Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015 Fichier d'export Registre : Run by Administrador at 13/5/2015 17:14:40 High Elevated Privileges : OK Windows XP Professional Service Pack 3 (Build 2600) Reciclagem vazia (00mn 38s) Prefetcher vazio Reparação de atalhos do navegador ========== Softwares ========== AUSENTE Uninstall Process: c:\documents and settings\administrador\configurações locais\dados de aplicativos\ffffffff-1430933480-ffff-ffff-ffffffffffff\uninstall.exe AUSENTE Uninstall Process: c:\arquivos de programas\glass bottle\uninstaller.exe ELIMINÉ: CrossBrowse-1.4V06.05 AUSENTE Uninstall Process: c:\documents and settings\administrador\configurações locais\dados de aplicativos\ffffffff-1430933639-ffff-ffff-ffffffffffff\uninstall.exe AUSENTE Uninstall Process: c:\documents and settings\administrador\configurações locais\dados de aplicativos\ffffffff-1430933634-ffff-ffff-ffffffffffff\uninstall.exe AUSENTE Uninstall Process: c:\arquiv~1\wse_as~1\uninstall.exe ========== Processo memória ========== ELIMINÉ: Memory Process: C:\Documents and Settings\Administrador\Dados de aplicativos\NetService\netservice.exe ELIMINÉ: Memory Process: C:\Arquivos de programas\CrossBrowse-1.4V06.05\de5affb1-b16f-4b55-a169-723fb3e84759-6.exe ELIMINA REINICIAR: Memory Process: C:\Arquivos de programas\CrossBrowse-1.4V06.05\de5affb1-b16f-4b55-a169-723fb3e84759-1-6.exe ELIMINÉ: Memory Process: C:\Documents and Settings\familia selles\Configurações locais\Dados de aplicativos\WebPlayer\AppsHat\WebPlayer.exe ========== Estado dos serviços ========== NetTcpHandler Parado ========== Chaves do Registo ========== ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck] ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d}] ELIMINÉ: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrossBrowse-1.4V06.05] ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater] ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd] ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Astromenda] ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=10 ELIMINÉ: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=4 ELIMINÉ: CLSID BHO: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} ELIMINÉ: CLSID BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}] ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}] ELIMINÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583} ELIMINÉ: Service: NetTcpHandler ELIMINÉ Driver Key: SiSkp ELIMINÉ: HKCU\Software\Baixaki ELIMINÉ: HKCU\Software\CrossBrowse-1.4V06.05-nv-ie ELIMINÉ: HKCU\Software\CrossBrowse-1.4V06.05-nv ELIMINÉ: HKCU\Software\CrossBrowser ELIMINÉ: HKCU\Software\Crossrider ELIMINÉ: HKCU\Software\HighDefAction ELIMINÉ: HKCU\Software\InstalledBrowserExtensions ELIMINÉ: HKCU\Software\ProductSetup ELIMINÉ: HKCU\Software\SafetyNut ELIMINÉ: HKCU\Software\TutoTag ELIMINÉ: HKCU\Software\WebPlayer ELIMINÉ: HKCU\Software\YorkNewCin ELIMINÉ: HKCU\Software\_CrossriderRegNamePlaceHolder_ ELIMINÉ: HKCU\Software\gamesdesktop ELIMINÉ: HKCU\Software\globalUpdate ELIMINÉ: HKLM\Software\3371cebe-84b0-407e-8c0a-9e15ab599424 ELIMINÉ: HKLM\Software\740fd99f-6228-433e-a326-0835bc9a64cb ELIMINÉ: HKLM\Software\Apps Hat-nv ELIMINÉ: HKLM\Software\Apps Hat ELIMINÉ: HKLM\Software\Baidu Security ELIMINÉ: HKLM\Software\Baidu_Drp_pos ELIMINÉ: HKLM\Software\CrossBrowse-1.4V06.05-nv-ie ELIMINÉ: HKLM\Software\CrossBrowse-1.4V06.05-nv ELIMINÉ: HKLM\Software\Crossrider ELIMINÉ: HKLM\Software\FindRight ELIMINÉ: HKLM\Software\FlvPlayer ELIMINÉ: HKLM\Software\Freeven Pro 1.4 ELIMINÉ: HKLM\Software\GlobalUpdate ELIMINÉ: HKLM\Software\HighDefAction ELIMINÉ: HKLM\Software\Iminent ELIMINÉ: HKLM\Software\InstallCore ELIMINÉ: HKLM\Software\InstalledBrowserExtensions ELIMINÉ: HKLM\Software\LevelQualityWatcher ELIMINÉ: HKLM\Software\MediaPlayerplus ELIMINÉ: HKLM\Software\MySearchDial ELIMINÉ: HKLM\Software\SafetyNut ELIMINÉ: HKLM\Software\Tarma Installer ELIMINÉ: HKLM\Software\Tutorials ELIMINÉ: HKLM\Software\YorkNewCin ELIMINÉ: HKLM\Software\_CrossriderRegNamePlaceHolder_ ELIMINÉ: HKLM\Software\istartsurfSoftware ELIMINÉ: HKLM\Software\luckysearchesSoftware ELIMINÉ: HKLM\Software\qone8Software ELIMINÉ: HKLM\Software\suprasavings ELIMINÉ: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86} ELIMINÉ: HKCR\CLSID\{22222222-2222-2222-2222-220422852259} ELIMINÉ: HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} ELIMINÉ: HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} ELIMINÉ: HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} ELIMINÉ: Service: globalUpdate ELIMINÉ: Service: globalUpdatem ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} ELIMINÉ: HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} ELIMINÉ: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} ELIMINÉ: HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} ELIMINÉ: HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} ELIMINÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} ELIMINÉ: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ELIMINÉ: HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} ELIMINÉ: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} ELIMINÉ: HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} ELIMINÉ: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect ELIMINÉ: HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} ELIMINÉ: HKLM\Software\Classes\AppID\secman.DLL ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1 ELIMINÉ: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} ELIMINÉ: HKLM\Software\Classes\CrossriderApp0048559.BHO ELIMINÉ: HKLM\Software\Classes\CrossriderApp0048559.BHO.1 ELIMINÉ: HKLM\Software\Classes\CrossriderApp0048559.Sandbox ELIMINÉ: HKLM\Software\Classes\CrossriderApp0048559.Sandbox.1 ========== Valores do Registo ========== ELIMINÉ: Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383} ELIMINÉ: Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383} ELIMINÉ RunValue: fst_br_109 ELIMINÉ RunValue: WinCheck ELIMINÉ RunValue: AppsHat Nenhum valor presente na chave de exceções do registo (FirewallRaz) ========== Elementos dos dados do Registo ========== ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page ELIMINÉ: R0 - Main,Start Page = KCU\SOFTWARE\Policies\Microsoft\Internet Explorer\Main,Start Page ELIMINÉ: R1 Search Page = www.123rede.com?oem=mbtkv3&uid=S19GJ50Q658807_SAMSUNGHD250HJ&tm=1431350379 ELIMINÉ: R1 Search Page = http://www.istartsurf.com/web/?type=ds&ts=1430945254&from=squadm&uid=SAMSUNGXHD250HJ_S19GJ50Q658807&q={searchTerms} ========== Pastas ========== Nenhuma pasta CLSID local utilizador vazia ELIMINÉ Temporários windows (102) ELIMINÉ Flash Cookies (61) ========== Ficheiros ========== ELIMINÉ:* c:\arquivos de programas\crossbrowse-1.4v06.05\de5affb1-b16f-4b55-a169-723fb3e84759-6.exe ELIMINÉ: c:\arquivos de programas\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll ELIMINÉ: c:\documents and settings\administrador\configurações locais\dados de aplicativos\ffffffff-1430933480-ffff-ffff-ffffffffffff\bnssb2.exe ELIMINA REINICIAR: c:\arquivos de programas\movies toolbar\safetynut\safetycrt.dll ELIMINÉ: c:\windows\tasks\de5affb1-b16f-4b55-a169-723fb3e84759-3.job ELIMINÉ: c:\windows\tasks\de5affb1-b16f-4b55-a169-723fb3e84759-5.job ELIMINÉ: c:\windows\tasks\de5affb1-b16f-4b55-a169-723fb3e84759-6.job ELIMINÉ: c:\windows\tasks\de5affb1-b16f-4b55-a169-723fb3e84759-7.job ELIMINÉ: c:\windows\tasks\globalupdateupdatetaskmachinecore.job ELIMINÉ: c:\windows\tasks\globalupdateupdatetaskmachineua.job ELIMINÉ: c:\windows\system32\drivers\esgscanner.sys ELIMINÉ: c:\windows\prefetch\dealplylive.exe-0957a4eb.pf ELIMINÉ: c:\windows\prefetch\updatedivapton.exe-2e63055c.pf ELIMINÉ: c:\windows\prefetch\utildivapton.exe-1d26708b.pf ELIMINÉ: c:\windows\system32\drivers\srvkp.sys ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\esgscanner.sys ELIMINÉ: c:\documents and settings\administrador\meus documentos\downloads\spyhunter-installer.exe ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\4497\setup.exe ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\comh.492177\globalupdatebroker.exe ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\comh.492177\globalupdateondemand.exe ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\comh.492177\goopdate.dll ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\comh.492177\goopdateres_en.dll ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\comh.492177\npglobalupdateupdate4.dll ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\comh.492177\psmachine.dll ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\comh.492177\psuser.dll ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\is-ksv15.tmp\csdi_luckysearches_soft_partner.exe ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\is-3u3gj.tmp\package_csdi_luckysearches_installer_multilang.exe ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\nsc62.tmp\squadm_istartsurf.exe ELIMINÉ: c:\documents and settings\administrador\configurações locais\temp\xtmp8930968\tmp\wpm_v20.0.0.2227.exe ELIMINÉ: C:\Windows\Installer\219907.msi ELIMINÉ Temporários windows (1079) (185.683.120 octets) ELIMINÉ Flash Cookies (14) (86.931 octets) ========== Restauração Sistema ========== Ponto de restauro do sistema criado com sucesso ========== Recapitulativo ========== 4 : Processo memória 86 : Chaves do Registo 6 : Valores do Registo 5 : Elementos dos dados do Registo 3 : Pastas 32 : Ficheiros 6 : Softwares 1 : Estado dos serviços 1 : Restauração Sistema End of clean in 07mn 04s ========== Caminho do ficheiro do relatório ========== C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 13/5/2015 17:15:20 [10880]