cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.4.4.156 by Nicolas Coolman (05/04/2015)
~ Run by NavyBlue (Administrator) (05/04/2015 15:35:26)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Netttoyer
~ Report : C:\Users\NavyBlue\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\NavyBlue\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit (Build 9600)


---\\ Service. (0)
~ Aucun �l�ment malicieux trouv�.


---\\ Navigateur internet. (24)
SUPPRIM�: [r7xu8umr.default-1427748956989] - user_pref("browser.search.searchengine.alias", "mystartsearch"); (PUP.StartSearch)
SUPPRIM�: [r7xu8umr.default-1427748956989] - user_pref("browser.search.searchengine.iconURL", "http://www.mystartsearch.com/web/favicon.ico"); (PUP.StartSearch)
SUPPRIM�: [r7xu8umr.default-1427748956989] - user_pref("browser.search.searchengine.name", "mystartsearch"); (PUP.StartSearch)
SUPPRIM�: [r7xu8umr.default-1427748956989] - user_pref("browser.search.searchengine.url", "http://www.mystartsearch.com/web/?type=dspp&ts=1427748[...] (PUP.StartSearch)
SUPPRIM�: [r7xu8umr.default-1427748956989] - user_pref("browser.search.selectedEngine", "mystartsearch"); (PUP.StartSearch)
SUPPRIM�: [r7xu8umr.default-1427748956989] - user_pref("extensions.xpiState", "{\"app-profile\":{\"fftoolbar2014@etech.com\":{\"d\":\"C:\\\\Users[...] (Adware.FFToolBar)
DEPLAC� fichier*: C:\Users\NavyBlue\AppData\Roaming\Mozilla\Firefox\Profiles\r7xu8umr.default-1427748956989\Extensions\fftoolbar2014@etech.com\chrome (Adware.FFToolBar)
DEPLAC� fichier: C:\Users\NavyBlue\AppData\Roaming\Mozilla\Firefox\Profiles\r7xu8umr.default-1427748956989\Extensions\fftoolbar2014@etech.com\chrome.manifest (Adware.FFToolBar)
DEPLAC� fichier: C:\Users\NavyBlue\AppData\Roaming\Mozilla\Firefox\Profiles\r7xu8umr.default-1427748956989\Extensions\fftoolbar2014@etech.com\install.rdf (Adware.FFToolBar)
DEPLAC� dossier: C:\Users\NavyBlue\AppData\Roaming\Mozilla\Firefox\Profiles\r7xu8umr.default-1427748956989\Extensions\fftoolbar2014@etech.com (Adware.FFToolBar)
REMPLAC� IE Params: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL [hxxp://www.mystartsearch.com/?type=hppp&ts=1427748814&from=wpc&uid=ST1000LM024XH[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page [hxxp://www.mystartsearch.com/?type=hppp&ts=1427748814&from=wpc&uid=ST1000LM024XH[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.mystartsearch.com/?type=hppp&ts=1427748814&from=wpc&uid=ST1000LM024XH[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427748814&from=wpc&uid=ST1000LM0[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.mystartsearch.com/?type=hppp&ts=1427748814&from=wpc&uid=ST1000LM024XH[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427748814&from=wpc&uid=ST1000LM0[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.mystartsearch.com/?type=hppp&ts=1427748814&from=wpc&uid=ST1000LM024XH[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427748814&from=wpc&uid=ST1000LM0[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.mystartsearch.com/?type=hppp&ts=1427748814&from=wpc&uid=ST1000LM024XH[...]] (PUP.StartSearch)
REMPLAC� IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.mystartsearch.com/web/?type=dspp&ts=1427748814&from=wpc&uid=ST1000LM0[...]] (PUP.StartSearch)
REMPLAC� Quicklaunch: C:\Users\NavyBlue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://www.mystartsearch.com/?type=sc&ts=1427748607&from=wpc&uid=ST1000LM024XHN-M101MBB_S32XJ9AF926330] (Hijacker.Browser)
REMPLAC� TaskBar: C:\Users\NavyBlue\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [Bad : http://www.mystartsearch.com/?type=sc&ts=1427748607&from=wpc&uid=ST1000LM024XHN-M101MBB_S32XJ9AF926330] (Hijacker.Browser)
REMPLAC� Desktop: C:\Users\Public\Desktop\Mozilla Firefox.lnk [Bad : http://www.mystartsearch.com/?type=sc&ts=1427748607&from=wpc&uid=ST1000LM024XHN-M101MBB_S32XJ9AF926330] (Hijacker.Browser)
REMPLAC� Programs: C:\Users\NavyBlue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : http://www.mystartsearch.com/?type=sc&ts=1427748607&from=wpc&uid=ST1000LM024XHN-M101MBB_S32XJ9AF926330] (Hijacker.Browser)


---\\ Fichier h�te. (1)
~ Le fichier h�te est l�gitime. (21)


---\\ T�che planifi�e. (0)
~ Aucun �l�ment malicieux trouv�.


---\\ Explorateur ( Dossiers, Fichiers ). (31)
DEPLAC� fichier: C:\Program Files (x86)\SalePlus\teIe1ubg06aSu7.dat (PUP.SalePlus)
DEPLAC� fichier: C:\Program Files (x86)\SalePlus\teIe1ubg06aSu7.tlb (PUP.SalePlus)
DEPLAC� fichier: C:\Program Files (x86)\SalePlus\teIe1ubg06aSu7.x64.dll (PUP.SalePlus)
DEPLAC� fichier: C:\Program Files (x86)\SalePlUss\SalePlUss.dat (PUP.SalePlus)
DEPLAC� fichier: C:\Program Files (x86)\XTab\BrowerWatchCH.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\BrowerWatchFF.dll [XTab - BrowerWa.dll] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\BrowserAction.dll [Skytech Co., Ltd. - Skytech] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\conf (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\HPNotify.exe [XTab system - SupHPNot.exe] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\IeWatchDog.dll [Search Protecter - SearchProtect for ie] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\install.data (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\msvcp110.dll [Microsoft Corporation - Microsoft� C Runtime Library] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\msvcr110.dll [Microsoft Corporation - Microsoft� C Runtime Library] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\searchProvider.xml (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\SupTab.dll [Thinknice Co. Limited - SupTab setup package] (Adware.AgentODR)
DEPLAC� fichier: C:\Program Files (x86)\XTab\uninstall.exe [XTab - XTab] (Adware.AgentODR)
DEPLAC� dossier: C:\Program Files (x86)\XTab\skin (Adware.AgentODR)
DEPLAC� dossier: C:\Program Files (x86)\XTab\web (Adware.AgentODR)
DEPLAC� dossier: C:\Program Files (x86)\SalePlus (PUP.SalePlus)
DEPLAC� dossier: C:\Program Files (x86)\SalePlUss (PUP.SalePlus)
DEPLAC� dossier: C:\Program Files (x86)\XTab (Adware.AgentODR)
DEPLAC� dossier: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)
DEPLAC� dossier: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
DEPLAC� fichier: C:\ProgramData\15497417634565445232\cd5b15e575e1c3d0e534fb77c485ca4d.ini (PUP.CrossRider)
DEPLAC� dossier: C:\ProgramData\IHProtectUpDate\update (Adware.AgentODR)
DEPLAC� dossier: C:\ProgramData\15497417634565445232 (PUP.CrossRider)
DEPLAC� dossier: C:\ProgramData\IHProtectUpDate (Adware.AgentODR)
DEPLAC� fichier: C:\Windows\Prefetch\SPYHUNTER-INSTALLER.EXE-E3340035.pf (Crapware.SpyHunter)
DEPLAC� fichier: C:\Windows\System32\roboot64.exe [solvusoft - WinThruster] (PUP.Systweak)
DEPLAC� fichier: C:\Users\NavyBlue\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)


---\\ Base de Registres ( Cl�s, Valeurs, Donn�es ). (46)
SUPPRIM� valeur: [X64] HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\fftoolbar2014@etech.com [C:\Users\NavyBlue\AppData\Roaming\Mozilla\Firefox\Profiles\r7xu8umr.default-1427748956989\extensions\fftoolbar2014@etech.com] (Adware.FFToolBar)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1427748814&from=wpc&uid=ST1000LM024XHN-M101MBB_S32XJ9[...]] [mystartsearch] (PUP.StartSearch)
SUPPRIM� cl�: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds[...]] [WebSearch] (Hijacker.SimpleSearches)
SUPPRIM� cl�: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1427748814&from=wpc&uid=ST1000LM024XHN-M101MBB_S32XJ9[...]] [mystartsearch] (PUP.StartSearch)
SUPPRIM� cl�: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=dspp&ts=1427748814&from=wpc&uid=ST1000LM024XHN-M101MBB_S32XJ9[...]] [mystartsearch] (PUP.StartSearch)
SUPPRIM� cl�: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [http://websearch.searchfix.info/?unqvl=63&idate=2015/03/30&l=1&q={searchTerms}] [WebSearch] (Hijacker.SimpleSearches)
SUPPRIM� cl�*: HKCU\Software\WajIntEnhance [] (PUP.Wajam)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\SearchProtect [] (Adware.Sambreel)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Currentversion\Uninstall\SearchProtect [] (Adware.Sambreel)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-4184628420-3790448397-3874530027-1001\Software\APN PIP [] (Toolbar.Agent)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-4184628420-3790448397-3874530027-1001\Software\HomeTab [] (PUP.CertifiedToolbar)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-4184628420-3790448397-3874530027-1001\Software\Linkey [] (PUP.LinkeySearch)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-4184628420-3790448397-3874530027-1001\Software\SearchProtectWS [] (PUP.SearchProtect)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-4184628420-3790448397-3874530027-1001\Software\SimplyTech [] (PUP.SimplyTech)
SUPPRIM� cl�*: HKEY_USERS\S-1-5-21-4184628420-3790448397-3874530027-1001\Software\TNT2 [] (Adware.TidyNetwork)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP [] (Adware.IMBooster)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar [] (Adware.IMBooster)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect [] (PUP.SearchProtect)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com [] (PUP.Vosteran)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance [] (PUP.WaEnhance)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystartsearch.com [] (PUP.StartSearch)
SUPPRIM� cl�*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystartsearch.com [4003] (PUP.StartSearch)
SUPPRIM� cl�*: HKCU\Software\Mozilla\Extends [] (PUP.FastStart)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\P13ef4479_6038_4ea9_9710_2e83c7eb1b6e_.P13ef4479_6038_4ea9_9710_2e83c7eb1b6e_ [youtubeadblocker] (PUP.YoutubeAdBlocker)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\P13ef4479_6038_4ea9_9710_2e83c7eb1b6e_.P13ef4479_6038_4ea9_9710_2e83c7eb1b6e_.9 [youtubeadblocker] (PUP.YoutubeAdBlocker)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Pc19f7834_71e3_4d0e_af6c_06eac20de687_.Pc19f7834_71e3_4d0e_af6c_06eac20de687_ [SaLePlus] (PUP.SalePlus)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Pc19f7834_71e3_4d0e_af6c_06eac20de687_.Pc19f7834_71e3_4d0e_af6c_06eac20de687_.9 [SaLePlus] (PUP.SalePlus)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Pc7cc6df4_100f_4d88_a4df_34c695deba88_.Pc7cc6df4_100f_4d88_a4df_34c695deba88_ [SalePlus] (PUP.SalePlus)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\Pc7cc6df4_100f_4d88_a4df_34c695deba88_.Pc7cc6df4_100f_4d88_a4df_34c695deba88_.9 [SalePlus] (PUP.SalePlus)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{13ef4479-6038-4ea9-9710-2e83c7eb1b6e} [youtubeadblocker] (PUP.YoutubeAdBlocker)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{c19f7834-71e3-4d0e-af6c-06eac20de687} [SaLePlus] (PUP.SalePlus)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Classes\CLSID\{c7cc6df4-100f-4d88-a4df-34c695deba88} [SalePlus] (PUP.SalePlus)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork [] (Toolbar.AskBar)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] (Toolbar.Conduit)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\IHProtect [] (Adware.AgentODR)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Iminent [] (Adware.IMBooster)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\mystartsearchSoftware [] (PUP.StartSearch)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\SupDp [] (PUP.SupTab)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\supTab [] (PUP.SupTab)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\WajIntEnhance [] (PUP.WaEnhance)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP [] (Adware.IMBooster)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar [] (Adware.IMBooster)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com [] (PUP.Vosteran)
SUPPRIM� cl�*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance [] (PUP.WaEnhance)



---\\ Bilan de la r�paration
~ R�paration r�alis�e avec succ�s.
~ Ce navigateur est absent (Google Chrome)
~ Ce navigateur est absent (Opera Software)


---\\ Statistiques
~ Items scann�s : 66795
~ Items trouv�s : 0
~ Items r�par�s : 101


End of clean at 15:48:38
===================
ZHPCleaner-[R]-05042015-15_48_38.txt

Publicité


Signaler le contenu de ce document

Publicité