cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.3.25.139 by Nicolas Coolman (26/03/2015)
~ Run by Thierry (Administrator) (26/03/2015 14:05:31)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : R�parer
~ Report : C:\Users\Thierry\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Thierry\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Service. (0)
~ Aucun �l�ment malicieux trouv�.


---\\ Navigateur internet. (10)
REMPLAC� Chrome URL: hxxp://www.feedly.com/,hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48,hxxp://search.babyl[...] (PUP.Babylon)
REMPLAC� IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [hxxp://www.sweet-page.com/web/?type=ds&ts=1420909716&from=cor&uid=ST31500341AS_9[...]] (PUP.SweetPage)
REMPLAC� IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [hxxp://www.sweet-page.com/web/?type=ds&ts=1420909716&from=cor&uid=ST31500341AS_9[...]] (PUP.SweetPage)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.sweet-page.com/web/?type=ds&ts=1420909716&from=cor&uid=ST31500341AS_9[...]] (PUP.SweetPage)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.sweet-page.com/web/?type=ds&ts=1420909716&from=cor&uid=ST31500341AS_9[...]] (PUP.SweetPage)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.sweet-page.com/web/?type=ds&ts=1420909716&from=cor&uid=ST31500341AS_9[...]] (PUP.SweetPage)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.sweet-page.com/web/?type=ds&ts=1420909716&from=cor&uid=ST31500341AS_9[...]] (PUP.SweetPage)
REMPLAC� Proxy: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 ( 1 )
REMPLAC� TaskBar: C:\Users\Thierry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BCC Valdostana.lnk [Bad : http://www.valdostana.bcc.it/fr/internet-banking/espace-client] (Hijacker.Browser)
REMPLAC� TaskBar: C:\Users\Thierry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CBC-Online for Business.lnk [Bad : https://www.cbc.be/business] (Hijacker.Browser)


---\\ Fichier h�te. (1)
~ Le fichier h�te est l�gitime. (21)


---\\ T�che planifi�e. (0)
~ Aucun �l�ment malicieux trouv�.


---\\ Explorateur ( Dossiers, Fichiers ). (57)
DEPLAC� fichier: C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe [Isabel SA/NV - isacertupdate Application] (Heuristic.Salus)
DEPLAC� fichier: C:\Program Files (x86)\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
DEPLAC� dossier: C:\Program Files (x86)\NexttCooup (PUP.NextCoup)
DEPLAC� dossier: C:\Program Files (x86)\SaFeweeb (PUP.SafeWeb)
DEPLAC� dossier: C:\Program Files (x86)\XTab (Adware.AgentODR)
DEPLAC� dossier: C:\Program Files (x86)\YoutubeAdblocker (PUP.YouTubeAdBlock)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3} (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{4820778D-AB0D-6D18-C316-52A6A0E1D507} (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{497C131E-2032-051B-B32A-C69A960FBB13} (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{497C131E-2032-051B-B32A-C69A960FBB13}.old (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\686af89edf0829df\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [Fuyu LIMITED - WindowsProtectManger Service] (PUP.Fuyu)
DEPLAC� dossier: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
DEPLAC� dossier: C:\ProgramData\InstallMate\00DB1AB1 (PUP.Tarma)
DEPLAC� dossier: C:\ProgramData\InstallMate\{C87C0316-B4BD-438F-A164-FC9F139F21E0} (PUP.Tarma)
DEPLAC� dossier: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
DEPLAC� dossier: C:\ProgramData\686af89edf0829df (PUP.CrossRider)
DEPLAC� dossier: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
DEPLAC� dossier: C:\ProgramData\InstallMate (PUP.Tarma)
DEPLAC� dossier: C:\ProgramData\NexttCooup (PUP.NextCoup)
DEPLAC� dossier: C:\ProgramData\SaFeweeb (PUP.SafeWeb)
DEPLAC� dossier: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
DEPLAC� dossier: C:\ProgramData\YoutubeAdblocker (PUP.YouTubeAdBlock)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{2FA1E776-80BD-44AA-AA57-2AD2B069C40D} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{3CB7A455-EBD7-4DC2-8AD0-0D4595089029} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{49F71387-C00A-4ADB-AB72-1F9B71F03218} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{4FFDA24D-396C-4CD7-B0E3-7B7262878634} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{7F88238A-45B4-4608-BD62-DCFFA05827A6} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{A521FB83-2649-45E4-8831-7631B80E14E2} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{A5EA26D5-9B29-406A-B6B6-D272D15DE8CE} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{AB20792E-4750-4DDC-909A-D0B6257F20BB} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{D84563E3-D9CE-4B50-B6E0-56083EE5A54C} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin\{FD57026B-0B4E-4E29-813D-2266960AE425} (Adware.Agent)
DEPLAC� dossier: C:\Windows\System32\AI_RecycleBin (Adware.Agent)
DEPLAC� fichier: C:\Users\Thierry\AppData\Roaming\sweet-page\UninstallManager.exe [Skytech Co., Ltd. - Skytech] (PUP.SweetPage)
DEPLAC� dossier: C:\Users\Thierry\AppData\Roaming\sweet-page\log (PUP.SweetPage)
DEPLAC� dossier: C:\Users\Thierry\AppData\Roaming\Download Manager (PUP.DownloadManager)
DEPLAC� dossier: C:\Users\Thierry\AppData\Roaming\sweet-page (PUP.SweetPage)
DEPLAC� dossier: C:\Users\Thierry\AppData\LocalLow\PriceGong\Data (Adware.PriceGong)
DEPLAC� dossier: C:\Users\Thierry\AppData\LocalLow\PriceGong (Adware.PriceGong)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage (PUP.Optional)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal (PUP.Optional)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ebookbrowsee.net_0.localstorage (Adware.EbookBrowse)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ebookbrowsee.net_0.localstorage-journal (Adware.EbookBrowse)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utorrentbarfr.ourtoolbar.com_0.localstorage (PUP.uTorrentBar)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_utorrentbarfr.ourtoolbar.com_0.localstorage-journal (PUP.uTorrentBar)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.exitingsearch.info_0.localstorage (Hijacker.SimpleSearches)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.exitingsearch.info_0.localstorage-journal (Hijacker.SimpleSearches)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.sweet-page.com_0.localstorage (PUP.SweetPage)
DEPLAC� fichier*: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.sweet-page.com_0.localstorage-journal (PUP.SweetPage)
DEPLAC� fichier*: C:\Users\Thierry\AppData\LocalLow\HPAppData (Toolbar.Conduit)
DEPLAC� dossier: C:\Users\Thierry\AppData\Local\{785189D3-0E8C-4002-A3AC-62EAB8787399} (Empty)
DEPLAC� dossier: C:\Users\Thierry\AppData\Local\{9B1D03DC-99E7-4560-B740-24863C0E2CE3} (Empty)
DEPLAC� dossier: C:\Users\Thierry\AppData\Local\{F1E9CB81-0523-4C4B-B405-31D5B9154BA1} (Empty)


---\\ Base de Registres ( Cl�s, Valeurs, Donn�es ). (54)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} [http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4] [Facemoods Search] (Adware.Facemoods)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [http://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=34&r=2014/03/16&hid=2808425382010564285[...]] [WebSearch] (Hijacker.SimpleSearches)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E3B2EF78-0B88-4949-BC3C-CF6576C8D220} [http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851639&CUI=UN823202[...]] [uTorrentBar_FR Customized Web Search] (PUP.uTorrentBar)
SUPPRIM� cl�: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [http://websearch.exitingsearch.info/?l=1&q={searchTerms}&pid=34&r=2014/03/16&hid=2808425382010564285[...]] [WebSearch] (Hijacker.SimpleSearches)
SUPPRIM� donn�e: HKCR\ChromeHTML\Shell\Open\Command\\Default [Bad : "C:\Users\Thierry\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"] (Broken.OpenCommand)
SUPPRIM� cl�^: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service (Not File)] (PUP.Fuyu)
SUPPRIM� valeur: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\IsaKbcCertUpdate [C:\Program Files (x86)\Common Files\Isabel\isa_kbc_certupdate.exe] ()
SUPPRIM� cl�*: HKCU\Software\InstallCore\1I1T1Q1S [] (Heuristic.InstallCore)
SUPPRIM� cl�*: HKCU\Software\InstallCore\Uninstall [] (Heuristic.InstallCore)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-1351522908-2785120343-1952277476-1000\Software\Conduit [] (Toolbar.Conduit)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-1351522908-2785120343-1952277476-1000\Software\iLivid [] (Adware.Bandoo)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-1351522908-2785120343-1952277476-1000\Software\InstallCore [] (Adware.InstallCore)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-1351522908-2785120343-1952277476-1000\Software\YahooPartnerToolbar [] (Toolbar.YahooPartner)
SUPPRIM� cl�*: HKCU\Software\AppDataLow\Software\Conduit [] (Toolbar.Conduit)
SUPPRIM� cl�*: HKCU\Software\AppDataLow\Software\ConduitSearchScopes [] (Toolbar.Conduit)
SUPPRIM� cl�*: HKCU\Software\AppDataLow\Software\PriceGong [] (Adware.PriceGong)
SUPPRIM� cl�*: HKCU\Software\AppDataLow\Software\Smartbar [] (PUP.QuickShare)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Conduit.Engine [] (Toolbar.Conduit)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [IescrtHlpr] (Adware.Facemoods)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] (Adware.Facemoods)
SUPPRIM� cl�^: [X64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] (Adware.Facemoods)
SUPPRIM� cl�^: [X64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [IescrtHlpr] (Adware.Facemoods)
SUPPRIM� cl�^: [X64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] (Adware.Facemoods)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Toolbar.CT2851639 [] (Toolbar.Conduit)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{0049B961-F263-5521-24B7-217B4817EC4B} [SaFeweeb] (PUP.SafeWeb)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{072D07D7-65F0-7536-0A5C-97BAAE619236} [NexttCooup] (PUP.NextCoup)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{CD30DE97-7BE6-E413-00E7-196055A5EBC2} [YoutubeAdblocker] (PUP.YoutubeAdBlocker)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Applications\iLividSetup.exe [] (Adware.Bandoo)
SUPPRIM� cl�*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu)
REMPLAC� donn�e: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{439FAF35-FC0D-430A-8BFE-0058EF7B9781}\\NameServer [8.8.8.8 (Not File)][] (Hijacker.Browser)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] (Toolbar.Conduit)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\IHProtect [] (Adware.AgentODR)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\SupDp [] (PUP.SupTab)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\supTab [] (PUP.SupTab)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect [] (PUP.Fuyu)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\sweet-pageSoftware [] (PUP.SweetPage)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [IescrtHlpr] (Adware.Facemoods)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] (Adware.Facemoods)
SUPPRIM� cl�^: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] (Adware.Facemoods)
SUPPRIM� cl�^: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [IescrtHlpr] (Adware.Facemoods)
SUPPRIM� cl�^: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] (Adware.Facemoods)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 [] (Toolbar.Ask)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS [] (Toolbar.Ask)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 [] (Toolbar.BingBar)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS [] (Toolbar.BingBar)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DealioToolbar-stub-1_RASAPI32 [] (PUP.Dealio)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DealioToolbar-stub-1_RASMANCS [] (PUP.Dealio)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\facemoodssrv_RASAPI32 [] (Adware.Facemoods)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\facemoodssrv_RASMANCS [] (Adware.Facemoods)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32 [] (Adware.Bandoo)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS [] (Adware.Bandoo)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 [] (Adware.SearchSettings)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS [] (Adware.SearchSettings)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} [C:\Program Files (x86)\Microsoft\BingBar\] (Toolbar.BingBar)



---\\ Bilan de la r�paration
~ R�paration r�alis�e avec succ�s.
~ Ce navigateur est absent (Mozilla Firefox)
~ Ce navigateur est absent (Opera Software)
~ Le syst�me a �t� red�marr�.


---\\ Statistiques
~ Items scann�s : 79411
~ Items trouv�s : 0
~ Items r�par�s : 122


End of clean at 14:13:43
===================
ZHPCleaner-[R]-26032015-14_13_43.txt

Publicité


Signaler le contenu de ce document

Publicité