# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-09-2019
# Duration: 00:00:05
# OS: Windows 7 Ultimate
# Cleaned: 24
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\AskTBar
***** [ Files ] *****
Deleted C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
Deleted C:\Users\HP\Downloads\SpyHunter-Installer.exe
Deleted C:\Users\HP\Favorites\Mail.Ru.url
Deleted C:\Users\HP\Favorites\?????? ? ?????????.url
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Google\Chrome\NativeMessagingHosts\ru.mail.go.ext_info_host
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Deleted HKLM\Software\Classes\IESearchPlugin.MailRuBHO
Deleted HKLM\Software\Wow6432Node\AskTBar
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}
***** [ Chromium (and derivatives) ] *****
Deleted ikihefjapmkjipaiafghlnndpbcdoocc
Deleted ???????? ???????? ? ????? ?? Mail.Ru
Deleted ?????
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3733 octets] - [09/08/2019 11:44:24]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
~ ZHPCleaner v2019.8.7.118 by Nicolas Coolman (2019/08/07)
~ Run by HP (Administrator) (09/08/2019 12:06:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\HP\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\HP\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
---\\ Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Hosts carpeta (1)
~ El archivo hosts es legítimo (21)
---\\ Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Explorador ( Archivos, Carpetas ) (0)
~ No malintencionados o innecesarios artículos encontrados.
---\\ Registro ( Claves, Valores, Datos) (1)
ENCONTRADOS clave: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet [] =>HackTool.WinActivator
---\\ Resumen de elementos en su estación de trabajo (1)
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ falta este navegador! (Mozilla Firefox)
~ falta este navegador! (Opera Software)
---\\ STATISTIQUES
~ Items escaneado : 73879
~ Items encontrado : 1
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0
~ End of search in 00h04mn44s
---\\ Reporte (3)
ZHPCleaner-[R]-09082019-12_05_43.txt
ZHPCleaner-[S]-09082019-12_03_03.txt
ZHPCleaner-[S]-09082019-12_11_40.txt
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 9/8/19
Hora del análisis: 12:15
Archivo de registro: 9a05cffb-bad1-11e9-beae-1803731d8e67.json
-Información del software-
Versión: 3.8.3.2965
Versión de los componentes: 1.0.613
Versión del paquete de actualización: 1.0.11936
Licencia: Prueba
-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: SERVIDOR\HP
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 185373
Amenazas detectadas: 20
Amenazas en cuarentena: 20
Tiempo transcurrido: 1 hr, 41 min, 46 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 13
Trojan.CrthRazy, HKLM\SOFTWARE\WOW6432NODE\Machiner, Se eliminará al reiniciar, [3134], [676882],1.0.11936
Adware.ExtenBro.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\36509B8F624CE280E0C797F42F4A8F552A280313, Se eliminará al reiniciar, [6869], [707078],1.0.11936
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
Adware.ExtenBro.BrwsrFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\36509B8F624CE280E0C797F42F4A8F552A280313, Se eliminará al reiniciar, [6869], [707078],1.0.11936
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\beliehdniadoecbonbhlcgbdldccfigp, Se eliminará al reiniciar, [254], [678404],1.0.11936
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iepoegkaoeljnbhagabakjodgpfniimo, Se eliminará al reiniciar, [254], [655213],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ehcwltxuhoiab, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F2BC84C2-B1F7-44C5-B29B-405ED598EB6B}, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F2BC84C2-B1F7-44C5-B29B-405ED598EB6B}, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\yshnjvimbjpfxqg, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{404B1866-CE62-4C2B-B3B1-3B405632635D}, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{404B1866-CE62-4C2B-B3B1-3B405632635D}, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Valor del registro: 4
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
PUP.Optional.MailRu, HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|BELIEHDNIADOECBONBHLCGBDLDCCFIGP, Se eliminará al reiniciar, [254], [678404],1.0.11936
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Se eliminará al reiniciar, [7035], [252393],1.0.11936
PUP.Optional.MailRu, HKU\S-1-5-21-3539255387-4219119725-3613937337-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|IEPOEGKAOELJNBHAGABAKJODGPFNIIMO, Se eliminará al reiniciar, [254], [655213],1.0.11936
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 3
Trojan.DNSChanger.BrwsrFlsh, C:\WINDOWS\SYSTEM32\TASKS\ehcwltxuhoiab, Se eliminará al reiniciar, [14590], [711378],1.0.11936
Trojan.DNSChanger.BrwsrFlsh, C:\WINDOWS\SYSTEM32\TASKS\yshnjvimbjpfxqg, Se eliminará al reiniciar, [14590], [711378],1.0.11936
PUP.Optional.MailRu, C:\ADWCLEANER\QUARANTINE\V1\20190809.114552\15\MAIL.RU.LNK#9D18CF5BE526F636, Se eliminará al reiniciar, [254], [511420],1.0.11936
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)