Script zhpfix
C:\Users\adm\AppData\Local\thcif.exe   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[MD5.FB0C6F8A040626D689236AA913D6E8C9] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\iSafe\iSafeTray.exe   [1018696] [PID.3956]  =>Trojan.Staser
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\iSafe\iSafeSvc.exe   [118048] [PID.316]  =>Trojan.Staser
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\iSafe\iSafeSvc2.exe   [118048] [PID.660]  =>Trojan.Staser
[MD5.A426FEFD9BB72506D435FD0183F48C2D] - (...) -- C:\Program Files (x86)\iSafe\ipcdl.exe   [2228896] [PID.1020]  =>Trojan.Staser
M3 - MFPP: Plugins - [adm] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml  =>Toolbar.eBay
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS - Unity Player 4.5.2f1.) -- C:\Users\adm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O23 - Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\iSafe\iSafeSvc.exe  =>Trojan.Staser
[MD5.00000000000000000000000000000000] [APT] [{248BD1AF-FD85-49FC-819F-ECA320FDD996}] (...) -- C:\Program Files (x86)\Capcom\Dead Rising 2\deadrising2.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{2990CEDA-AA26-41CB-A70E-961B4731B75E}] (...) -- C:\Program Files (x86)\Rebellion\SniperEliteV2\bin\SniperEliteV2.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{357B350A-B1D1-418A-BB51-B9A6D488F377}] (...) -- C:\Program Files (x86)\Capcom\Dead Rising 2\deadrising2.exe (.not file.)   [0]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job   [1058]
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1058]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job   [1062]
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1062]
O41 - Driver:  (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\iSafe\iSafeKrnl.sys
O41 - Driver:  (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys
O41 - Driver:  (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys
O41 - Driver:  (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Program Files (x86)\iSafe\iSafeNetFilter.sys  =>Trojan.Staser
O41 - Driver:  (dtsoftbus01) . (. - .) - C:\Windows\System32\DRIVERS\dtsoftbus01.sys (.not file.)
O42 - Logiciel: Genesis - (...) [HKCU][64Bits] -- thcif  =>PUP.Genesis
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU][64Bits] -- UnityWebPlayer
[HKCU\Software\AppDataLow\Software\Re_markit]  =>PUP.ReMarkIt
[HKCU\Software\AppDataLow\Software\Unity]
[HKCU\Software\Genesis]  =>PUP.Genesis
[HKCU\Software\TuneUp]
[HKCU\Software\Ubisoft]
[HKCU\Software\Unity]
[HKLM\Software\TuneUp]
[HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec]
[HKLM\Software\Wow6432Node\PriceMeterLiveUpdate]  =>PUP.PriceMeter
[HKLM\Software\Wow6432Node\TuneUp]
O43 - CFD: 14/08/2014 - 12:38:48 - [] ----D C:\Program Files (x86)\iSafe  =>Trojan.Staser
O43 - CFD: 14/08/2014 - 12:46:24 - [] ----D C:\Program Files (x86)\TuneUp Utilities 2014
O43 - CFD: 5/08/2014 - 20:51:30 - [] ----D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
O43 - CFD: 9/05/2014 - 23:20:05 - [] ----D C:\ProgramData\TuneUp Software
O43 - CFD: 15/07/2014 - 13:07:32 - [] ----D C:\ProgramData\Ubisoft
O43 - CFD: 9/05/2014 - 23:23:05 - [0] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 14/08/2014 - 13:03:06 - [] ----D C:\Users\adm\AppData\Roaming\iSafe  =>Trojan.Staser
O43 - CFD: 9/05/2014 - 23:16:59 - [] ----D C:\Users\adm\AppData\Roaming\TuneUp Software
O43 - CFD: 31/05/2014 - 01:27:15 - [] ----D C:\Users\adm\AppData\Roaming\Unity
O43 - CFD: 7/06/2014 - 19:59:33 - [0] ----D C:\Users\adm\AppData\Local\Genesis_05312023  =>PUP.Genesis
O43 - CFD: 1/07/2014 - 21:57:40 - [0] ----D C:\Users\adm\AppData\Local\Genesis_06301148  =>PUP.Genesis
O43 - CFD: 9/05/2014 - 23:16:59 - [] ----D C:\Users\adm\AppData\Local\TuneUp Software
O43 - CFD: 27/07/2014 - 14:25:06 - [] ----D C:\Users\adm\AppData\Local\Unity
O45 - LFCP:[MD5.C3446C10C65DF33B955BA2D1ACC7FB6C] - 14/08/2014 - 12:03:08 ---A- - C:\Windows\Prefetch\ISAFETHLP.EXE-E2FDB531.pf  =>Trojan.Staser
O45 - LFCP:[MD5.105A2C02BD56361AE627A2F340B2A6A0] - 14/08/2014 - 07:48:05 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-3F11FE51.pf  =>Trojan.Staser
O64 - Services: CurCS - 25/07/2014 - C:\Program Files (x86)\iSafe\iSafeKrnl.sys (iSafeKrnl)  .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL
O64 - Services: CurCS - 25/07/2014 - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (iSafeKrnlKit)  .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 25/07/2014 - C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys (iSafeKrnlR3)  .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3
O64 - Services: CurCS - 9/07/2014 - C:\Program Files (x86)\iSafe\iSafeNetFilter.sys (iSafeNetFilter)  .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER  =>Trojan.Staser
[HKLM\Software\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec]:s="0"
SR - | Auto 25/07/2014 118048 |  (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\iSafe\iSafeSvc.exe  =>Trojan.Staser
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService]   =>Trojan.Staser^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\thcif]   =>PUP.Genesis^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe]   =>Trojan.Staser^
C:\Program Files (x86)\iSafe   =>Trojan.Staser^
C:\Users\adm\AppData\Roaming\iSafe   =>Trojan.Staser^
C:\Users\adm\AppData\Local\Genesis_05312023   =>PUP.Genesis^
C:\Users\adm\AppData\Local\Genesis_06301148   =>PUP.Genesis^
C:\Program Files (x86)\iSafe\iSafeTray.exe   =>Trojan.Staser^
C:\Program Files (x86)\iSafe\iSafeSvc.exe   =>Trojan.Staser^
C:\Program Files (x86)\iSafe\iSafeSvc2.exe   =>Trojan.Staser^
C:\Program Files (x86)\iSafe\ipcdl.exe   =>Trojan.Staser^
[HKCU\Software\AppDataLow\Software\Re_markit]   =>PUP.ReMarkIt^
[HKCU\Software\Genesis]   =>PUP.Genesis^
[HKLM\Software\Wow6432Node\PriceMeterLiveUpdate]   =>PUP.PriceMeter^
Emptytemp
Emptyflash