cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.4.15.169 by Nicolas Coolman (15/04/2015)
~ Run by Ben (Administrator) (15/04/2015 23:46:11)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Ben\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Ben\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Services (4)
WINSOCK [Protocol_Catalog9\Catalog_Entries]: Reset the socket that handles the layer TCP/IP (Hijacker.Winsock)
CLOSED : jefewity (Generic.Trojan)
CLOSED : pylywusy (Generic.Trojan)



---\\ Browser internet (1)
REPLACED Chrome URL: hxxp://www.trovi.com/?gd=&ctid=CT3317919&octid=EB_ORIGINAL_CTID&ISID=M46AB03EB-948C-4DA7-909B-CD4F0D[...] (Hijacker.LuckySearches)


---\\ Hosts file (0)
~ No malicious items found.


---\\ Scheduled automatic tasks. (8)
DELETED task: [APSnotifierPP1] [C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe] (PUP.AnyProtect)
DELETED task: [APSnotifierPP2] [C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe] (PUP.AnyProtect)
DELETED task: [APSnotifierPP3] [C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe] (PUP.AnyProtect)
DELETED task: [avaavaevy] [C:\Users\Ben\AppData\Local\avaavaevy\avaavaevy.exe] (PUP.SearchProtect)
DELETED task: [SmartWeb Upgrade Trigger Task] [C:\Users\Ben\AppData\Local\SmartWeb\SmartWebHelper.exe (Not File) ] (PUP.SmartWebSearch)
DELETED task: [APSnotifierPP1] [C:\Windows\Tasks\APSnotifierPP1.job] (PUP.AnyProtect)
DELETED task: [APSnotifierPP2] [C:\Windows\Tasks\APSnotifierPP2.job] (PUP.AnyProtect)
DELETED task: [APSnotifierPP3] [C:\Windows\Tasks\APSnotifierPP3.job] (PUP.AnyProtect)


---\\ Explorer ( File, Folder) (82)
MOVED file: C:\Users\Ben\AppData\Roaming\OhG8WsA\Kommun.dll (Adware.Pirrit)
MOVED file: C:\Users\Ben\AppData\Roaming\OhG8WsA\LibDownloadManagement.dll (Adware.Pirrit)
MOVED file: C:\Users\Ben\AppData\Roaming\FnawxWA\Kommun.dll (Adware.Pirrit)
MOVED file: C:\Users\Ben\AppData\Roaming\FnawxWA\LibDownloadManagement.dll (Adware.Pirrit)
MOVED file: C:\Users\Ben\AppData\Roaming\CWJBTY8\Kommun.dll (Adware.Pirrit)
MOVED file: C:\Users\Ben\AppData\Roaming\CWJBTY8\LibDownloadManagement.dll (Adware.Pirrit)
MOVED folder: C:\Users\Ben\AppData\Roaming\OhG8WsA (Adware.Pirrit)
MOVED folder: C:\Users\Ben\AppData\Roaming\FnawxWA (Adware.Pirrit)
MOVED folder: C:\Users\Ben\AppData\Roaming\CWJBTY8 (Adware.Pirrit)
MOVED file: C:\Program Files (x86)\2e31ee0d-6429-42b4-8129-7539b907feff\d1ba3672-841f-4add-b456-2d518a685fc6.dll (PUP.CrossRider)
MOVED file: C:\Program Files (x86)\2e31ee0d-6429-42b4-8129-7539b907feff\de237aca-8776-4c8e-bef8-4d8316090820.dll (PUP.CrossRider)
MOVED folder: C:\Program Files (x86)\2e31ee0d-6429-42b4-8129-7539b907feff (PUP.CrossRider)
MOVED file: C:\Users\Ben\AppData\Roaming\00000000-1428340849-0000-0000-448A5BED4B94\nssCDCB.tmp (Generic.Trojan)
MOVED file: C:\Users\Ben\AppData\Roaming\00000000-1428340849-0000-0000-448A5BED4B94\jnsy5919.tmp (Generic.Trojan)
MOVED folder: C:\Users\Ben\AppData\Roaming\00000000-1428340849-0000-0000-448A5BED4B94 (Generic.Trojan)
MOVED folder**: C:\Users\Ben\AppData\Roaming\00000000-1428340849-0000-0000-448A5BED4B94 (Generic.Trojan)
MOVED folder**: "C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce (Heur.PUP.StrongSignal)
MOVED file: C:\ProgramData\{176e5635-1393-c3fb-176e-e563513958d4}\hqghumeaylnlf.exe [Super PC Tools Ltd - Fix PC problems and optimize performance] (PUP.SuperPCTools)
MOVED file: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk (PUP.SuperPCTools)
MOVED file: C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [AnyProtect.com - AnyProtect] (PUP.AnyProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\avaavaevy.exe (PUP.SearchProtect)
MOVED file: C:\Windows\Tasks\APSnotifierPP1.job (PUP.AnyProtect)
MOVED file: C:\Windows\Tasks\APSnotifierPP2.job (PUP.AnyProtect)
MOVED file: C:\Windows\Tasks\APSnotifierPP3.job (PUP.AnyProtect)
MOVED file: C:\Program Files (x86)\AnyProtectEx\product.guid (PUP.AnyProtect)
MOVED file: C:\Program Files (x86)\AnyProtectEx\Uninstall.exe [CMI Limited - Setup] (PUP.AnyProtect)
MOVED file: C:\Program Files (x86)\WebProtectorPlus\libgcc_s_dw2-1.dll (PUP.WebProtect)
MOVED file: C:\Program Files (x86)\WebProtectorPlus\mingwm10.dll (PUP.WebProtect)
MOVED file: C:\Program Files (x86)\WebProtectorPlus\QtCore4.dll [Digia Plc and/or its subsidiary(-ies) - C++ application development framework.] (PUP.WebProtect)
MOVED file: C:\Program Files (x86)\WebProtectorPlus\QtGui4.dll [Digia Plc and/or its subsidiary(-ies) - C++ application development framework.] (PUP.WebProtect)
MOVED file: C:\Program Files (x86)\WebProtectorPlus\QtNetwork4.dll [Digia Plc and/or its subsidiary(-ies) - C++ application development framework.] (PUP.WebProtect)
MOVED file: C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlusUI.exe (PUP.WebProtect)
MOVED folder: C:\Program Files (x86)\WebProtectorPlus\server64 (PUP.WebProtect)
MOVED folder: C:\Program Files (x86)\AnyProtectEx (PUP.AnyProtect)
MOVED folder: C:\Program Files (x86)\gmsd_fr_424 (PUP.CrossRider)
MOVED folder: C:\Program Files (x86)\predm (Adware.Downware)
MOVED folder: C:\Program Files (x86)\WebProtectorPlus (PUP.WebProtect)
MOVED file: C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47\4d0801eee76440b5aa8e9e9bd8f25f47.exe [Copyright (C) 2014 - 4d0801eee76440b5aa8e9e9bd8f25f47] (PUP.CrossRider)
MOVED file: C:\ProgramData\7b2a98c5c3a9485689cfb0f9c7e387ba\812d4818d1504eeba41791841785edb6 (PUP.CrossRider)
MOVED folder: C:\ProgramData\4d0801eee76440b5aa8e9e9bd8f25f47 (PUP.CrossRider)
MOVED folder: C:\ProgramData\7b2a98c5c3a9485689cfb0f9c7e387ba (PUP.CrossRider)
MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] (Trojan.AutoKMS)
MOVED file: C:\Windows\AutoKMS\AutoKMS.log (Trojan.AutoKMS)
MOVED folder: C:\Windows\AutoKMS (Trojan.AutoKMS)
MOVED folder: C:\Users\Ben\AppData\Roaming\AnyProtectEx\installer (PUP.AnyProtect)
MOVED folder: C:\Users\Ben\AppData\Roaming\AnyProtectEx\language (PUP.AnyProtect)
MOVED folder: C:\Users\Ben\AppData\Roaming\AnyProtectEx\logs (PUP.AnyProtect)
MOVED folder: C:\Users\Ben\AppData\Roaming\AnyProtectEx\scan_results (PUP.AnyProtect)
MOVED folder: C:\Users\Ben\AppData\Roaming\AnyProtectEx\swf (PUP.AnyProtect)
MOVED folder: C:\Users\Ben\AppData\Roaming\AnyProtectEx (PUP.AnyProtect)
MOVED file: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup\AnyProtect.lnk (PUP.AnyProtect)
MOVED file: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup\Uninstall.lnk (PUP.AnyProtect)
MOVED folder: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup (PUP.AnyProtect)
MOVED folder: C:\Users\Ben\AppData\LocalLow\WebProtector\UserData (PUP.WebProtect)
MOVED folder: C:\Users\Ben\AppData\LocalLow\WebProtector (PUP.WebProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\bahvxfk (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\mkfvxfk (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\pbqrmvbub [Client Connect LTD - Search Protect] (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\pvpqbjobmlpfqlovvawq (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\qokvxfk (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\rfobmlpfqlovvawq (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\rpboobmlpfqlovvawq (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\avaavaevy\ycfvxfk (PUP.SearchProtect)
MOVED file: C:\Users\Ben\AppData\Local\SmartWeb\__u.exe [SoftBrain Technologies Ltd. - SoftBrain Technologies Ltd. - Price Comparison] (PUP.SmartWebSearch)
MOVED folder: C:\Users\Ben\AppData\Local\avaavaevy (PUP.SearchProtect)
MOVED folder: C:\Users\Ben\AppData\Local\SmartWeb (PUP.SmartWebSearch)
MOVED file: C:\Windows\Installer\3cee010.msi [Kreapixel - Windows Installer] (Adware.SocialSkinz)
MOVED file: C:\Users\Ben\Desktop\Continue Live Installation.lnk (PUP.ContinueLiveInstallation)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage (PUP.BoostSaves)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal (PUP.BoostSaves)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage (PUP.Optional)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal (PUP.Optional)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_strongsignal-a.akamaihd.net_0.localstorage (PUP.AkamaiHD)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_strongsignal-a.akamaihd.net_0.localstorage-journal (PUP.AkamaiHD)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage (PUP.BoostSaves)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal (PUP.BoostSaves)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage (PUP.Re-Markable)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal (PUP.Re-Markable)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage (PUP.SelectNGo)
MOVED file*: C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal (PUP.SelectNGo)
MOVED file: C:\Users\Ben\AppData\Local\Temp\Uninstall.exe [Copyright 2013 - ] (PUP.Optional)
MOVED file: C:\END (Toolbar.Conduit)


---\\ Registry ( Key, Value, Data) (37)
DELETED value: HKCU\Software\Mozilla\Firefox\Extensions\\{DE232D5C-2A74-33CB-EF11-A5DFAF479F3A} [C:\Program Files (x86)\version45BlockAndSurf\191.xpi] (PUP.BlockAndSurf)
DELETED value: HKCU\Software\Mozilla\Firefox\Extensions\\{7C5CEF87-7D1B-9755-263E-6E9371FCB940} [C:\Program Files (x86)\version67BlockAndSurf\191.xpi] (PUP.BlockAndSurf)
DELETED key*: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse ["C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" (Not File)] (PUP.CrossBrowse)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 [C:\Windows\system32\DCL.dll (Not File)] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 [C:\Windows\system32\DCL.dll (Not File)] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 [C:\Windows\system32\DCL.dll (Not File)] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 [C:\Windows\system32\DCL.dll (Not File)] (Hijacker.Winsock)
REPLACED : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 [C:\Windows\system32\DCL.dll (Not File)] (Hijacker.Winsock)
DELETED value: [X64] HKLM\Software\Classes\.htm\OpenWithProgIDs\\BinkilandHTML.DMDMHJPQM7JN5BGV5ZYS3ZGFU [] (PUP.Binkiland)
DELETED value: [X64] HKLM\Software\Classes\.html\OpenWithProgIDs\\BinkilandHTML.DMDMHJPQM7JN5BGV5ZYS3ZGFU [] (PUP.Binkiland)
DELETED value: [X64] HKLM\Software\Classes\.shtml\OpenWithProgIDs\\BinkilandHTML.DMDMHJPQM7JN5BGV5ZYS3ZGFU [] (PUP.Binkiland)
DELETED value: [X64] HKLM\Software\Classes\.webp\OpenWithProgIDs\\BinkilandHTML.DMDMHJPQM7JN5BGV5ZYS3ZGFU [] (PUP.Binkiland)
DELETED value: [X64] HKLM\Software\Classes\.xht\OpenWithProgIDs\\BinkilandHTML.DMDMHJPQM7JN5BGV5ZYS3ZGFU [] (PUP.Binkiland)
DELETED key^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\jefewity [C:\Users\Ben\AppData\Roaming\00000000-1428340849-0000-0000-448A5BED4B94\nssCDCB.tmp (Not File)] (Generic.Trojan)
DELETED key^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\pylywusy [C:\Users\Ben\AppData\Roaming\00000000-1428340849-0000-0000-448A5BED4B94\jnsy5919.tmp (Not File)] (Generic.Trojan)
DELETED key^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Update Mgr StrongSignal ["C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\Updater.exe" (Not File) (Not File)] (Heur.PUP.StrongSignal)
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_8B4B86C2A5661DC92D9A84E265233F91 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.Vosteran)
DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_371 [] (PUP.CrossRider)
DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_424 [] (PUP.CrossRider)
DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Update [C:\Users\Ben\AppData\Roaming\ASPackage\ASPackage.exe /runonce] (PUP.ASPackage)
DELETED key*: HKEY_USERS\S-1-5-21-1875274107-3066168380-3903474342-1000\Software\AnyProtect [] (PUP.AnyProtect)
DELETED key*: HKEY_USERS\S-1-5-21-1875274107-3066168380-3903474342-1000\Software\Linkey [] (PUP.LinkeySearch)
DELETED key*: HKCU\Software\AppDataLow\Software\BlockAndSurf [] (PUP.BlockAndSurf)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\BinkilandHTML.DMDMHJPQM7JN5BGV5ZYS3ZGFU [Binkiland HTML Document] (PUP.Binkiland)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CRSBRWSHTML [Crossbrowse HTML Document] (PUP.CrossBrowse)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} [C:\Users\Ben\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} [C:\Users\Ben\AppData\Roaming\BrowserExtensions (Not File)] (PUP.BrowserExtensions)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe [C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Not File)] (PUP.CrossBrowse)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe [C:\Program Files (x86)\DriverRestore\DriverRestore.exe (Not File)] (PUP.DriverRestore)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\ORBTR [] (Toolbar.Conduit)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\StrongSignal [] (PUP.StrongSignal)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tutorials [] (PUP.AgenceExclusive)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\WebProtector [] (PUP.BProtector)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect [CMI Limited] (PUP.CMILimited)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Linkey [] (PUP.LinkeySearch)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage [] (Adware.Downware)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 78174
~ Items found : 0
~ Items repaired : 132


End of clean at 00:09:16
===================
ZHPCleaner-[R]-16042015-00_09_16.txt

Publicité


Signaler le contenu de ce document

Publicité