======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:09:19 on 04/03/2013, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
f000847@FUN0066 ( )
============== ACTION(S) ==============
(!) -- Temporary files deleted.
-- File opened: C:\Documents and Settings\f000847\Dados de aplicativos\Mozilla\FireFox\Profiles\vc3ld4n3.default\Prefs.js --
Line deleted: user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=E1DC68F6-4E2D-447...
Line deleted: user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line deleted: user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line deleted: user_pref("extensions.toolbar.mindspark._5aMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh...
Line deleted: user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=E1DC68F6...
-- File closed --
Key deleted: HKLM\Software\Classes\Interface\{277CCBB9-5D7D-47A0-8683-CA8420C04168}
Key deleted: HKLM\Software\Classes\Interface\{418B51DA-6AA7-44D5-AA1E-029A9B115B35}
Key deleted: HKLM\Software\Classes\Interface\{AB574619-ECAD-4E2C-8203-70898772267C}
Key deleted: HKLM\Software\Classes\Interface\{D19034A7-E889-46CF-BF8A-C8CF644BA7B7}
Key deleted: HKLM\Software\Classes\Interface\{E50C5B1B-DA9F-468F-BF8C-7C1D69F11993}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
============== ADDITIONNAL SCAN ==============
**** Mozilla Firefox Version [19.0 (pt-BR)] ****
HKLM_MozillaPlugins\@MyWebFace_5a.com/Plugin (x)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)
Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)
Searchplugins\twitter.xml (hxxps://twitter.com/search)
Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)
Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|5affxtbr@MyWebFace_5a.com - C:\Arquivos de programas\MyWebFace_5a\bar\1.bin
-- C:\Documents and Settings\f000847\Dados de aplicativos\Mozilla\FireFox\Profiles\vc3ld4n3.default --
Extensions\5affxtbr@MyWebFace_5a.com (MyWebFace)
Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Modulo de Seguranca - Banco do Brasil)
Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} (Adicional de Seguranca CAIXA)
Searchplugins\my-web-search.xml (?)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\f000847\\Meus documentos\\Minhas imagens
Prefs.js - browser.search.defaultenginename, My Web Search
Prefs.js - browser.search.selectedEngine, My Web Search
Prefs.js - browser.startup.homepage_override.buildID, 20130215130331
Prefs.js - browser.startup.homepage_override.mstone, 19.0
-- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\itaqxty1.default --
Extensions\5affxtbr@MyWebFace_5a.com (MyWebFace)
Prefs.js - browser.startup.homepage_override.buildID, 20120312181643
Prefs.js - browser.startup.homepage_override.mstone, rv:11.0
-- C:\Documents and Settings\Fun0131\Dados de aplicativos\Mozilla\FireFox\Profiles\z4e8s4wm.default --
Extensions\5affxtbr@MyWebFace_5a.com (MyWebFace)
Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Modulo de Seguranca - Banco do Brasil)
Prefs.js - browser.startup.homepage,
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]Prefs.js - browser.startup.homepage_override.buildID, 20111120135848
Prefs.js - browser.startup.homepage_override.mstone, rv:8.0.1
========================================
**** Internet Explorer Version [8.0.6001.18702] ****
HKCU_Main|Default_Page_URL -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKCU_Main|Default_Search_URL -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKCU_Main|Search bar -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKCU_Main|Start Page -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKLM_Main|Default_Page_URL -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKLM_Main|Default_Search_URL -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKLM_Main|Search bar -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKLM_Main|Search Page -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKLM_Main|Start Page -
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]HKCU_URLSearchHooks|{8040829d-1177-46e2-9157-8282438b79c7} (x)
HKCU_Toolbar\WebBrowser|{AF94B35C-3AC5-4030-9F9C-15FB4E3DC339} (C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5abar.dll)
HKLM_Toolbar|{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)
HKLM_Toolbar|{af94b35c-3ac5-4030-9f9c-15fb4e3dc339} (C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5abar.dll)
HKLM_ElevationPolicy\{2263be11-acb7-49d9-8313-6b1d5cc42faa} - C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5aSlSrch.exe (x)
HKLM_ElevationPolicy\{6372c122-1e82-494a-9d5a-de31ed303036} - C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5aSkPlay.exe (FULL_COMPANY_NAME)
HKLM_ElevationPolicy\{768af043-5c5b-408b-a3e0-671b60e3fcd3} - C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5aSrchMn.exe (MindSpark)
HKLM_ElevationPolicy\{97fc5555-8bdc-40ea-8de2-b1e46b9ea629} - C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5aimpipe.exe (FULL_COMPANY_NAME)
HKLM_ElevationPolicy\{f0999591-2edb-4a3e-907e-337b1591f643} - C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5amedint.exe (MindSpark)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "Adobe PDF Reader Link Helper" (C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll)
BHO\{14d02517-c8be-4735-a344-3c8366c77aa0} - "Search Assistant BHO" (C:\Arquivos de programas\MyWebFace_5a\bar\1.bin\5aSrcAs.dll)
BHO\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - "avast! WebRep" (C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll)
BHO\{b1df253a-9e7a-480d-b6a5-7a435b520dbb} - "Toolbar BHO" (C:\ARQUIV~1\MYWEBF~2\bar\1.bin\5abar.dll)
BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll)
BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540003} - "GbIehObj Class" (C:\Arquivos de programas\GbPlugin\gbiehcef.dll)
BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540014} - "GbIehObj Class" (C:\Arquivos de programas\GbPlugin\gbiehbnb.dll)
========================================
C:\Arquivos de programas\Ad-Remover\Quarantine: 0 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 14 File(s)
C:\Ad-Report-CLEAN[1].txt - 04/03/2013 14:09:22 (4275 Byte(s))
End at: 14:09:47, 04/03/2013
============== E.O.F ==============
Rapport de ZHPFix 1.3.05 par Nicolas Coolman, Update du 09/10/2012
Fichier d'export Registre :
Run by f000847 at 04/03/2013 14:13:27
Windows XP Professional Service Pack 3 (Build 2600)
Web site :
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]========== Registry Key ==========
DELETED Key: CLSID BHO: {14d02517-c8be-4735-a344-3c8366c77aa0}
DELETED Key: CLSID BHO: {b1df253a-9e7a-480d-b6a5-7a435b520dbb}
DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540014}
DELETED Key: CLSID BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
DELETED Key: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
DELETED Key: CLSID BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
DELETED Key: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000}
DELETED Key: CLSID BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003}
DELETED Key: CLSID BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9}
DELETED Key: CLSID BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\hitmanpro37.sys . (...) -- C:\WINDOWS\system32\Drivers\hitmanpro37.sys (.not file.)
DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro37.sys . (...) -- C:\WINDOWS\system32\Drivers\hitmanpro37.sys (.not file.)
DELETED CLSID MPSK: {977083d8-5edc-11e1-9fe8-14dae96ecb3d}
NOT FOUND SearchScopes :{d3f22a84-2a84-49eb-91e6-5dadaaf0165d}
========== Registry Value ==========
DELETED URLSearchHook: {8040829d-1177-46e2-9157-8282438b79c7}
DELETED Toolbar: {af94b35c-3ac5-4030-9f9c-15fb4e3dc339}
DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
DELETED RunValue: CTFMON.EXE
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
No Value in Firewall Exception Register Key (FirewallRaz)
========== Repertory ==========
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
DELETE on Reboot c:\windows\system32\ctfmon.exe
NOT FOUND File: c:\windows\system32\drivers\hitmanpro37.sys
DELETED Window Temporary:
DELETED Flash Cookies:
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
15 : Registry Key
15 : Registry Value
2 : Repertory
4 : File
1 : Restoration
End of clean in 00mn 30s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 04/03/2013 14:13:28 [2670]
Portal
» KpRm ( ... by Kernel-panik )
» ESET Rogue Applications Remover ( ... by Eset.com )
» PW Clean 2.7 ( ... by Doutor PW )
» CKScanner ( ... by askey127 )
» AdwCleaner ( ... by XPlode )
» ZHPDiag ( ... de Nicolas Coolman )
» Argente - Registry Cleaner ( ... by Argente Software )
» ListChkdskResult ( ... by SleepyDude )