cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Win7 at 29/03/2015 03:08:51 �
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)

Recycle Bin emptied (:4mn �s)

========== Process memory ==========
REMOVES: Memory Process: C:\Users\Win7\AppData\Local\TechSmith\Snagit\DataStore\AppIcons\dvbdream.exe.dvbdream cracked.www.stardvb.com.2.6.0.0.ico
REMOVES: Memory Process: C:\Users\Win7\Downloads\Programs\QQPlayer_Setup_Arabic.exe

========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}]
REMOVES Driver Key: nwslhebc
REMOVES: HKCU\Software\Baidu Security
REMOVES: HKLM\Software\Tencent
ERROR O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
REMOVES CLSID MPSK: {cd629cee-a3d9-11e4-ac26-50e549f2978c}
REMOVES: HKCU\Software\Tencent

========== Registry values ==========
REMOVES: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
REMOVES: Toolbar: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}
REMOVES: Toolbar: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}
REMOVES RunValue: Platinum Hide IP
REMOVES RunValue: TeViiRC
REMOVES RunValue: Messenger (Yahoo!)
REMOVES RunValue: IDMan
REMOVES RunValue: Viber
REMOVES RunValue: Tango
REMOVES CLSID SSODL: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Public) : {767711C1-F23F-4CFF-8AF3-47FCF53B8E31}
REMOVES: FirewallRaz (Public) : {9F0D5BA9-26C1-4A6C-9551-B2552512830E}
REMOVES: FirewallRaz (Public) : {E39DFDEC-DC2E-4687-84EC-96164C92FB4C}
REMOVES: FirewallRaz (Public) : {76EC63D8-A466-467E-A58B-70B4F0D087A0}
REMOVES: FirewallRaz (Public) : {E0894C23-D50A-4FF6-81B1-C354B3DBD4D5}
REMOVES: FirewallRaz (Public) : {21E8AD57-99E4-4B51-85C6-92AEFAEEA578}
REMOVES: FirewallRaz (Private) : TCP Query User{3F3C7361-A646-4B07-8212-1AE692BE20F7}C:\users\win7\downloads\compressed\gxtool\gxtool\boot_file\boot.exe
REMOVES: FirewallRaz (Private) : UDP Query User{C4B90337-89DA-434A-80B0-D765E5A147B9}C:\users\win7\downloads\compressed\gxtool\gxtool\boot_file\boot.exe
REMOVES: FirewallRaz (Private) : TCP Query User{52879006-1D84-4AF4-A868-3FD4A7CB72F6}C:\users\win7\desktop\���� ��� ����� ��������� �� ��� ���� 2\gxtool\boot_file\boot.exe
REMOVES: FirewallRaz (Private) : UDP Query User{65490337-1F88-4DE6-A75A-A48E0C5F0345}C:\users\win7\desktop\���� ��� ����� ��������� �� ��� ���� 2\gxtool\boot_file\boot.exe
REMOVES: FirewallRaz (Private) : TCP Query User{225D27C0-4ECC-4510-BAEC-7BD48CBAAEE6}C:\program files\stardvb\dvbdream v26\plugins\pip00\acamdmonitor.exe
REMOVES: FirewallRaz (Private) : UDP Query User{FE378E70-446F-43D3-897F-5381D3C4EC88}C:\program files\stardvb\dvbdream v26\plugins\pip00\acamdmonitor.exe
REMOVES: FirewallRaz (Private) : TCP Query User{1F17D542-FDFC-4559-B726-3D582C6DCF49}C:\program files\tencent\qqplayer\qqplayer.exe
REMOVES: FirewallRaz (Private) : UDP Query User{982EC6AC-6B3B-474F-B589-D695BDC874A5}C:\program files\tencent\qqplayer\qqplayer.exe
REMOVES: FirewallRaz (Private) : TCP Query User{D9047476-FD97-46CB-9BB2-A1DD94E4E056}C:\program files\yahoo!\messenger\yahoomessenger.exe
REMOVES: FirewallRaz (Private) : UDP Query User{16A2B6DF-070E-40AA-B972-6FB23915592D}C:\program files\yahoo!\messenger\yahoomessenger.exe
REMOVES: FirewallRaz (None) : {9E15142D-59E3-408E-82C4-B41655088FB0}
REMOVES: FirewallRaz (Private) : TCP Query User{3BC4FE8D-FA93-4EE0-8C18-60B06531A350}C:\users\win7\desktop\��\���� ��� ����� ��������� �� ��� ���� 2\gxtool\boot_file\boot.exe
REMOVES: FirewallRaz (Private) : UDP Query User{B1DBB53F-73FA-4ACF-87D2-AA1A35BE9727}C:\users\win7\desktop\��\���� ��� ����� ��������� �� ��� ���� 2\gxtool\boot_file\boot.exe
REMOVES: FirewallRaz (Private) : TCP Query User{2523CDD3-B007-47B9-AC6F-46391C28E56B}C:\users\win7\desktop\gxtool\boot_file\boot.exe
REMOVES: FirewallRaz (Private) : UDP Query User{0CF88975-8A1B-49EA-91E9-10A278A5063C}C:\users\win7\desktop\gxtool\boot_file\boot.exe
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value

========== Elements of the registry data ==========
REMOVES: R1 Search Page = res://ieframe.dll/tabswelcome.htm
REMOVES TCPIP: NameServer = 8.8.8.8,208.67.222.222
REMOVES TCPIP: DhcpNameServer = 31.3.252.89 37.220.8.190

========== Folders ==========
REMOVES: C:\Program Files\Baidu Security
REMOVES: C:\Program Files\Tencent
REMOVES: C:\ProgramData\Temp
REMOVES: C:\ProgramData\Tencent
REMOVES: C:\Users\Win7\AppData\Roaming\Baidu Security
REMOVES: C:\Users\Win7\AppData\Roaming\Tencent
REMOVES Reboot:** C:\Users\Win7\AppData\Local\Temp
REMOVES: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent
Deletes temporary Windows (0)
REMOVES Flash Cookies (0)

========== Files ==========
REMOVES Reboot: c:\windows\teviirc.exe
REMOVES: c:\program files\yahoo!\messenger\yahoomessenger.exe
REMOVES Reboot: c:\users\win7\desktop\idman\idman.exe
REMOVES Reboot: c:\program files\tango\tango.exe
REMOVES Reboot: i:\windows\autorun.exe
Deletes temporary Windows (3) (16,384 octets)
REMOVES Flash Cookies (0) (0 octets)

========== Scheduled task ==========
REMOVES: {12AB4E4B-453E-4B24-9B05-6E49D81400C3}
REMOVES: {4C1230C1-9113-4275-8C25-A640D61558A4}
REMOVES: {5A6D609E-3EA3-4E9B-BD18-5D3886A4F19C}
REMOVES: {C05835A6-EA44-43A4-84B2-C3A78190982B}

========== System restore ==========
No System Restore Point created


========== Summary ==========
2 : Process memory
7 : Registry keys
39 : Registry values
3 : Elements of the registry data
10 : Folders
7 : Files
4 : Scheduled task
1 : System restore


End of clean in :4mn �s

========== Path to file report ==========
C:\Users\Win7\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/12/2013 06:15:35 � [1284]
C:\Users\Win7\AppData\Roaming\ZHP\ZHPFix[R2].txt - 04/04/2014 11:07:36 � [1619]
C:\Users\Win7\AppData\Roaming\ZHP\ZHPFix[R3].txt - 29/03/2015 03:09:38 � [6149]

Publicité


Signaler le contenu de ce document

Publicité