cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.3.16.125 by Nicolas Coolman (16/03/2015)
~ Run by Alper (Administrator) (16/03/2015 18:06:50)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : R�parer
~ Report : C:\Users\Alper\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Alper\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit (Build 9600)


---\\ Service. (2)
ARRET� : IHProtect Service (Adware.AgentODR)
ARRET� : WindowsMangerProtect (PUP.Fuyu)


---\\ Navigateur internet. (15)
REMPLAC� Quicklaunch: C:\Users\Alper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://www.delta-homes.com/?type=sc&ts=1418814923&from=wpm12173&uid=HGSTXHTS541075A9E680_J8120077GB4D9AGB4D9AX] (Hijacker.Browser)
REMPLAC� Programs: C:\Users\Alper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : http://www.delta-homes.com/?type=sc&ts=1418814923&from=wpm12173&uid=HGSTXHTS541075A9E680_J8120077GB4D9AGB4D9AX] (Hijacker.Browser)
REMPLAC� IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [hxxp://www.delta-homes.com/?type=hp&ts=1426089796&from=wpm03113&uid=HGSTXHTS5410[...]] (Hijacker.DeltaHomes)
REMPLAC� IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [hxxp://search.delta-homes.com/web/?type=ds&ts=1418814923&from=wpm12173&uid=HGSTX[...]] (Hijacker.DeltaHomes)
REMPLAC� IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [hxxp://search.delta-homes.com/web/?type=ds&ts=1418814923&from=wpm12173&uid=HGSTX[...]] (Hijacker.DeltaHomes)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.delta-homes.com/?type=hp&ts=1426089796&from=wpm03113&uid=HGSTXHTS5410[...]] (Hijacker.DeltaHomes)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404493828&from=vtt&uid=HGSTXHTS54[...]] (Hijacker.OmigaPlus)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.delta-homes.com/?type=hp&ts=1426089796&from=wpm03113&uid=HGSTXHTS5410[...]] (Hijacker.DeltaHomes)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404493828&from=vtt&uid=HGSTXHTS54[...]] (Hijacker.OmigaPlus)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.delta-homes.com/?type=hp&ts=1426089796&from=wpm03113&uid=HGSTXHTS5410[...]] (Hijacker.DeltaHomes)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404493828&from=vtt&uid=HGSTXHTS54[...]] (Hijacker.OmigaPlus)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.delta-homes.com/?type=hp&ts=1426089796&from=wpm03113&uid=HGSTXHTS5410[...]] (Hijacker.DeltaHomes)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1404493828&from=vtt&uid=HGSTXHTS54[...]] (Hijacker.OmigaPlus)
REMPLAC� Chrome URL: ,hxxp://www.delta-homes.com/?type=hp&ts=1426089796&from=wpm03113&uid=HGSTXHTS541075A9E680_J8120077GB[...] (Hijacker.DeltaHomes)
SUPPRIM� donn�e: HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs [C:\PROGRA~2\SupTab\SEARCH~2.DLL ] (PUP.SupTab)


---\\ Fichier h�te. (0)
~ Aucun �l�ment malicieux trouv�.


---\\ T�che planifi�e. (1)
SUPPRIM� t�che: [{B05C369A-EBD7-4698-801C-AA741FDCB71C}] [C:\Users\Alper\AppData\Roaming\omiga-plus\UninstallManager.exe (Not File) ] (Hijacker.OmigaPlus)


---\\ Explorateur ( Dossiers, Fichiers ). (34)
DEPLAC� fichier: C:\Program Files (x86)\XTab\ProtectService.exe [XTab system - ProtectSvc.exe] (Adware.AgentODR)
DEPLAC� fichier: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
DEPLAC� fichier: C:\WINDOWS\System32\DRIVERS\taphss6.sys [Anchorfree Inc. - Anchorfree HSS VPN Adapter] (PUP.AnchorFree)
DEPLAC� dossier*: C:\Program Files (x86)\EXstRaCouupOin (PUP.ExtraCoupon)
DEPLAC� dossier*: C:\Program Files (x86)\NeXTCoup (PUP.NextCoup)
DEPLAC� dossier*: C:\Program Files (x86)\pricechoP (PUP.PriceChop)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\60b6132765a7b0abb630edd783634194.ini (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\c639ec01ae8d99a9b630edd783634194.ini (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\f392fc60cfeefae4b630edd783634194.ini (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140909184700 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140909191226 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140909191254 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{87162843-2059-2054-7171-45775F2A6708}.20140909191254 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{87162843-2059-2054-7171-45775F2A6708}.20140912232411 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{98449C67-C7AF-BB53-112D-26C916814611}.20140909183444 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140827001736 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140827001802 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140909184622 (PUP.CrossRider)
DEPLAC� fichier: C:\ProgramData\e3291d677cdda0ad\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140909184701 (PUP.CrossRider)
DEPLAC� dossier*: C:\ProgramData\IePluginServices\update (Trojan.SProtector)
DEPLAC� dossier*: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
DEPLAC� dossier*: C:\ProgramData\Trusted Publisher\PC_Booster (PUP.TopAppSoft)
DEPLAC� dossier*: C:\ProgramData\WindowsMangerProtect\log (PUP.Fuyu)
DEPLAC� dossier*: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
DEPLAC� dossier*: C:\ProgramData\e3291d677cdda0ad (PUP.CrossRider)
DEPLAC� dossier*: C:\ProgramData\EXstRaCouupOin (PUP.ExtraCoupon)
DEPLAC� dossier*: C:\ProgramData\IePluginServices (Trojan.SProtector)
DEPLAC� dossier*: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
DEPLAC� dossier*: C:\ProgramData\NeXTCoup (PUP.NextCoup)
DEPLAC� dossier*: C:\ProgramData\pricechoP (PUP.PriceChop)
DEPLAC� dossier*: C:\ProgramData\Trusted Publisher (PUP.TopAppSoft)
DEPLAC� dossier*: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
DEPLAC� fichier*: C:\Users\Alper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hotspotshield.com_0.localstorage (PUP.HotspotShieldToolbar)
DEPLAC� fichier*: C:\Users\Alper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hotspotshield.com_0.localstorage-journal (PUP.HotspotShieldToolbar)


---\\ Base de Registres ( Cl�s, Valeurs, Donn�es ). (62)
SUPPRIM� cl�^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\IHProtect Service [C:\Program Files (x86)\XTab\ProtectService.exe] (Adware.AgentODR)
SUPPRIM� cl�^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe] (PUP.Fuyu)
REMPLAC� donn�e: HKLM\...\Google Chrome\Shell\open\Command\\"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.delta-homes.com/?type=sc&ts=1426089796&from=wpm03113&uid=HGSTXHTS541075A9E680_J8120077GB4D9AGB4D9AX (Hijacker.Qvo6)
REMPLAC� donn�e: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1404493828&from=vtt&uid=HGSTXHTS541075A9E680_J8120077GB4D9AGB4D9AX (Hijacker.OmigaPlus)
SUPPRIM� cl�*: HKCU\Software\WajIntEnhance [] (PUP.Wajam)
SUPPRIM� cl�*: HKLM\SYSTEM\CurrentControlSet\Services\taphss6 [C:\WINDOWS\System32\DRIVERS\taphss6.sys] (PUP.AnchorFree)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03113&utm_campaign=install_ie&utm_content[...]] [Bing] (Hijacker.Qvo6)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} [http://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03113&utm_campaign=install_ie&utm_content[...]] [e] (Hijacker.Qvo6)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03113&utm_campaign=install_ie&utm_content[...]] [delta-homes] (Hijacker.DeltaHomes)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D7529713-78AE-4B8C-A92D-4BF449869F78} [http://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03113&utm_campaign=install_ie&utm_content[...]] [Propositions de recherche Amazon.fr] (Hijacker.Qvo6)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} [http://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03113&utm_campaign=install_ie&utm_content[...]] [eBay] (Hijacker.Qvo6)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E6066AD3-7585-4BE1-9B7A-FDF5D77AB568} [http://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03113&utm_campaign=install_ie&utm_content[...]] [Google] (Hijacker.Qvo6)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} [http://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm03113&utm_campaign=install_ie&utm_content[...]] [Google] (Hijacker.Qvo6)
SUPPRIM� cl�: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://isearch.omiga-plus.com/web/?type=ds&ts=1404493828&from=vtt&uid=HGSTXHTS541075A9E680_J8120077G[...]] [omiga-plus] (Hijacker.OmigaPlus)
SUPPRIM� cl�: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://isearch.omiga-plus.com/web/?type=ds&ts=1404493828&from=vtt&uid=HGSTXHTS541075A9E680_J8120077G[...]] [omiga-plus] (Hijacker.OmigaPlus)
SUPPRIM� cl�*: HKCU\SOFTWARE\SearchProtectWS [] (PUP.SearchProtect)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\SearchProtect [] (PUP.SearchProtect)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Currentversion\Uninstall\SearchProtect [] (PUP.SearchProtect)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-629670618-3495321848-479663240-1001\Software\AnchorFree [] (PUP.AnchorFree)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-629670618-3495321848-479663240-1001\Software\APN PIP [] (Toolbar.Agent)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-629670618-3495321848-479663240-1001\Software\HomeTab [] (PUP.CertifiedToolbar)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-629670618-3495321848-479663240-1001\Software\Linkey [] (PUP.LinkeySearch)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-629670618-3495321848-479663240-1001\Software\SimplyTech [] (PUP.SimplyTech)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-629670618-3495321848-479663240-1001\Software\TNT2 [] (Adware.TidyNetwork)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP [] (Adware.IMBooster)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar [] (Adware.IMBooster)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect [] (PUP.SearchProtect)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com [] (PUP.Vosteran)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance [] (PUP.WajEnhance)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\delta-homes.com [] (Hijacker.Qvo6)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\portaldosites.com [] (Hijacker.PortaldoSites)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.delta-homes.com [4715] (Hijacker.Qvo6)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.portaldosites.com [8030] (Hijacker.PortaldoSites)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\bobrowser.com [0] (PUP.BoBrowser)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-homes.com [0] (Hijacker.Qvo6)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta-homes.com [4284] (Hijacker.Qvo6)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\..9 [Webbiang] (PUP.Optional)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{0BC5ADD9-266F-65DA-0231-B1D67867EC16} [EXstRaCouupOin] (PUP.ExtraCoupon)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{e4cf9cab-5275-4523-9c7d-dfa713a31c5d} [NeXTCoup] (PUP.NextCoup)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{EE24792E-AED7-9A46-47E5-40B91A655108} [pricechoP] (PUP.PriceChop)
SUPPRIM� cl�*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices [] (PUP.IePluginService)
SUPPRIM� cl�*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork [] (Toolbar.AskBar)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] (Toolbar.Conduit)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\delta-homesSoftware [] (Toolbar.DeltaSearch)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\IHProtect [] (Adware.AgentODR)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Iminent [] (Adware.IMBooster)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\omiga-plusSoftware [] (Hijacker.OmigaPlus)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\SupDp [] (PUP.SupTab)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\supTab [] (PUP.SupTab)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect [] (PUP.Fuyu)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\supWPM [] (PUP.WpManager)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\V9 [] (PUP.V9Software)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\WajIntEnhance [] (PUP.WajEnhance)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP [] (Adware.IMBooster)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar [] (Adware.IMBooster)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com [] (PUP.Vosteran)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance [] (PUP.WajEnhance)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32 [] (PUP.DesktopWeatherAlerts)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS [] (PUP.DesktopWeatherAlerts)



---\\ Bilan de la r�paration
~ R�paration r�alis�e avec succ�s.
~ Ce navigateur est absent (Mozilla Firefox)
~ Le syst�me a �t� red�marr�.


---\\ Statistiques
~ Items scann�s : 74171
~ Items trouv�s : 0
~ Items r�par�s : 64


End of clean at 18:18:06
===================
ZHPCleaner-[R]-16032015-18_18_06.txt

Publicité


Signaler le contenu de ce document

Publicité