cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.3.21.134 by Nicolas Coolman (21/03/2015)
~ Run by Douglas (Administrator) (21/03/2015 20:55:03)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Douglas\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Douglas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 32-bit (Build 9600)


---\\ Servi�os (0)
~ Nenhum �tem malicioso foi encontrado.


---\\ Navegadores de Internet (1)
SUBSTITUIDO IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1423364603&from=smt&uid=WDCXWD320[...]] (PUP.StartSearch)


---\\ Arquivo hosts (3)
SUBSTITUIDO:
N�mero de redirecionamentos encontrados 1/20
~ O arquivo hosts � leg�timo (19)


---\\ Tarefas autom�ticas agendadas. (0)
~ Nenhum �tem malicioso foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (73)
MOVIDO pasta: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico] (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI] (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\Service_KMS.exe [ - Service_KMS] (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\unins000.dat (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\WinDivert.dll (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)injection driver] (PUA.KMSpico)
MOVIDO pasta: C:\Program Files\XTab\conf (Adware.AgentODR)
MOVIDO pasta: C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
MOVIDO pasta: C:\Program Files\XTab\install.data (Adware.AgentODR)
MOVIDO pasta: C:\Program Files\XTab\msvcp110.dll [Microsoft Corporation - Microsoft� C Runtime Library] (Adware.AgentODR)
MOVIDO pasta: C:\Program Files\XTab\msvcr110.dll [Microsoft Corporation - Microsoft� C Runtime Library] (Adware.AgentODR)
MOVIDO pasta: C:\Program Files\XTab\searchProvider.xml (Adware.AgentODR)
MOVIDO pasta: C:\Program Files\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
MOVIDO arquivo: C:\Program Files\KMSpico\cert (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\driver (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\icons (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\KMSpico (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\logs (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\scripts (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\sounds (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\x64 (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\KMSpico\x86 (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\XTab\skin (Adware.AgentODR)
MOVIDO arquivo: C:\Program Files\XTab\web (Adware.AgentODR)
MOVIDO arquivo: C:\Program Files\XTab\XTab (Adware.AgentODR)
MOVIDO arquivo: C:\Program Files\KMSpico (PUA.KMSpico)
MOVIDO arquivo: C:\Program Files\XTab (Adware.AgentODR)
MOVIDO pasta: C:\ProgramData\Microsoft Toolkit\Settings.xml (Trojan.AutoKMS)
MOVIDO arquivo: C:\ProgramData\Baidu\Antivirus (Adware.BDPlugin)
MOVIDO arquivo: C:\ProgramData\Baidu\Baidu (Adware.BDPlugin)
MOVIDO arquivo: C:\ProgramData\Baidu\commondll (Adware.BDPlugin)
MOVIDO arquivo: C:\ProgramData\IHProtectUpDate\IHProtectUpDate (Adware.AgentODR)
MOVIDO arquivo: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
MOVIDO arquivo: C:\ProgramData\Microsoft Toolkit\Microsoft Toolkit (Trojan.AutoKMS)
MOVIDO arquivo: C:\ProgramData\WindowsMangerProtect\WindowsMangerProtect (PUP.Fuyu)
MOVIDO arquivo: C:\ProgramData\Baidu (Adware.BDPlugin)
MOVIDO arquivo: C:\ProgramData\Baidu Security (Adware.BDPlugin)
MOVIDO arquivo: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
MOVIDO arquivo: C:\ProgramData\Microsoft Toolkit (Trojan.AutoKMS)
MOVIDO arquivo: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
MOVIDO pasta: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk (PUA.KMSpico)
MOVIDO pasta: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk (PUA.KMSpico)
MOVIDO pasta: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk (PUA.KMSpico)
MOVIDO pasta: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk (PUA.KMSpico)
MOVIDO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico (PUA.KMSpico)
MOVIDO pasta: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
MOVIDO arquivo: C:\Windows\AutoKMS\AutoKMS (Trojan.AutoKMS)
MOVIDO arquivo: C:\Windows\AutoKMS (Trojan.AutoKMS)
MOVIDO arquivo: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared\Themes (PUP.InboxEmail)
MOVIDO arquivo: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
MOVIDO arquivo: C:\Windows\System32\WindowsInternal.Inbox.Media.Shared (PUP.InboxEmail)
MOVIDO arquivo: C:\Windows\System32\WindowsInternal.Inbox.Shared (PUP.InboxEmail)
MOVIDO pasta: C:\Users\Douglas\AppData\Roaming\mystartsearch\UninstallManager.exe [Skytech Co., Ltd. - Skytech] (PUP.StartSearch)
MOVIDO arquivo: C:\Users\Douglas\AppData\Roaming\mystartsearch\log (PUP.StartSearch)
MOVIDO arquivo: C:\Users\Douglas\AppData\Roaming\mystartsearch\mystartsearch (PUP.StartSearch)
MOVIDO arquivo: C:\Users\Douglas\AppData\Roaming\mystartsearch (PUP.StartSearch)
MOVIDO arquivo: C:\Users\Douglas\AppData\Local\Temp\SourceApp (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\KMSPICO - VINICIUS TUTORIAIS.-F7D92956.pf (PUA.KMSpico)
MOVIDO pasta: C:\Windows\Prefetch\N5BLOCKANDSURFB70.EXE-E6F118A5.pf (PUP.BlockAndSurf)
MOVIDO pasta: C:\Windows\Prefetch\SOURCEAPP.BROWSERADAPTER.EXE-F871F54D.pf (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\SOURCEAPP.EXPEXT.EXE-82AA02DA.pf (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\SOURCEAPP.MG.EXE-83D0D5A9.pf (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\SOURCEAPP.PURBROWSE.EXE-0AAD47B1.pf (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\SOURCEAPPUNINSTALL.EXE-4B4A0E4F.pf (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\SOURCEAPP_SETUP.EXE-B2F82EF7.pf (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\UPDATESOURCEAPP.EXE-E9E56E24.pf (PUP.SourceApp)
MOVIDO pasta: C:\Windows\Prefetch\UTILSOURCEAPP.EXE-000A78AC.pf (PUP.SourceApp)
MOVIDO pasta: C:\Users\Douglas\Downloads\Microsoft Toolkit 2.5.2\Microsoft Toolkit 2.5.2.exe [CODYQX4 - Microsoft Toolkit] (Kacktool.AutoKMS)
MOVIDO pasta: C:\Windows\SECOH-QAD.exe (PUA.KMSpico)
MOVIDO pasta: C:\END (Toolbar.Conduit)


---\\ Registro ( Chaves, Valores, Dados ) (8)
SUPRIMIDO chave: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds[...]] [mystartsearch] (PUP.StartSearch)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\iaStorAV [System32\drivers\iaStorAV.sys] (PUP.InboxEmail)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files\XTab\ProtectService.exe (Not File)] (Adware.AgentODR)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-151461706-2587107940-1700456705-1001\Software\Conduit [] (Toolbar.Conduit)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-151461706-2587107940-1700456705-1001\Software\Classes\.rar [PepperZip] (PUP.PepperZip)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-151461706-2587107940-1700456705-1001\Software\Classes\.zip [PepperZip] (PUP.PepperZip)
SUPRIMIDO chave*: HKCU\Software\AppDataLow\Software\BlockAndSurf [] (PUP.BlockAndSurf)
SUBSTITUIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A5A7A1CE-2880-4793-A2D9-3BFEAC28A77C}\\NameServer [177.53.223.250 187.87.224.3 (Not File)][] (Hijacker.Browser)



---\\ Resultado de repara��o
~ Repara��o efectuada com sucesso
~ Este navegador est� faltando ! (Opera Software)


---\\ Estat�sticas
~ Items scan : 64011
~ Items encontrado : 0
~ Items r�paro : 84


End of clean at 21:15:00
===================
ZHPCleaner-[R]-09022015-22_07_58.txt
ZHPCleaner-[R]-21032015-20_33_43.txt
ZHPCleaner-[R]-21032015-21_15_00.txt
ZHPCleaner-[S]-09022015-00_47_39.txt

Publicité


Signaler le contenu de ce document

Publicité