cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.5.15.237 by Nicolas Coolman (2015\05\15)
~ Run by Administrador (Administrator) (15/05/2015 18:53:02)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Documents and Settings\Administrador\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
~ Windows XP, 32-bit Service Pack 3 (Build 2600)


---\\ Servi�os (1)
SUPRIMIDO : EsgScanner (PUP.EnigmaSoftware)


---\\ Navegadores de Internet (19)
SUPRIMIDO Firefox: [pplbrqrw.default-1430772718984] URL HomePage : hxxp://www.istartsurf.com/?type=hp&ts=1430945254&from=squadm&uid=SAMSUNGXHD250HJ_S19GJ50Q658807 [...] (PUP.IsStart)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.defaultenginename", "istartsurf"); (PUP.IsStart)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.searchengine.alias", "istartsurf"); (PUP.SearchEngine)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); (PUP.SearchEngine)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.searchengine.iconURL", "http://www.istartsurf.com/favicon.ico"); (PUP.SearchEngine)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.searchengine.name", "istartsurf"); (PUP.SearchEngine)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.searchengine.ptid", "squadm"); (PUP.SearchEngine)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.searchengine.uid", "SAMSUNGXHD250HJ_S19GJ50Q658807"); (PUP.SearchEngine)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.searchengine.url", "http://www.istartsurf.com/web/?type=ds&ts=1430945254&f[...] (PUP.SearchEngine)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("browser.search.selectedEngine", "istartsurf"); (PUP.IsStart)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("extensions.quick_start.enable_search1", false); (PUP.QuickStart)
SUPRIMIDO: [pplbrqrw.default-1430772718984] - user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); (PUP.QuickStart)
MOVIDO pasta: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pplbrqrw.default-1430772718984\searchplugins\istartsurf.xml (PUP.IsStart) [BCE6C08E6154621FDB4CFA132B241E66]
MOVIDO pasta: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pplbrqrw.default-1430772718984\searchplugins\oursurfing.xml (Hijacker.OurSurfing) [0E9C96D4A6D4C534247713A16D81BD55]
SUBSTITUIDO IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant [hxxp://www.istartsurf.com/web/?type=ds&ts=1430945254&from=squadm&uid=SAMSUNGXHD2[...]] (PUP.IsStart)
SUBSTITUIDO IE Params: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch [hxxp://www.istartsurf.com/web/?type=ds&ts=1430945254&from=squadm&uid=SAMSUNGXHD2[...]] (PUP.IsStart)
SUPRIMIDO dados: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : ] (Hijacker.Proxy)
SUPRIMIDO dados: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=1243 <-Loopback>] (Hijacker.Proxy)
SUPRIMIDO dados: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=1243 <-Loopback>] (Hijacker.Proxy)


---\\ Arquivo hosts (1)
~ O arquivo hosts � leg�timo (18)


---\\ Tarefas autom�ticas agendadas. (0)
~ Nenhum �tem malicioso foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (19)
MOVIDO pasta: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pplbrqrw.default-1430772718984\searchplugins\istartsurf.xml (PUP.IsStart)
MOVIDO pasta: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pplbrqrw.default-1430772718984\searchplugins\oursurfing.xml (Hijacker.OurSurfing)
MOVIDO pasta: C:\Documents and Settings\Administrador\Dados de aplicativos\unins000.exe [ - Setup/Uninstall] (Adware.Pirrit)
MOVIDO pasta: C:\Documents and Settings\Administrador\Dados de aplicativos\unins001.exe [ - Setup/Uninstall] (Adware.Pirrit)
MOVIDO pasta: C:\Documents and Settings\Administrador\Dados de aplicativos\unins002.exe [ - Setup/Uninstall] (Adware.Pirrit)
MOVIDO pasta: C:\WINDOWS\Tasks\de5affb1-b16f-4b55-a169-723fb3e84759-1-6.job (Adware.CrossRider)
MOVIDO pasta: C:\WINDOWS\Tasks\de5affb1-b16f-4b55-a169-723fb3e84759-1-7.job (Adware.CrossRider)
MOVIDO pasta: C:\WINDOWS\system32\SecureAssist.dll [SecureAssist - ] (PUP.SupraSavings)
MOVIDO pasta: C:\END (PUP.Conduit)
MOVIDO arquivo: C:\Arquivos de programas\Mozilla Firefox\extensions\quickstores@quickstores.de (Toolbar.QuickStores)
MOVIDO arquivo: C:\Arquivos de programas\3ff39e0d-91fa-4550-9c72-fd55127240b5 (Adware.CrossRider)
MOVIDO arquivo: C:\Arquivos de programas\GUPlayer (PUP.GUPlayer)
MOVIDO arquivo: C:\Arquivos de programas\Movies Toolbar (PUP.MoviesToolbar)
MOVIDO arquivo: C:\Documents and Settings\All Users\Dados de aplicativos\APN (Toolbar.Ask)
MOVIDO arquivo: C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar (Toolbar.QuickStores)
MOVIDO arquivo: C:\WINDOWS\Installer\MSI1315.tmp- (Empty)
MOVIDO arquivo: C:\WINDOWS\Installer\MSI132A.tmp- (Empty)
MOVIDO arquivo: C:\WINDOWS\Installer\MSI133A.tmp- (Empty)
MOVIDO arquivo: C:\WINDOWS\Installer\MSI133B.tmp- (Empty)


---\\ Registro ( Chaves, Valores, Dados ) (78)
SUBSTITUIDO dados: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope \\\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (Hijacker.SearchScopes)
SUPRIMIDO chave: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} [http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtC[...]] [Mysearchdial] (PUP.MySearchDial)
SUPRIMIDO dados: HKCR\AutoCADScriptFile\Shell\Open\Command\\Default [Bad : [scr] C:\WINDOWS\system32\notepad.exe "%1"] (Broken.OpenCommand)
SUBSTITUIDO dados: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Arquivos de programas\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1396480690&from=smt&uid=SAMSUNGXHD250HJ_S19GJ50Q658807 (Hijacker.Qone8)
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 [Bad : C:\Arquivos de programas\Movies Toolbar\SafetyNut\safetycrt.dll] (PUP.MoviesToolbar)
SUPRIMIDO chave*: HKLM\Software\Google\Chrome\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic [C:\Documents and Settings\familia selles\Configura��es locais\Dados de aplicativos\somotomoviestoolbar1\GC\toolbar.crx] (Adware.MegaSearch)
SUPRIMIDO chave: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} [http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzutDtDtCyDyDzz0ByD0C0F0F0B0DyB0DtCtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=604780303&ir=] (PUP.MySearchDial)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [C:\WINDOWS\System32\DRIVERS\EsgScanner.sys (Not File)] (PUP.EnigmaSoftware)
SUPRIMIDO chave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411851159} [] (Adware.CrossRider)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455855559} [ICrossriderBHO] (Adware.CrossRider)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466856659} [ISandBox] (Adware.CrossRider)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444854459} [] (Adware.CrossRider)
SUPRIMIDO chave*: HKCU\Software\ArenaHD [] (Adware.CrossRider)
SUPRIMIDO chave*: HKCU\Software\Mozilla\Extends [] (PUP.FastStart)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} [esrv] (PUP.MySearchDial)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC [] (PUP.SearchAssist)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC.1 [] (PUP.SearchAssist)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\SrchUI.SearchAssistant [] (PUP.SearchAssist)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\SrchUI.SearchAssistant.1 [] (PUP.SearchAssist)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D} [SearchAssistantOC] (PUP.SearchAssist)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89} [SearchAssistantOC] (PUP.SearchAssist)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\BackupStack [] (PUP.MyPCBackup)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update FindRight [] (Adware.Sambreel)
SUPRIMIDO chave*: HKLM\SOFTWARE\ArenaHD [] (Adware.CrossRider)
SUPRIMIDO chave*: HKLM\SOFTWARE\CrossBrowse-1.4V06.05 [] (PUP.CrossBrowse)
SUPRIMIDO chave*: HKLM\SOFTWARE\FFPluginHp [] (PUP.SweetSearch)
SUPRIMIDO chave*: HKLM\SOFTWARE\Systweak [] (PUP.Systweak)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage [] (Adware.Downware)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ConvertAd [] (Adware.Pirrit)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrossBrowse-1.4V06.05 [] (PUP.CrossBrowse)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker [] (Toolbar.Agent)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FindRight [] (Adware.Sambreel)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FlvPlayer [] (PUP.FLVPlayer)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Glass Bottle [] (Spyware.GlassBottle)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie [] (PUP.Mobogenie)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater [] (PUP.SoftwareUpdater)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wincheck [] (PUP.Wincheck)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Astromenda [] (PUP.Astromenda)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [C:\Arquivos de programas\globalUpdate\Update (Not File)] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [C:\Arquivos de programas\globalUpdate\Update\1.3.25.0 (Not File)] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe [] (Hijacker.Eazel)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe [] (PUP.Dealply)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe [] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd [] (PUP.Mobogenie)
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\InprocServer32 [%SystemRoot%\system32\shdocvw.dll] (PUP.SearchAssist)
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89}\InprocServer32 [%SystemRoot%\system32\shdocvw.dll] (PUP.SearchAssist)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} [PSFactoryBuffer] (PUP.GlobalUpdate)
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}\InprocServer32 [C:\Arquivos de programas\globalUpdate\Update\1.3.25.0\psmachine.dll (Not File)] (PUP.GlobalUpdate)
SUPRIMIDO chave*: HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} [] (PUP.GlobalUpdate)
SUPRIMIDO chave: HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32 [C:\Arquivos de programas\globalUpdate\Update\1.3.25.0\psmachine.dll (Not File)] (PUP.GlobalUpdate)
SUPRIMIDO valor: HKLM\SOFTWARE\Mozilla\Firefox\Extensions\\quick_searchff@gmail.com [C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pplbrqrw.default-1430772718984\extensions\quick_searchff@gmail.com] (PUP.QuickSearch)
SUPRIMIDO valor: HKLM\SOFTWARE\Mozilla\Firefox\Extensions\\sweetsearch@gmail.com [C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pplbrqrw.default-1430772718984\extensions\sweetsearch@gmail.com] (PUP.SweetSearch)


---\\ Resultado de repara��o
Repara��o efectuada com sucesso
~ Este navegador est� faltando ! (Google Chrome)
~ Este navegador est� faltando ! (Opera Software)


---\\ Estat�sticas
~ Items scan : 691
~ Items encontrado : 0
~ items cancelados : 0
~ Items r�paro : 117


End of clean at 18:53:44
===================
ZHPCleaner-[R]-15052015-18_53_44.txt
ZHPCleaner-[S]-15052015-18_52_01.txt

Publicité


Signaler le contenu de ce document

Publicité