Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14838 usuários registradosO último membro registrado é Lanterna Verde com Disco
Os nossos membros postaram um total de 36058 mensagens em 3689 assuntos
Quem está conectado?
Há 126 usuários online :: 0 registrados, 0 invisíveis e 126 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Crossrider Malware como remover?
3 participantes
Página 1 de 2
Página 1 de 2 • 1, 2
Crossrider Malware como remover?
Meu Avira identificou o vírus Crossrider Malware porem não consigo remove-lo. Poderia me orientar?
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Olá Regis.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Crossrider Malware como remover?
Olá Power Max olha eu mais uma vez aqui ...
Obrigado pelo suporte.
# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 00:22:05
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : Regis e Thais - PRECIOSO
# Executando de : C:\Users\Regis e Thais\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\Extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\WINDOWS\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
Arquivo Deletada : C:\WINDOWS\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422822292}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444824492}
Chave Deletedo : HKCU\Software\AppDataLow\Software
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js ]
Linha deletada : user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.crossrider.bic", "1463655f6aef47eace97cb6bc4a3d55b");
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2799 octets] - [26/05/2014 00:20:43]
AdwCleaner[S0].txt - [2620 octets] - [26/05/2014 00:22:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2680 octets] ##########
Obrigado pelo suporte.
# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 00:22:05
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : Regis e Thais - PRECIOSO
# Executando de : C:\Users\Regis e Thais\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\Extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\WINDOWS\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
Arquivo Deletada : C:\WINDOWS\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422822292}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444824492}
Chave Deletedo : HKCU\Software\AppDataLow\Software
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js ]
Linha deletada : user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Linha deletada : user_pref("extensions.crossrider.bic", "1463655f6aef47eace97cb6bc4a3d55b");
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2799 octets] - [26/05/2014 00:20:43]
AdwCleaner[S0].txt - [2620 octets] - [26/05/2014 00:22:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2680 octets] ##########
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Desative temporariamente seu antivírus para evitar conflitos.
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
________________________________________________________________________________
* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executá-lo corretamente siga as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.
________________________________________________________________________________
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Crossrider Malware como remover?
Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Regis e Thais on 26/05/2014 at 0:34:07,38.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Regis e Thais\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26/05/2014 00:35:05 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
user.js not found
---- Lines a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292 removed from prefs.js ----
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.active", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.addressbar", "NA");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.addressbarenhanced", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb.was_copied", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb_dbWasSet", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb.was_copied", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.backgroundver", 1);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.certdomaininstaller", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.changeprevious", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_aoi.value", "%221401071096%22");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_parent_zoneid.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_parent_zoneid.value", "%22532302%22"
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallationTime.value", "%221401070083%2
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.description", ".");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.domain", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.enablesearch", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.homepage", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.iframe", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.InstallationThankYouPage", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.InstallationTime", 1401070083);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb._installer_additional_info.expiration
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb._installer_additional_info.value", "%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_appVer.value", "57");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_nextCheck.expiration", "Mon
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.lastDailyReport", "1401070953962");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.lastUpdate", "1401070943186");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.manifesturl", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.name", "Sense");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.newtab", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.opensearch", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.pluginsurl", "http://js.clientstatsservice.com/p
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.pluginsversion", 52);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.publisher", "Object Browser");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.searchstatus", 0);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.setnewtab", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.thankyou", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.updateinterval", 360);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.ver", 57);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.apps", "48292");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.bic", "1463655f6aef47eace97cb6bc4a3d55b");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.cid", 48292);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.firstrun", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.hadappinstalled", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.installationdate", 1401070942);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.modetype", "production");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.reportInstall", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----
prefs_052014_0045_.backup
prefs_052014_1609_.backup
prefs_052014_2214_.backup
==== Firefox Extensions ======================
ProfilePath: C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
- Battlefield Heroes Updater - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\battlefieldheroespatcher@ea.com
- Undetermined - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
AA2B0803778428522D1CF29EF5AC2DDB - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll - EA Battlefield Heroes Updater
A58DE0A570148AF5FF3512B2A340D09F - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
4523D2D6A7AEC9BE0B5746475AD611AF - C:\Users\Regis e Thais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
==== Chrome Look ======================
Google Docs - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Sense - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba
Desprotetor de Links - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei
Google Wallet - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0.localstorage deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0.localstorage-journal deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0 deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfohdbmjdkfijghgklbickfnaepghgba deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira na Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Iniciar Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Regis e Thais\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Regis e Thais\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Regis e Thais\AppData\Local\Mozilla\Firefox\Profiles\lphp0fd5.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=98 folders=13 1553405 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Regis e Thais\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\REGISE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 26/05/2014 at 0:56:50,84 ======================
Tool run by Regis e Thais on 26/05/2014 at 0:34:07,38.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Regis e Thais\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26/05/2014 00:35:05 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
user.js not found
---- Lines a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292 removed from prefs.js ----
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.active", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.addressbar", "NA");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.addressbarenhanced", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb.was_copied", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb_dbWasSet", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb.was_copied", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb_dbWasSet", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.asyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.backgroundver", 1);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.certdomaininstaller", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.changeprevious", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_aoi.value", "%221401071096%22");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_parent_zoneid.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie._GPL_parent_zoneid.value", "%22532302%22"
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallationTime.expiration", "Fri Feb 01
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallationTime.value", "%221401070083%2
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallerParams.expiration", "Fri Feb 01
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.cookie.InstallerParams.value", "%7B%22source_id%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.description", ".");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.domain", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.enablesearch", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.homepage", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.iframe", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.InstallationThankYouPage", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.InstallationTime", 1401070083);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.__defualt_browser__.expiration", "Fri
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.__defualt_browser__.value", "%22ch%22
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb._installer_additional_info.expiration
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb._installer_additional_info.value", "%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.installer.expiration", "Fri Feb 01 20
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.installer.value", "%7B%22InstallerIde
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerIdentifiers.expiration", "Fr
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerIdentifiers.value", "%7B%22i
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParams.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParams.value", "%7B%22source
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParamsCache.expiration", "Fr
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerParamsCache.value", "%7B%22s
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerUserIdentifiersCache.expirat
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.InstallerUserIdentifiersCache.value",
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledUrls.expir
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledWithHash.e
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_bundledWithHash.v
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_notBundledArr_.ex
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.monetization_plugin_notBundledArr_.va
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_appVer.expiration", "Fri Fe
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_appVer.value", "57");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_lastVersion.expiration", "F
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_meta.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_nextCheck.expiration", "Mon
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_queue.expiration", "Fri Feb
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_remote_resources.expiration
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.internaldb.Resources_remote_resources.value", "%
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.lastDailyReport", "1401070953962");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.lastUpdate", "1401070943186");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.manifesturl", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.name", "Sense");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.newtab", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.opensearch", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.pluginsurl", "http://js.clientstatsservice.com/p
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.pluginsversion", 52);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.publisher", "Object Browser");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.searchstatus", 0);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.setnewtab", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.thankyou", "");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.updateinterval", 360);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.48292.ver", 57);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.apps", "48292");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.bic", "1463655f6aef47eace97cb6bc4a3d55b");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.cid", 48292);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.firstrun", false);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.hadappinstalled", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.installationdate", 1401070942);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.modetype", "production");
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.reportInstall", true);
user_pref("extensions.a143f44cfd99c4e458cd9ef929de77aa8bdbf60380097480c8d8efc48e28131a8com48292.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----
prefs_052014_0045_.backup
prefs_052014_1609_.backup
prefs_052014_2214_.backup
==== Firefox Extensions ======================
ProfilePath: C:\Users\REGISE~1\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
- Battlefield Heroes Updater - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\battlefieldheroespatcher@ea.com
- Undetermined - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default
AA2B0803778428522D1CF29EF5AC2DDB - C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll - EA Battlefield Heroes Updater
A58DE0A570148AF5FF3512B2A340D09F - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
4523D2D6A7AEC9BE0B5746475AD611AF - C:\Users\Regis e Thais\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
==== Chrome Look ======================
Google Docs - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Sense - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba
Desprotetor de Links - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei
Google Wallet - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0.localstorage deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0.localstorage-journal deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dfohdbmjdkfijghgklbickfnaepghgba_0 deleted successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dfohdbmjdkfijghgklbickfnaepghgba deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Avira Control Center.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2014.lnk - C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira na Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Iniciar Avira Free Antivirus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Regis e Thais\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Regis e Thais\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Regis e Thais\AppData\Local\Mozilla\Firefox\Profiles\lphp0fd5.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=98 folders=13 1553405 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Regis e Thais\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\REGISE~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 26/05/2014 at 0:56:50,84 ======================
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o programa acima é só seguir as dicas deste tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Crossrider Malware como remover?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by Regis e Thais on 26/05/2014 at 1:04:37,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Regis e Thais\AppData\Roaming\mozilla\firefox\profiles\lphp0fd5.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 1:11:15,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by Regis e Thais on 26/05/2014 at 1:04:37,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Regis e Thais\AppData\Roaming\mozilla\firefox\profiles\lphp0fd5.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 1:11:15,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Crossrider Malware como remover?
~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Regis e Thais (26/05/2014 01:23:01)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1931 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 161 GB (86%) free of 186 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRECIOSO
~ User Name: Regis e Thais
~ All Users Names: Regis e Thais, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Regis e Thais\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Regis e Thais\AppData\Roaming\
~ %Desktop% : C:\Users\Regis e Thais\Desktop\
~ %Favorites% : C:\Users\Regis e Thais\Favorites\
~ %LocalAppData% : C:\Users\Regis e Thais\AppData\Local\
~ %StartMenu% : C:\Users\Regis e Thais\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 161 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.06/05/2014 - 23:28:34.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3792
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/104
~ Mon Bureau (My Desktop) : 0/14
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.3400]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.4008]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.2864]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.3852]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.2836]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.2684]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [176240] [PID.3764]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.816]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.2948]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4308]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.4832]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Regis e Thais - lphp0fd5.default\battlefieldheroespatcher@ea.com] [] Battlefield Heroes Updater v5.0.203.0 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.D07FA05385562DE06B794C497194AAC8] [APT] [Installer_sense] (...) -- C:\Users\Regis e Thais\AppData\Local\Installer\Install_7083\ytaia.exe [962960]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1096]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1100]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/05/2014 - 01:07:44 - [] ----D C:\Users\Regis e Thais\AppData\Local\Installer
~ Program Folder: 116 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
O44 - LFC:[MD5.4B0E056436CC128CA28B56A921B59174] - 25/05/2014 - 22:54:40 ---A- . (...) -- C:\PureRa.txt [4568]
O44 - LFC:[MD5.437325EC41E714BF5587080AB0A042C3] - 25/05/2014 - 22:56:49 ---A- . (...) -- C:\DelFix.txt [1377]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 00:33:57 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.5725D0F391929F29AF72FAA22007F85E] - 26/05/2014 - 00:56:50 ---A- . (...) -- C:\zoek-results.log [24095]
~ Files: 43 Legitimates Filtered in 00mn 07s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 47 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.ED4039AC31D7B2E85AC1373C49C01CD7] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\AppData\Roaming\sp_data.sys [74]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\AdwCleaner.exe [1327971]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 13/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 13/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/06/2013 1281640 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 25/05/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/05/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Demand 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Demand 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1
C:\Users\Regis e Thais\AppData\Local\Installer =>Adware.InstallPedia
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
~ Additionnel Scan: 172052 Items scanned in 00mn 33s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallPedia
~ MSI: 1 link(s) detected in 00mn 00s
~ 563 Legitimates filtered by white list
End of the scan (358 lines in 01mn 34s)(0)
~ Iniciado por Regis e Thais (26/05/2014 01:23:01)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 29.0.1
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1931 MB (39% free)
System Restore: Activé (Enable)
System drive C: has 161 GB (86%) free of 186 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRECIOSO
~ User Name: Regis e Thais
~ All Users Names: Regis e Thais, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Regis e Thais\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Regis e Thais\AppData\Roaming\
~ %Desktop% : C:\Users\Regis e Thais\Desktop\
~ %Favorites% : C:\Users\Regis e Thais\Favorites\
~ %LocalAppData% : C:\Users\Regis e Thais\AppData\Local\
~ %StartMenu% : C:\Users\Regis e Thais\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 161 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.06/05/2014 - 23:28:34.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3792
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/104
~ Mon Bureau (My Desktop) : 0/14
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.3400]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.4008]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.2864]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.3852]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.2836]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.2684]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [176240] [PID.3764]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.816]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.2948]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.4308]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.4832]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 17 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Regis e Thais - lphp0fd5.default\battlefieldheroespatcher@ea.com] [] Battlefield Heroes Updater v5.0.203.0 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.D07FA05385562DE06B794C497194AAC8] [APT] [Installer_sense] (...) -- C:\Users\Regis e Thais\AppData\Local\Installer\Install_7083\ytaia.exe [962960]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1096]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1100]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 05s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 24/05/2014 - 01:07:44 - [] ----D C:\Users\Regis e Thais\AppData\Local\Installer
~ Program Folder: 116 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
O44 - LFC:[MD5.4B0E056436CC128CA28B56A921B59174] - 25/05/2014 - 22:54:40 ---A- . (...) -- C:\PureRa.txt [4568]
O44 - LFC:[MD5.437325EC41E714BF5587080AB0A042C3] - 25/05/2014 - 22:56:49 ---A- . (...) -- C:\DelFix.txt [1377]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 00:33:57 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.5725D0F391929F29AF72FAA22007F85E] - 26/05/2014 - 00:56:50 ---A- . (...) -- C:\zoek-results.log [24095]
~ Files: 43 Legitimates Filtered in 00mn 07s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 47 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.ED4039AC31D7B2E85AC1373C49C01CD7] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\AppData\Roaming\sp_data.sys [74]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\AdwCleaner.exe [1327971]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 13/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 13/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 06/05/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/06/2013 1281640 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 25/05/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/05/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Demand 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Demand 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 12s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1
C:\Users\Regis e Thais\AppData\Local\Installer =>Adware.InstallPedia
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
~ Additionnel Scan: 172052 Items scanned in 00mn 33s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallPedia
~ MSI: 1 link(s) detected in 00mn 00s
~ 563 Legitimates filtered by white list
End of the scan (358 lines in 01mn 34s)(0)
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Crossrider Malware como remover?
Próximo passo? Estou no aguardo!
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Leia o prazo de espera pela resposta, Regis:Regis Schelenger escreveu:Próximo passo? Estou no aguardo!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Todo o trabalho prestado no fórum é voluntário e feito em nosso horário de folga. Não recebemos pagamento pelo trabalho feito aqui e portanto temos o nosso trabalho diário em nossos outros serviços, obrigações familiares, etc.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Crossrider Malware como remover?
Ok... Obrigado fico no aguardo...
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Crossrider Malware como remover?
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Regis e Thais at 26/05/2014 16:23:39
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 16s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (25) (4.380.164 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: Installer_sense
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 13s
========== Caminho do ficheiro do relatório ==========
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 10:18:37 [1124]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/05/2014 16:23:56 [1486]
Fichier d'export Registre :
Run by Regis e Thais at 26/05/2014 16:23:39
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 16s)
Reparação de atalhos do navegador
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Elementos dos dados do Registo ==========
ELIMINÉ Explorer Association Data Application: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (25) (4.380.164 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: Installer_sense
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
2 : Ficheiros
1 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 13s
========== Caminho do ficheiro do relatório ==========
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 10:18:37 [1124]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/05/2014 16:23:56 [1486]
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Abra novamente o ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Crossrider Malware como remover?
~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Regis e Thais (26/05/2014 16:34:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1931 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 161 GB (86%) free of 186 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRECIOSO
~ User Name: Regis e Thais
~ All Users Names: Regis e Thais, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Regis e Thais\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Regis e Thais\AppData\Roaming\
~ %Desktop% : C:\Users\Regis e Thais\Desktop\
~ %Favorites% : C:\Users\Regis e Thais\Favorites\
~ %LocalAppData% : C:\Users\Regis e Thais\AppData\Local\
~ %StartMenu% : C:\Users\Regis e Thais\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 161 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.06/05/2014 - 23:28:34.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3792
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/104
~ Mon Bureau (My Desktop) : 0/15
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.3696]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.236]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.3808]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.1824]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.4116]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.4596]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [176240] [PID.5064]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4288]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.4828]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.796]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [dfohdbmjdkfijghgklbickfnaepghgba] CSS reload! v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Regis e Thais - lphp0fd5.default\battlefieldheroespatcher@ea.com] [] Battlefield Heroes Updater v5.0.203.0 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
~ Services: 7 Legitimates Filtered in 00mn 04s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1] (...) -- C:\Program Files (x86)\Sense\Sense-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1.job [1680] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 [1680] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.job [1668] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 [1668] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job [4160] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 [4160] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job [2460] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 [2460] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.job [1778] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 [1778] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [986]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [986]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [990]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [990]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1096]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1100]
~ Scheduled Task: 36 Legitimates Filtered in 00mn 04s
---\\ Software instalados (042)
O42 - Logiciel: Sense - (.Object Browser.) [HKLM][64Bits] -- Sense =>PUP.ObjectBrowser
~ Logic: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\iSafe] =>Trojan.Staser
~ Key Software: 157 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 11:34:49 - [] ----D C:\Program Files (x86)\Sense
O43 - CFD: 26/05/2014 - 11:14:29 - [] ----D C:\Users\Regis e Thais\AppData\Roaming\iSafe =>Trojan.Staser
~ Program Folder: 118 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CF04660B4CDFEEDB7307E4D9D26750AF] - 20/05/2014 - 06:05:59 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
O44 - LFC:[MD5.437325EC41E714BF5587080AB0A042C3] - 25/05/2014 - 22:56:49 ---A- . (...) -- C:\DelFix.txt [1377]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 00:33:57 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.5725D0F391929F29AF72FAA22007F85E] - 26/05/2014 - 00:56:50 ---A- . (...) -- C:\zoek-results.log [24095]
O44 - LFC:[MD5.BBEF799C6F6A11369D04FF23EFF43825] - 26/05/2014 - 11:57:19 ---A- . (...) -- C:\PureRa.txt [7944]
~ Files: 44 Legitimates Filtered in 01mn 22s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:20/05/2014 - 06:05:59 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 48 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files (x86)\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.ED4039AC31D7B2E85AC1373C49C01CD7] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\AppData\Roaming\sp_data.sys [74]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\AdwCleaner.exe [1327971]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220422822292}] (CrossriderApp0048292.Sandbox) =>PUP.CrossRider
~ BCK: 5127 Legitimates Filtered in 00mn 10s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SS - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SS - | Demand 13/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 26/05/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 26/05/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 26/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/06/2013 1281640 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 25/05/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/05/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Demand 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Demand 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 14s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 12
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sense] =>PUP.ObjectBrowser^
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411821192}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422822292}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411821192}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422822292}] =>PUP.CrossRider
C:\Users\Regis e Thais\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\iSafe] =>Trojan.Staser^
[HKCR\CLSID\{22222222-2222-2222-2222-220422822292}] (CrossriderApp0048292.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 171798 Items scanned in 00mn 31s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VidSaver
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
~ MSI: 3 link(s) detected in 00mn 00s
~ 571 Legitimates filtered by white list
End of the scan (429 lines in 02mn 58s)(0)
~ Iniciado por Regis e Thais (26/05/2014 16:34:51)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8.1 Single Language, 64-bit (Build 9600)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.3.350
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.13
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1931 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 161 GB (86%) free of 186 GB
---\\ Modo de conexão ao sistema
~ Computer Name: PRECIOSO
~ User Name: Regis e Thais
~ All Users Names: Regis e Thais, HomeGroupUser$, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Regis e Thais\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Regis e Thais\AppData\Roaming\
~ %Desktop% : C:\Users\Regis e Thais\Desktop\
~ %Favorites% : C:\Users\Regis e Thais\Favorites\
~ %LocalAppData% : C:\Users\Regis e Thais\AppData\Local\
~ %StartMenu% : C:\Users\Regis e Thais\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 161 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.81394C91B7B5A7C799E249AE82491F13] - (.Microsoft Corporation - Windows Explorer.) (.06/05/2014 - 23:28:34.) -- C:\Windows\Explorer.exe [2373784]
[MD5.48CFA7BE561A7BE144C29BB912055016] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.22/08/2013 - 06:58:29.) -- C:\Windows\System32\Wininit.exe [144384]
[MD5.65C36A29A131A3A5D64B29FAC4EF6DD6] - (.Microsoft Corporation - Internet Extensions para Win32.) (.18/03/2014 - 07:18:18.) -- C:\Windows\System32\wininet.dll [2262016]
[MD5.306EB21E5B480AE9065EA55AC8C35936] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\Winlogon.exe [562176]
[MD5.AFCAB4DC692CCE37E283B00E2D7B438F] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.18/03/2014 - 07:18:16.) -- C:\Windows\System32\sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\AFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.22/08/2013 - 09:43:41.) -- C:\Windows\system32\Drivers\atapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] - (.Microsoft Corporation - CD-ROM File System Driver.) (.22/08/2013 - 08:40:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.22/08/2013 - 05:46:35.) -- C:\Windows\system32\Drivers\Cdrom.sys [164352]
[MD5.A03F362C5557E238CBFA914689C77248] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\DfsC.sys [134144]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.22/08/2013 - 08:38:38.) -- C:\Windows\system32\Drivers\HDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] - (.Microsoft Corporation - Driver de porta i8042.) (.22/08/2013 - 08:39:15.) -- C:\Windows\system32\Drivers\i8042prt.sys [107520]
[MD5.B7342B3C58E91107F6E946A93D9D4EFD] - (.Microsoft Corporation - IP Network Address Translator.) (.18/03/2014 - 07:18:19.) -- C:\Windows\system32\Drivers\IpNat.sys [142848]
[MD5.C997E6A37BA8915224B3FB5024A34F69] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\MRxSmb.sys [402944]
[MD5.0217532E19A748F0E5D569307363D5FD] - (.Microsoft Corporation - MBT Transport driver.) (.22/08/2013 - 08:37:02.) -- C:\Windows\system32\Drivers\netBT.sys [282624]
[MD5.1C80517BE6836A812F6A9B99B8321351] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.06/05/2014 - 23:28:33.) -- C:\Windows\system32\Drivers\ntfs.sys [2013016]
[MD5.764B1121867B2D9B31C491668AC72B2B] - (.Microsoft Corporation - Driver de porta paralela.) (.22/08/2013 - 08:40:02.) -- C:\Windows\system32\Drivers\Parport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.22/08/2013 - 08:35:51.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] - (.Microsoft Corporation - Redirecionador do Dispositivo RDP da Microsoft.) (.18/03/2014 - 06:44:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] - (.Microsoft Corporation - TDI Translation Driver.) (.22/08/2013 - 10:25:35.) -- C:\Windows\system32\Drivers\tdx.sys [107520]
[MD5.3595FBDF25F8BA6256072D103937D7D6] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.18/03/2014 - 07:17:55.) -- C:\Windows\system32\Drivers\volsnap.sys [311640]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/3792
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 1/104
~ Mon Bureau (My Desktop) : 0/15
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.241B07FF7F5943B9C1BF3235F49AC1E1] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744] [PID.3696]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] - (.ASUSTek Computer Inc. - ATK Media.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184] [PID.236]
[MD5.2D32F0EF950AED6AD007D042676FD39E] - (.ASUSTek Computer Inc. - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064] [PID.3808]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432] [PID.1824]
[MD5.DB0C938BC311B31CF90C13821AE682B3] - (.ASUSTeK Computer Inc. - ASUS Live Update.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1559936] [PID.4116]
[MD5.C570FD825751F7805CE226F68C4605DE] - (.ASUS - ACMON.) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [54488] [PID.4596]
[MD5.B07086D59443DAC6A668D691B27B968C] - (.ASUSTeK Computer Inc. - ASUS Color Engine.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [176240] [PID.5064]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [1124032] [PID.4288]
[MD5.498622161649098034DA1893F00E9762] - (.ASUSTeK Computer Inc. - ASUS Quick Gesture Exe.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20792] [PID.4828]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.796]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [dfohdbmjdkfijghgklbickfnaepghgba] CSS reload! v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 03s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Regis e Thais - lphp0fd5.default\battlefieldheroespatcher@ea.com] [] Battlefield Heroes Updater v5.0.203.0 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 17 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: NameServer = 200.175.5.139,200.175.89.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDE4709E-7954-4190-BC8A-7CEA301DB700}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E569D39-2A7B-4062-BFFE-0B20A8D0C412}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
~ Services: 7 Legitimates Filtered in 00mn 04s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1] (...) -- C:\Program Files (x86)\Sense\Sense-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5] (...) -- C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1.job [1680] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 [1680] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.job [1668] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 [1668] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job [4160] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 [4160] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job [2460] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 [2460] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 - (...) -- C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.job [1778] =>PUP.CrossRider
O39 - APT: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 - (...) -- C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 [1778] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [986]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [986]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [990]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [990]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1096]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1100]
~ Scheduled Task: 36 Legitimates Filtered in 00mn 04s
---\\ Software instalados (042)
O42 - Logiciel: Sense - (.Object Browser.) [HKLM][64Bits] -- Sense =>PUP.ObjectBrowser
~ Logic: 6 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\iSafe] =>Trojan.Staser
~ Key Software: 157 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2014 - 11:34:49 - [] ----D C:\Program Files (x86)\Sense
O43 - CFD: 26/05/2014 - 11:14:29 - [] ----D C:\Users\Regis e Thais\AppData\Roaming\iSafe =>Trojan.Staser
~ Program Folder: 118 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.CF04660B4CDFEEDB7307E4D9D26750AF] - 20/05/2014 - 06:05:59 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O44 - LFC:[MD5.77DBE0A0FE2A6D9C545CCE4B7BE5E287] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [158494]
O44 - LFC:[MD5.C67DABADA4A743C52CF49E8335F63707] - 20/05/2014 - 12:39:37 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [774900]
O44 - LFC:[MD5.437325EC41E714BF5587080AB0A042C3] - 25/05/2014 - 22:56:49 ---A- . (...) -- C:\DelFix.txt [1377]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 26/05/2014 - 00:33:57 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.5725D0F391929F29AF72FAA22007F85E] - 26/05/2014 - 00:56:50 ---A- . (...) -- C:\zoek-results.log [24095]
O44 - LFC:[MD5.BBEF799C6F6A11369D04FF23EFF43825] - 26/05/2014 - 11:57:19 ---A- . (...) -- C:\PureRa.txt [7944]
~ Files: 44 Legitimates Filtered in 01mn 22s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:12/08/2013 - 20:25:46 ---A- . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\Windows\System32\Drivers\bcmfn2.sys [17624]
O58 - SDL:20/05/2014 - 06:05:59 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 - SDL:02/08/2012 - 00:22:48 ---A- . (.No owner - Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbfiltr.sys [14992]
O58 - SDL:22/08/2013 - 09:43:32 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [31072]
~ Drivers: 48 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (...) -- C:\ProgramData\SetStretch.exe [24576]
[MD5.ED4039AC31D7B2E85AC1373C49C01CD7] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\AppData\Roaming\sp_data.sys [74]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\AdwCleaner.exe [1327971]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][26/05/2014] (...) -- C:\Users\Regis e Thais\Desktop\zoek.exe [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s
---\\ Listagem dos dados da chave NameSpace (MNS) (O92)
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220422822292}] (CrossriderApp0048292.Sandbox) =>PUP.CrossRider
~ BCK: 5127 Legitimates Filtered in 00mn 10s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 25/05/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Demand 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SS - | Demand 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SS - | Demand 13/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 26/05/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 26/05/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 26/05/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/05/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 22/08/2013 37768 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/06/2013 1281640 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 25/05/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 25/05/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Demand 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
SR - | Demand 19/12/2012 72192 | (Asus WebStorage Windows Service) . (...) - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
SR - | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Demand 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Demand 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Demand 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Demand 17/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Demand 17/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 | (WdNisSvc) . (...) - C:\Program Files (x86)\Windows Defender\NisSrv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 14s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 12
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sense] =>PUP.ObjectBrowser^
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411821192}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422822292}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411821192}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220422822292}] =>PUP.CrossRider
C:\Users\Regis e Thais\AppData\Roaming\iSafe =>Trojan.Staser^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 =>PUP.CrossRider^
C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5 =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\iSafe] =>Trojan.Staser^
[HKCR\CLSID\{22222222-2222-2222-2222-220422822292}] (CrossriderApp0048292.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 171798 Items scanned in 00mn 31s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.VidSaver
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
~ MSI: 3 link(s) detected in 00mn 00s
~ 571 Legitimates filtered by white list
End of the scan (429 lines in 02mn 58s)(0)
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Você instalou algum programa ou alguma extensão agora há pouco? Porque surgiram mais adwares no seu relatório que não estavam antes.
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Crossrider Malware como remover?
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Regis e Thais at 26/05/2014 17:06:52
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\sense\uninstall.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
ELIMINÉ:* HKLM\Software\InstalledBrowserExtensions
ELIMINÉ: HKLM\Software\Wow6432Node\iSafe
ELIMINÉ:* HKCR\CLSID\{22222222-2222-2222-2222-220422822292}
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ:* HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411821192}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411821192}
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINÉ Temporários windows (3) (3.218.906 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
12 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 37s
========== Caminho do ficheiro do relatório ==========
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 10:18:37 [1124]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/05/2014 16:23:56 [1574]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R3].txt - 26/05/2014 17:06:57 [2647]
Fichier d'export Registre :
Run by Regis e Thais at 26/05/2014 17:06:52
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 05s)
Reparação de atalhos do navegador
========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\sense\uninstall.exe
========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sense]
ELIMINÉ:* HKLM\Software\InstalledBrowserExtensions
ELIMINÉ: HKLM\Software\Wow6432Node\iSafe
ELIMINÉ:* HKCR\CLSID\{22222222-2222-2222-2222-220422822292}
ELIMINÉ: HKCU\Software\AppDataLow\Software\Crossrider
ELIMINÉ:* HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110411821192}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411821192}
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINÉ Temporários windows (3) (3.218.906 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-1
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-3
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5
ELIMINÉ: fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-5
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
3 : Ficheiros
1 : Softwares
12 : Tarefa planificada
1 : Restauração Sistema
End of clean in 00mn 37s
========== Caminho do ficheiro do relatório ==========
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R1].txt - 26/05/2014 10:18:37 [1124]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R2].txt - 26/05/2014 16:23:56 [1574]
C:\Users\Regis e Thais\AppData\Roaming\ZHP\ZHPFix[R3].txt - 26/05/2014 17:06:57 [2647]
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Faça o download do Malwarebytes em um destes links abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log (relatório) do Malwarebytes.
Ficamos no aguardo.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Crossrider Malware como remover?
Max devo desativar ou desinstalar o Avira para não criar conflito?
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
O Malwarebytes é compatível com o Avira. É só desativar temporariamente a proteção residente do Avira para o escaneamento do Malwarebytes ser mais rápido.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Crossrider Malware como remover?
Beleza estarei realizando o procedimento... obrigado estou aprendendo muito no forum
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
(RESOLVIDO)Crossrider Malware como remover?
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 26/05/2014
Hora da Verificação: 17:53:40
Logfile: LOG.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.05.26.03
Rootkit Database: v2014.05.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 8.1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Regis e Thais
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 371736
Tempo Decorrido: 1 hr, 5 min, 37 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 3
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\Firefox, Quarantined, [f902de772c4fde58750a188b53afb848],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\IE, Quarantined, [d328f85d83f8a096314f554e4eb431cf],
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER, Quarantined, [cd2e3124413af73ffd47f8a336cca25e],
Valores de Registro: 1
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER|BundledIe, 1, Quarantined, [cd2e3124413af73ffd47f8a336cca25e]
Dados do Registro: 0
(No malicious items detected)
Pastas: 15
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults\preferences, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale\en-US, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
Arquivos: 126
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [e219d97cd5a6a0965c1647f680805ba5],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [916a4d08dd9e3600d6b4d0761be9fe02],
PUP.Optional.ScramblePacker.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\installer.DIR\Install_7083\sense.exe, Quarantined, [fdfe67ee1863e551ad40d3ab41c0c53b],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-bho64.dll, Quarantined, [15e6d67ff685ad89f5b6f2593dc4b64a],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-buttonutil.exe, Quarantined, [ce2ddd78ff7c20168a21e8637c859f61],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-buttonutil64.exe, Quarantined, [7982c392374406304c5ff556da27b54b],
PUP.Optional.crossRider.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\utils.exe, Quarantined, [ac4fe57087f4d165f3f23609bd433cc4],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\background.js, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\bookmarklet.js, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-128.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-16.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-48.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\manifest.json, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome.manifest, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\install.rdf, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\1e374307a121adf037bb94b12f1b4d57.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\5f95a50d7bfe9c324503953b34d7880e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\60f2c4492b42f8347a0d96468e68763d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\710d5a34dac7b4926011cb24b2434e41.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\background.html, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\browser.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\dialog.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\f48edf15923d0c48b61fc08f1ca1125e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\search_dialog.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\2a6c6adfd768673b1e7b95dc3175a700.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\4dda4cdf75f134742b486a1f0c39b85e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\652601676b8978be81557c27f62ec901.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\6f8721012f19ffff444c22b0c52f4f17.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\791586103af76a1ccd13ae18066f35f0.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\7924efc50cc80ba159d22f2b710ce5ee.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\8a2d5d91ec3b12d561e913519e02fe67.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\a61b945b2a3cdb74a5581ebe513f4cea.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\adfc23d7e4fd1918ea0ade823265ab5a.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\b0ce06c932b3a3a63b1e61f9c450ddc9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ba87b0709ef77639bb502815ce8fbef3.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ca7c127dbb9c6c555f7fc473ad87889a.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\d153434742f3c76dd6c5d82afa835ade.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\d2bac35997c355455c51b8a4cbfa6d47.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\fa16c72814c2a48b0b49070e8e45555d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\fdc03b97758976f43cbc31567c55a005.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\010d6a2251ed8dbe0c3e708ee8e08940.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\08766a81523279de692c66b9603f3b5d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\12f8db7917b9f216726663a52e755ec9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\14b7bb38b9bea719d60cbb1aec2a0506.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\15d191beadc96938bf11ef34548b5165.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\2090e0e56bf28dd9b6e8b40aca781d04.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\2e1f7bc15c34baacca9d5d5093582093.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\30792470bb8ea0f4631d67d1efb032ed.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\44f0ad659fbe66a5a0aeb92f58c43d04.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\506f0bfa63b4d03f14864ba312387df1.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\533c11891e107d8a6df2c3bfe57f6f56.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\68ea89877a69cf9b55c731c2474cf50d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\7b90b5a2f3b8c872036f4c53af3a5454.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\85726eab50914b576f9ad30ba558c987.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\8f89ba115039934e5b21f205cf072903.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a3f7a00c5cba6b2dc12ea11469b1d041.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a747f8df72afcbbb5d8f82deb606d74e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\e9f55fc94eb9a2dec0202702e4facc50.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\f80fa9c1940e3b635f74ba2391d7bca3.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\fa4922eb84dcd9d180f93bdf8321122e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\installer.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults\preferences\prefs.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\manifest.xml, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins.json, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\22.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\1.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\102.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\103.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\104.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\123.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\13.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\14.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\155.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\16.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\17.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\177.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\180.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\182.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\183.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\184.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\192.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\193.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\195.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\207.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\21.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\211.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\220.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\223.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\226.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\230.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\233.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\239.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\242.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\244.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\246.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\28.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\4.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\47.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\64.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\7.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\72.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\78.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\91.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\93.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\98.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\background.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\extension.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale\en-US\translations.dtd, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button1.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button2.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button3.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button4.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button5.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\crossrider_statusbar.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon128.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon16.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon24.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon48.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\panelarrow-up.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\popup.html, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\skin.css, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\update.css, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
Physical Sectors: 0
(No malicious items detected)
(end)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Data de Verificação: 26/05/2014
Hora da Verificação: 17:53:40
Logfile: LOG.txt
Administrador: Sim
Versão: 2.00.2.1012
Malware Database: v2014.05.26.03
Rootkit Database: v2014.05.21.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado
OS: Windows 8.1
CPU: x64
Sistema de Arquivo: NTFS
Usuário: Regis e Thais
Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 371736
Tempo Decorrido: 1 hr, 5 min, 37 seg
Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processos: 0
(No malicious items detected)
Módulos: 0
(No malicious items detected)
Chaves de Registro: 3
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\Firefox, Quarantined, [f902de772c4fde58750a188b53afb848],
PUP.Optional.Sense.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\IE, Quarantined, [d328f85d83f8a096314f554e4eb431cf],
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER, Quarantined, [cd2e3124413af73ffd47f8a336cca25e],
Valores de Registro: 1
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\SENSE\INSTALLER|BundledIe, 1, Quarantined, [cd2e3124413af73ffd47f8a336cca25e]
Dados do Registro: 0
(No malicious items detected)
Pastas: 15
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults\preferences, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale\en-US, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
Arquivos: 126
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Quarantined, [e219d97cd5a6a0965c1647f680805ba5],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, Quarantined, [916a4d08dd9e3600d6b4d0761be9fe02],
PUP.Optional.ScramblePacker.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\installer.DIR\Install_7083\sense.exe, Quarantined, [fdfe67ee1863e551ad40d3ab41c0c53b],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-bho64.dll, Quarantined, [15e6d67ff685ad89f5b6f2593dc4b64a],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-buttonutil.exe, Quarantined, [ce2ddd78ff7c20168a21e8637c859f61],
PUP.Optional.Sense.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\Sense-buttonutil64.exe, Quarantined, [7982c392374406304c5ff556da27b54b],
PUP.Optional.crossRider.A, C:\Users\Regis e Thais\AppData\Roaming\ZHP\Quarantine\Sense.DIR\utils.exe, Quarantined, [ac4fe57087f4d165f3f23609bd433cc4],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\background.js, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\bookmarklet.js, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-128.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-16.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\icon-48.png, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfohdbmjdkfijghgklbickfnaepghgba\0.1_0\manifest.json, Quarantined, [23d8aca9a8d3082ef01ff2877b87ac54],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome.manifest, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\install.rdf, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\1e374307a121adf037bb94b12f1b4d57.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\5f95a50d7bfe9c324503953b34d7880e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\60f2c4492b42f8347a0d96468e68763d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\710d5a34dac7b4926011cb24b2434e41.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\background.html, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\browser.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\dialog.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\f48edf15923d0c48b61fc08f1ca1125e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\options.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\search_dialog.xul, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\2a6c6adfd768673b1e7b95dc3175a700.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\4dda4cdf75f134742b486a1f0c39b85e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\652601676b8978be81557c27f62ec901.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\6f8721012f19ffff444c22b0c52f4f17.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\791586103af76a1ccd13ae18066f35f0.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\7924efc50cc80ba159d22f2b710ce5ee.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\8a2d5d91ec3b12d561e913519e02fe67.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\a61b945b2a3cdb74a5581ebe513f4cea.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\adfc23d7e4fd1918ea0ade823265ab5a.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\b0ce06c932b3a3a63b1e61f9c450ddc9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ba87b0709ef77639bb502815ce8fbef3.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\ca7c127dbb9c6c555f7fc473ad87889a.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\d153434742f3c76dd6c5d82afa835ade.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\d2bac35997c355455c51b8a4cbfa6d47.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\fa16c72814c2a48b0b49070e8e45555d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\api\fdc03b97758976f43cbc31567c55a005.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\010d6a2251ed8dbe0c3e708ee8e08940.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\08766a81523279de692c66b9603f3b5d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\12f8db7917b9f216726663a52e755ec9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\14b7bb38b9bea719d60cbb1aec2a0506.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\15d191beadc96938bf11ef34548b5165.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\2090e0e56bf28dd9b6e8b40aca781d04.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\2e1f7bc15c34baacca9d5d5093582093.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\30792470bb8ea0f4631d67d1efb032ed.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\44f0ad659fbe66a5a0aeb92f58c43d04.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\506f0bfa63b4d03f14864ba312387df1.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\533c11891e107d8a6df2c3bfe57f6f56.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\68ea89877a69cf9b55c731c2474cf50d.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\7b90b5a2f3b8c872036f4c53af3a5454.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\85726eab50914b576f9ad30ba558c987.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\8f89ba115039934e5b21f205cf072903.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a3f7a00c5cba6b2dc12ea11469b1d041.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\a747f8df72afcbbb5d8f82deb606d74e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\e9f55fc94eb9a2dec0202702e4facc50.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\f80fa9c1940e3b635f74ba2391d7bca3.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\fa4922eb84dcd9d180f93bdf8321122e.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\chrome\content\core\installer.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\defaults\preferences\prefs.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\manifest.xml, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins.json, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\22.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\1.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\102.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\103.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\104.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\123.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\13.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\14.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\155.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\16.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\17.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\177.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\180.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\182.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\183.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\184.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\192.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\193.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\195.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\207.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\21.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\211.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\220.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\223.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\226.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\230.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\233.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\239.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\242.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\244.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\246.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\28.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\4.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\47.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\64.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\7.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\72.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\78.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\9.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\91.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\93.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\plugins\98.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\background.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\extensionData\userCode\extension.js, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\locale\en-US\translations.dtd, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button1.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button2.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button3.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button4.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\button5.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\crossrider_statusbar.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon128.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon16.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon24.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\icon48.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\panelarrow-up.png, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\popup.html, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\skin.css, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
PUP.Optional.CrossRider.A, C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\extensions\143f44cf-d99c-4e45-8cd9-ef929de77aa8@bdbf6038-0097-480c-8d8e-fc48e28131a8.com\skin\update.css, Quarantined, [12e9d67f93e81c1a0a83b9c330d22bd5],
Physical Sectors: 0
(No malicious items detected)
(end)
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Re: Crossrider Malware como remover?
Faça uma nova limpeza com o AdwCleaner e poste o novo relatório que ele criar aqui em seu tópico, por gentileza.
_________________
Caixa de Dicas = Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = O melhor da internet você encontra aqui.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] = Mensagens de fé e esperança para o seu coração
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO)Crossrider Malware como remover?
# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 19:35:48
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : Regis e Thais - PRECIOSO
# Executando de : C:\Users\Regis e Thais\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Roaming\eCyber
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455825592}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466826692}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444824492}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455825592}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466826692}
Chave Deletedo : HKCU\Software\AppDataLow\Software
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v
[ Arquivo : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2799 octets] - [26/05/2014 00:20:43]
AdwCleaner[R1].txt - [1743 octets] - [26/05/2014 10:03:58]
AdwCleaner[R2].txt - [1087 octets] - [26/05/2014 10:07:30]
AdwCleaner[R3].txt - [2585 octets] - [26/05/2014 19:35:04]
AdwCleaner[S0].txt - [2760 octets] - [26/05/2014 00:22:05]
AdwCleaner[S1].txt - [1722 octets] - [26/05/2014 10:04:44]
AdwCleaner[S2].txt - [1144 octets] - [26/05/2014 10:09:33]
AdwCleaner[S3].txt - [2469 octets] - [26/05/2014 19:35:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2529 octets] ##########
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : Regis e Thais - PRECIOSO
# Executando de : C:\Users\Regis e Thais\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Regis e Thais\AppData\Roaming\eCyber
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455825592}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466826692}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444824492}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455825592}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466826692}
Chave Deletedo : HKCU\Software\AppDataLow\Software
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17037
-\\ Mozilla Firefox v
[ Arquivo : C:\Users\Regis e Thais\AppData\Roaming\Mozilla\Firefox\Profiles\lphp0fd5.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Regis e Thais\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2799 octets] - [26/05/2014 00:20:43]
AdwCleaner[R1].txt - [1743 octets] - [26/05/2014 10:03:58]
AdwCleaner[R2].txt - [1087 octets] - [26/05/2014 10:07:30]
AdwCleaner[R3].txt - [2585 octets] - [26/05/2014 19:35:04]
AdwCleaner[S0].txt - [2760 octets] - [26/05/2014 00:22:05]
AdwCleaner[S1].txt - [1722 octets] - [26/05/2014 10:04:44]
AdwCleaner[S2].txt - [1144 octets] - [26/05/2014 10:09:33]
AdwCleaner[S3].txt - [2469 octets] - [26/05/2014 19:35:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2529 octets] ##########
Regis Schelenger- Iniciante
- Mensagens : 30
Reputação : 0
Data de inscrição : 13/05/2014
Página 1 de 2 • 1, 2
Tópicos semelhantes
» Como remover Malware Fotos Slides Movie.vbe?
» Remover malware no Firefox.
» Malware [crazyloowerpRice] , nao acho nada no google, como retirar
» Remover Malware SWEET-PAGE
» Malware BUGBEAR como remove-lo?
» Remover malware no Firefox.
» Malware [crazyloowerpRice] , nao acho nada no google, como retirar
» Remover Malware SWEET-PAGE
» Malware BUGBEAR como remove-lo?
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos