Rapport de ZHPFix 2015.1.15.1 par Nicolas Coolman, Update du 15/01/2015 Fichier d'export Registre : Run by Faical at 3/25/2015 10:58:57 PM High Elevated Privileges : OK Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601) Recycle Bin emptied (04mn AMs) ========== Software ========== REMOVES: Bing Bar ========== Process memory ========== REMOVES Reboot: Memory Process: C:\Users\Faical\AppData\Roaming\uTorrent\uTorrent.exe ========== Registry keys ========== REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent REMOVES:* HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent REMOVES: HKCU\Software\BitTorrent REMOVES: HKCU\Software\Tencent REMOVES: HKLM\Software\Wow6432Node\Tencent REMOVES:* StartupReg: SynTPEnh ERROR O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) REMOVES O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\71526112.sys . (...) -- C:\Windows\System32\Drivers\71526112.sys (.not file.) ERROR O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) REMOVES O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\71526112.sys . (...) -- C:\Windows\System32\Drivers\71526112.sys (.not file.) REMOVES:* CLSID Extra Buttons: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} REMOVES:* CLSID Extra Buttons: {2670000A-7350-4f3c-8081-5663EE0C6C49} REMOVES:* CLSID Extra Buttons: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] REMOVES:* Mozilla Plugin: @videolan.org/vlc,version=2.0.6 ========== Registry values ========== REMOVES [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent REMOVES: TCP Query User{529F591A-78B8-4E40-81A5-7584216ECFE5}C:\program files (x86)\bittorrent sync\btsync.exe REMOVES: UDP Query User{B6E7197D-E468-4DEB-9B09-48FA553AADF2}C:\program files (x86)\bittorrent sync\btsync.exe REMOVES: {1069D30C-FBD6-4A21-8222-CDF755E08130} REMOVES: {9F8873AD-8346-4B75-89AD-62D677B5768E} REMOVES: TCP Query User{4B73FFA1-7CFF-4618-939B-90A1F0B2DF16}C:\program files (x86)\tencent\qqplayer\qqplayer.exe REMOVES: UDP Query User{593CE21A-A512-4850-BBA1-10870936DE4E}C:\program files (x86)\tencent\qqplayer\qqplayer.exe REMOVES RunValue: GoogleDriveSync REMOVES RunValue: Facebook Update REMOVES RunValue: F.lux REMOVES RunValue: IDMan REMOVES RunValue: APSDaemon REMOVES RunValue: DTRun REMOVES RunValue: PDF Complete ABSENT value Standard Profile: FirewallRaz : ABSENT value Domain Profile: FirewallRaz : REMOVES: FirewallRaz (Private) : TCP Query User{9745ED90-A038-46C0-A24D-093D13397522}C:\users\faical\appdata\roaming\cacaoweb\cacaoweb.exe REMOVES: FirewallRaz (Private) : UDP Query User{506A522B-994D-4B37-A3DA-0C9FD69C7DA2}C:\users\faical\appdata\roaming\cacaoweb\cacaoweb.exe REMOVES: FirewallRaz (Public) : {7F3D7863-345D-4357-9D5E-9F528453BF7C} REMOVES: FirewallRaz (Public) : {8C531ACF-A37C-44BA-82C6-0E969763FD8C} ProxyFix : Proxy configuration successfully removed REMOVES ProxyServer Value REMOVES ProxyEnable Value REMOVES EnableHttp1_1 Value REMOVES ProxyHttp1.1 Value REMOVES ProxyOverride Value ========== Elements of the registry data ========== REMOVES AppInit: mana AntiLogger Free.) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll REMOVES TCPIP: DhcpNameServer = 192.168.1.1 REMOVES: R1 Search Page = res://ieframe.dll/tabswelcome.htm ========== Preferences browser ========== REMOVES Mozilla Pref: user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhslin[...] REMOVES Mozilla Pref: user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*"); REMOVES Mozilla Pref: user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}[...] REMOVES Mozilla Pref: user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*"); REMOVES Mozilla Pref: user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline[...] REMOVES Mozilla Pref: user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*"); ========== Folders ========== REMOVES: c:\program files (x86)\bittorrent sync REMOVES: c:\program files (x86)\tencent REMOVES: c:\programdata\tencent REMOVES: c:\users\faical\appdata\roaming\bittorrent sync REMOVES: c:\users\faical\appdata\roaming\tencent REMOVES Reboot:** c:\users\faical\appdata\roaming\utorrent REMOVES: c:\users\faical\appdata\roaming\microsoft\windows\start menu\programs\tencent REMOVES: C:\Users\Faical\AppData\Roaming\uTorrent Deletes temporary Windows (38) REMOVES Flash Cookies (0) ========== Files ========== REMOVES: c:\users\faical\appdata\roaming\utorrent\utorrent.exe REMOVES: c:\windows\prefetch\totalplushd-3.1v15.01-codedow-0db00e50.pf REMOVES: c:\windows\prefetch\utorrent.exe-d152bd4b.pf REMOVES: c:\users\faical\appdata\local\facebook\update\facebookupdate.exe REMOVES: c:\users\faical\appdata\local\fluxsoftware\flux\flux.exe REMOVES Reboot: c:\program files (x86)\internet download manager\idman.exe REMOVES: c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe REMOVES: c:\users\faical\appdata\roaming\microsoft\internet explorer\quick launch\internet explorer.lnk (http://www.bahaty.com) CREATES: C:\Users\Faical\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.LNK REMOVES: c:\users\faical\appdata\roaming\microsoft\internet explorer\quick launch\µtorrent.lnk REMOVES: c:\users\faical\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\µtorrent.lnk REMOVES: c:\users\faical\desktop\µtorrent.lnk Deletes temporary Windows (171) (44,304,237 octets) REMOVES Flash Cookies (0) (0 octets) ========== System restore ========== The system successfully created restore point ========== Summary ========== 1 : Process memory 15 : Registry keys 26 : Registry values 3 : Elements of the registry data 10 : Folders 14 : Files 1 : Software 6 : Preferences browser 1 : System restore End of clean in 58mn AMs ========== Path to file report ========== C:\Users\Faical\AppData\Roaming\ZHP\ZHPFix[R1].txt - 1/29/2014 2:16:06 PM [9293] C:\Users\Faical\AppData\Roaming\ZHP\ZHPFix[R2].txt - 3/25/2015 10:59:01 PM [6538]