [1327971]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\zoek.exe   [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS:  - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS:  - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS:  - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS:  - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS:  - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS:  - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220422822292}] (CrossriderApp0048292.Sandbox)  =>PUP.CrossRider
~ BCK: 5127 Legitimates Filtered in 00mn 10s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2014 1017424 |  (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 05/10/2012 110976 |  (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SS - | Demand 21/11/2011 96896 |  (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SS - | Demand 13/12/2012 277616 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 26/05/2014 68608 |  (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 26/05/2014 68608 |  (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 26/05/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/05/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/06/2013 1281640 |  (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 25/05/2014 440400 |  (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/05/2014 440400 |  (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 13/04/2012 277120 |  (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 |  (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 24/04/2012 169752 |  (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 13/09/2012 2466448 |  (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 20/04/2012 635104 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 27/06/2012 129856 |  (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 25/06/2012 166720 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Demand 17/07/2012 277824 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 |  (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Demand 17/07/2012 365376 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 |  (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Disabled 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
~ Services:  Scanned in 00mn 14s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 1
Fichiers trouvés  (Files found) : 12

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sense]   =>PUP.ObjectBrowser^
[HKCU\Software\AppDataLow\Software\Crossrider]   =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions]   =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411821192}]   =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422822292}]   =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411821192}]   =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422822292}]   =>PUP.CrossRider
C:\Users\Regis e Thais\AppData\Roaming\iSafe   =>Trojan.Staser^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1.job   =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1   =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.job   =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2   =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job   =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3   =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job   =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4   =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.job   =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5   =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\iSafe]   =>Trojan.Staser^
[HKCR\CLSID\{22222222-2222-2222-2222-220422822292}] (CrossriderApp0048292.Sandbox)   =>PUP.CrossRider^
~ Additionnel Scan: 171798 Items scanned in 00mn 31s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Adware.VidSaver
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]  =>Trojan.Staser
~ MSI: 3 link(s) detected in 00mn 00s



~ 571 Legitimates filtered by white list
End of the scan (429 lines in 02mn 58s)(0)

Você instalou algum programa ou alguma extensão agora há pouco? Porque surgiram mais adwares no seu relatório que não estavam antes.

 Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Regis e Thais at 26/05/2014 17:06:52
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)

Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\sense\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
ELIMINÉ:* HKLM\Software\InstalledBrowserExtensions
ELIMINÉ: HKLM\Software\Wow6432Node\iSafe
ELIMINÉ:* HKCR\CLSID\{22222222-2222-2222-2222-220422822292}
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ:* HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411821192}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411821192}

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINÉ Temporários windows (3) (3.218.906 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
7 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
12 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 37s

========== Caminho do ficheiro do relatório ==========
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 10:18:37 [1124]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/05/2014 16:23:56 [1574]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R3].txt - 26/05/2014 17:06:57 [2647]

Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

Max devo desativar ou desinstalar o Avira para não criar conflito?

O Malwarebytes é compatível com o Avira. É só desativar temporariamente a proteção residente do Avira para o escaneamento do Malwarebytes ser mais rápido.

Beleza estarei realizando o procedimento... obrigado estou aprendendo muito no forum 

Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Data de Verificação: 26/05/2014
Hora da Verificação: 17:53:40
Logfile: LOG.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.05.26.03
Rootkit Database: v2014.05.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 8.1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Regis e Thais

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 371736
Tempo Decorrido: 1 hr, 5 min, 37 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 3
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\Firefox, Quarantined, [f902de772c4fde58750a188b53afb848],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\IE, Quarantined, [d328f85d83f8a096314f554e4eb431cf],
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER, Quarantined, [cd2e3124413af73ffd47f8a336cca25e],

Valores de Registro: 1
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER|BundledIe, 1, Quarantined, [cd2e3124413af73ffd47f8a336cca25e]

Dados do Registro: 0
(No malicious items detected)

Pastas: 15
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults\preferences, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale\en-US, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],

Arquivos: 126
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [e219d97cd5a6a0965c1647f680805ba5],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [916a4d08dd9e3600d6b4d0761be9fe02],
PUP.Optional.ScramblePacker.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\installer.DIR\Install_7083\sense.exe, Quarantined, [fdfe67ee1863e551ad40d3ab41c0c53b],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-bho64.dll, Quarantined, [15e6d67ff685ad89f5b6f2593dc4b64a],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-buttonutil.exe, Quarantined, [ce2ddd78ff7c20168a21e8637c859f61],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-buttonutil64.exe, Quarantined, [7982c392374406304c5ff556da27b54b],
PUP.Optional.crossRider.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\utils.exe, Quarantined, [ac4fe57087f4d165f3f23609bd433cc4],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\background.js, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\bookmarklet.js, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-128.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-16.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-48.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\manifest.json, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome.manifest, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\install.rdf, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\1e374307a121adf037bb94b12f1b4d57.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\5f95a50d7bfe9c324503953b34d7880e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\60f2c4492b42f8347a0d96468e68763d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\710d5a34dac7b4926011cb24b2434e41.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\background.html, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\browser.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\dialog.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\f48edf15923d0c48b61fc08f1ca1125e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\search_dialog.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\2a6c6adfd768673b1e7b95dc3175a700.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\4dda4cdf75f134742b486a1f0c39b85e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\652601676b8978be81557c27f62ec901.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\6f8721012f19ffff444c22b0c52f4f17.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\791586103af76a1ccd13ae18066f35f0.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\7924efc50cc80ba159d22f2b710ce5ee.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\8a2d5d91ec3b12d561e913519e02fe67.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\a61b945b2a3cdb74a5581ebe513f4cea.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\adfc23d7e4fd1918ea0ade823265ab5a.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\b0ce06c932b3a3a63b1e61f9c450ddc9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ba87b0709ef77639bb502815ce8fbef3.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ca7c127dbb9c6c555f7fc473ad87889a.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\d153434742f3c76dd6c5d82afa835ade.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\d2bac35997c355455c51b8a4cbfa6d47.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\fa16c72814c2a48b0b49070e8e45555d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\fdc03b97758976f43cbc31567c55a005.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\010d6a2251ed8dbe0c3e708ee8e08940.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\08766a81523279de692c66b9603f3b5d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\12f8db7917b9f216726663a52e755ec9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\14b7bb38b9bea719d60cbb1aec2a0506.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\15d191beadc96938bf11ef34548b5165.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\2090e0e56bf28dd9b6e8b40aca781d04.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\2e1f7bc15c34baacca9d5d5093582093.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\30792470bb8ea0f4631d67d1efb032ed.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\44f0ad659fbe66a5a0aeb92f58c43d04.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\506f0bfa63b4d03f14864ba312387df1.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\533c11891e107d8a6df2c3bfe57f6f56.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\68ea89877a69cf9b55c731c2474cf50d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\7b90b5a2f3b8c872036f4c53af3a5454.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\85726eab50914b576f9ad30ba558c987.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\8f89ba115039934e5b21f205cf072903.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a3f7a00c5cba6b2dc12ea11469b1d041.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a747f8df72afcbbb5d8f82deb606d74e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\e9f55fc94eb9a2dec0202702e4facc50.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\f80fa9c1940e3b635f74ba2391d7bca3.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\fa4922eb84dcd9d180f93bdf8321122e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\installer.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults\preferences\prefs.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\manifest.xml, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins.json, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\22.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\1.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\102.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\103.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\104.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\123.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\13.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\14.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\155.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\16.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\17.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\177.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\180.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\182.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\183.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\184.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\192.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\193.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\195.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\207.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\21.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\211.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\220.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\223.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\226.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\230.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\233.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\239.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\242.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\244.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\246.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\28.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\4.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\47.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\64.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\7.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\72.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\78.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\91.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\93.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\98.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\background.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\extension.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale\en-US\translations.dtd, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button1.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button2.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button3.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button4.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button5.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\crossrider_statusbar.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon128.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon16.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon24.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon48.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\panelarrow-up.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\popup.html, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\skin.css, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\update.css, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],

Physical Sectors: 0
(No malicious items detected)


(end)

Faça uma nova limpeza com o AdwCleaner e poste o novo relatório que ele criar aqui em seu tópico, por gentileza.

# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 19:35:48
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language  (64 bits)
# Usuário : Regis e Thais - PRECIOSO
# Executando de : C:\Users\Regis e Thais\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Roaming\eCyber
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455825592}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466826692}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444824492}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455825592}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466826692}
Chave Deletedo : HKCU\Software\AppDataLow\Software

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2799 octets] - [26/05/2014 00:20:43]
AdwCleaner[R1].txt - [1743 octets] - [26/05/2014 10:03:58]
AdwCleaner[R2].txt - [1087 octets] - [26/05/2014 10:07:30]
AdwCleaner[R3].txt - [2585 octets] - [26/05/2014 19:35:04]
AdwCleaner[S0].txt - [2760 octets] - [26/05/2014 00:22:05]
AdwCleaner[S1].txt - [1722 octets] - [26/05/2014 10:04:44]
AdwCleaner[S2].txt - [1144 octets] - [26/05/2014 10:09:33]
AdwCleaner[S3].txt - [2469 octets] - [26/05/2014 19:35:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2529 octets] ##########