cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.3.19.130 by Nicolas Coolman (19/03/2015)
~ Run by Crawford (Administrator) (19/03/2015 16:59:49)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Crawford\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Crawford\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit (Build 9600)


---\\ Services (1)
DELETED : {cd4cc471-d4c4-45ea-b1bc-d5847a1810e7}Gw64 (PUP.LinkiDoo)


---\\ Browser internet (3)
REPLACED: [9przildd.default] - user_pref("extensions.quick_start.enable_search1", false); (PUP.QuickStart)
REPLACED: [9przildd.default] - user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); (PUP.QuickStart)
REPLACED Chrome URL: ,hxxp://www.google.com/,hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M12E09D[...] (PUP.StartSearch)


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (0)
~ No malicious items found.


---\\ Explorer ( File, Folder) (24)
MOVED file: C:\WINDOWS\System32\DRIVERS\taphss6.sys [Anchorfree Inc. - Anchorfree HSS VPN Adapter] (PUP.AnchorFree)
MOVED file: C:\ProgramData\c5a6cb5400001b2f\BITC3F4.tmp (PUP.CrossRider)
MOVED file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [SysTool PasSame LIMITED - Windows SysTool Service] (PUP.Fuyu)
MOVED folder: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
MOVED folder: C:\ProgramData\InstallMate\FAF33717 (PUP.Tarma)
MOVED folder: C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Tarma)
MOVED folder: C:\ProgramData\WindowsMangerProtect\update (PUP.Fuyu)
MOVED folder: C:\ProgramData\c5a6cb5400001b2f (PUP.CrossRider)
MOVED folder: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
MOVED folder: C:\ProgramData\InstallMate (PUP.Tarma)
MOVED folder: C:\ProgramData\Tarma Installer (PUP.Tarma)
MOVED folder: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage (PUP.Optional)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal (PUP.Optional)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.rocketnews24.com_0.localstorage (PUP.RockTurner)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.rocketnews24.com_0.localstorage-journal (PUP.RockTurner)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage (PUP.StartSearch)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal (PUP.StartSearch)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.putlocker.com_0.localstorage (Spyware.PutLocker)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.putlocker.com_0.localstorage-journal (Spyware.PutLocker)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\Crawford\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
MOVED file: C:\WINDOWS\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
MOVED file: C:\WINDOWS\AutoKMS\AutoKMS.log (Trojan.AutoKMS)


---\\ Registry ( Key, Value, Data) (30)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{cd4cc471-d4c4-45ea-b1bc-d5847a1810e7}Gw64 [C:\WINDOWS\System32\drivers\{cd4cc471-d4c4-45ea-b1bc-d5847a1810e7}Gw64.sys (Not File) (Not File)] (PUP.LinkiDoo)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\taphss6 [C:\WINDOWS\System32\DRIVERS\taphss6.sys (Not File)] (PUP.AnchorFree)
DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_fr_319.exe [C:\Users\Crawford\AppData\Local\gmsd_fr_319\upgmsd_fr_319.exe -runonce] (PUP.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 [C:\Program Files (x86)\DizzyDing\bin\cd4cc471d4c445eab1bcd5847a1810e764.dll] (PUP.DizzyDing)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [Manager Class] (PUP.DizzyDing)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SearchProtect [] (PUP.SearchProtect)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Currentversion\Uninstall\SearchProtect [] (PUP.SearchProtect)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\7c5c013d-be0d-3185-7700-f13d5485f3bb [] (PUP.CrossRider)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\AnchorFree [] (PUP.AnchorFree)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\APN PIP [] (Toolbar.Agent)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\Linkey [] (PUP.LinkeySearch)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\PIP [] (Toolbar.Ask)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\SimplyTech [] (PUP.SimplyTech)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\Super Optimizer [] (PUP.SuperOptimizer)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\Tutorials [] (PUP.AgenceExclusive)
DELETED key*: HKEY_USERS\S-1-5-21-1377893165-587043373-3523778680-1002\Software\TutoTag [] (PUP.AgenceExclusive)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect [] (PUP.SearchProtect)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update DizzyDing [] (PUP.DizzyDing)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util DizzyDing [] (PUP.DizzyDing)
DELETED key*: [X64] HKLM\SOFTWARE\Tarma Installer [] (PUP.Tarma)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork [] (Toolbar.AskBar)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] (Toolbar.Conduit)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\DizzyDing [] (PUP.DizzyDing)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\PIP [] (Toolbar.Ask)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SPPDCOM [] (Rogue.PCSpeedUp)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SupDp [] (PUP.SupTab)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Systweak [] (PUP.Systweak)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tutorials [] (PUP.AgenceExclusive)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] (Toolbar.Ask)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)



---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 92676
~ Items found : 0
~ Items repaired : 59


End of clean at 17:06:30
===================
ZHPCleaner-[R]-19032015-17_06_30.txt

Publicité


Signaler le contenu de ce document

Publicité