cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.5.31.264 by Nicolas Coolman (2015\05\31)
~ Run by Olivier.Nechad (Administrator) (31/05/2015 14:06:16)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\olivier.nechad\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\olivier.nechad\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Services (2)
CLOSED : ReimageRealTimeProtector (PUP.ReimageRepair)
CLOSED : SpyHunter 4 Service (Crapware.SpyHunter)


---\\ Browser internet (6)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyHttp1.1 [Bad : 1] (Hijacker.Proxy)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : <-loopback>] (Hijacker.Proxy)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer [Bad : http=127.0.0.1:55893;https=127.0.0.1:55893] (Hijacker.Proxy)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable [Bad : 0] (Hijacker.Proxy)
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=55893 <-Loopback>] (Hijacker.Proxy)
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=55893 <-Loopback>] (Hijacker.Proxy)


---\\ Hosts file (0)
~ No malicious items found.


---\\ Scheduled automatic tasks. (2)
DELETED task: [ReimageUpdater] [C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Not File) ] (PUP.ReimageRepair)
DELETED task: [SpyHunter4Startup] [C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (Not File) ] (Crapware.SpyHunter)


---\\ Explorer ( File, Folder) (40)
MOVED file: C:\Users\olivier.nechad\Desktop\SpyHunter.lnk [Bad : C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe] (Crapware.SpyHunter)
MOVED file: C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [Reimage� - Reimage Real Time Protection] (PUP.ReimageRepair)
MOVED file: C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [Enigma Software Group USA, LLC. - Service scanner interface] (Crapware.SpyHunter)
MOVED file: C:\Users\olivier.nechad\Downloads\ReimageRepair.exe [Reimage� - Reimage Downloader] (PUP.ReimageRepair)
MOVED file: C:\Users\olivier.nechad\Downloads\SpyHunter-Installer (1).exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED file: C:\Users\olivier.nechad\Downloads\SpyHunter-Installer (2).exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED file: C:\Users\olivier.nechad\Downloads\SpyHunter-installer (3).exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED file: C:\Users\olivier.nechad\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC. - Enigma Installer] (PUP.EnigmaSoftware)
MOVED file: C:\Users\OLIVIE~1.NEC\AppData\Local\Temp\ReimagePackage.exe [Reimage� - Reimage Package] (PUP.ReimageRepair)
MOVED file: C:\Users\OLIVIE~1.NEC\AppData\Local\Temp\ReiSysUpdate.exe [Reimage� - Reimage System Update] (PUP.ReimageRepair)
MOVED file*: C:\Users\olivier.nechad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage (PUP.SpecialSavings)
MOVED file*: C:\Users\olivier.nechad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal (PUP.SpecialSavings)
MOVED file*: C:\Users\olivier.nechad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.goodforsearch.info_0.localstorage (Hijacker.SimpleSearches)
MOVED file*: C:\Users\olivier.nechad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_websearch.goodforsearch.info_0.localstorage-journal (Hijacker.SimpleSearches)
MOVED file*: C:\Users\olivier.nechad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage (PUP.ReimageRepair)
MOVED file*: C:\Users\olivier.nechad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal (PUP.ReimageRepair)
MOVED file: C:\Users\OLIVIE~1.NEC\AppData\Local\Temp\reimage.log (PUP.ReimageRepair)
MOVED file: C:\Windows\Reimage.ini (PUP.ReimageRepair)
MOVED file: C:\Windows\System32\Drivers\EsgScanner.sys (PUP.EnigmaSoftware)
MOVED file: C:\Users\olivier.nechad\AppData\Roaming\appdataFr3.bin (PUP.Optional)
MOVED file: C:\END (PUP.Conduit)
MOVED folder: C:\Program Files (x86)\bestadblocker (PUP.Adblocker)
MOVED folder: C:\Program Files (x86)\BetterMarkIt-soft (PUP.BetterMarkit)
MOVED folder: C:\Program Files (x86)\RRanDoMaPrIce (Adware.Multiplug)
MOVED folder: C:\Program Files (x86)\RRegUlaaraDeals (Adware.Multiplug)
MOVED folder: C:\Program Files (x86)\SalePlluse (Adware.Multiplug)
MOVED folder: C:\Program Files (x86)\SalePlus (Adware.Multiplug)
MOVED folder: C:\Program Files (x86)\Search Extensions (PUP.RocketTab)
MOVED folder: C:\Program Files (x86)\SShopDrOp (Adware.Multiplug)
MOVED folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVED folder: C:\Program Files\Reimage (PUP.ReimageRepair)
MOVED folder: C:\ProgramData\2825013784572919320 (Adware.CrossRider)
MOVED folder: C:\ProgramData\APN (Toolbar.Ask)
MOVED folder: C:\ProgramData\IePluginService (Trojan.SProtector)
MOVED folder: C:\ProgramData\Red AdBlocker (PUP.Adblocker)
MOVED folder: C:\ProgramData\Reimage Protector (PUP.ReimageRepair)
MOVED folder: C:\Users\olivier.nechad\AppData\Roaming\Enigma Software Group (PUP.EnigmaSoftware)
MOVED folder: C:\Users\olivier.nechad\AppData\Roaming\RHEng (PUP.Conduit)
MOVED folder: C:\Users\olivier.nechad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter (Crapware.SpyHunter)
MOVED folder: C:\sh4ldr (Crapware.SpyHunter)


---\\ Registry ( Key, Value, Data) (59)
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.qone8.com/web/?type=ds&ts=1397808342&from=ild&uid=TOSHIBAXMK5061GSY_41DBT4IATXX41DBT4IAT&[...]] [qone8] (Hijacker.Qone8)
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.qone8.com/web/?type=ds&ts=1397808342&from=ild&uid=TOSHIBAXMK5061GSY_41DBT4IATXX41DBT4IAT&q={searchTerms}] (Hijacker.Qone8)
DELETED key*: HKCU\Software\WajIEnhance [] (PUP.Wajam)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector [C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Not File)] (PUP.ReimageRepair)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Not File)] (Crapware.SpyHunter)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\e59bc5ed-551a-b2b3-8762-28524e16b08a [] (Adware.CrossRider)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector [C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Not File)] (PUP.ReimageRepair)
DELETED key: [X64] HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Not File)] (Crapware.SpyHunter)
DELETED key*: HKEY_USERS\S-1-5-21-4082451240-2834497003-798440645-2299\Software\1ClickDownload [] (PUP.1ClickDownloader)
DELETED key*: HKEY_USERS\S-1-5-21-4082451240-2834497003-798440645-2299\Software\Reimage [] (PUP.ReimageRepair)
DELETED key*: HKEY_USERS\S-1-5-21-4082451240-2834497003-798440645-2299\Software\Search Extensions [] (PUP.RocketTab)
DELETED key*: HKEY_USERS\S-1-5-21-4082451240-2834497003-798440645-2299\Software\Wajam [] (PUP.Wajam)
DELETED key: HKEY_USERS\S-1-5-21-4082451240-2834497003-798440645-2299\Software\WajIEnhance [] (PUP.Wajam)
DELETED key: HKCU\Software\1ClickDownload [] (PUP.1ClickDownloader)
DELETED key: HKCU\Software\Reimage [] (PUP.ReimageRepair)
DELETED key: HKCU\Software\Search Extensions [] (PUP.RocketTab)
DELETED key: HKCU\Software\Wajam [] (PUP.Wajam)
DELETED key*: HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED key*: HKCU\Software\AppDataLow\Software\better_markit [] (PUP.BetterMarkit)
DELETED key*: HKCU\Software\AppDataLow\Software\Crossrider [] (Adware.CrossRider)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\P2a6f47fd_8fe4_4375_84e6_2a37c9e6624b_.P2a6f47fd_8fe4_4375_84e6_2a37c9e6624b_ [bestadblocker] (Adware.BestADBlocker)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\P2a6f47fd_8fe4_4375_84e6_2a37c9e6624b_.P2a6f47fd_8fe4_4375_84e6_2a37c9e6624b_.9 [bestadblocker] (Adware.BestADBlocker)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Pf6b3e36b_7ac7_468a_8636_45495a9e17aa_.Pf6b3e36b_7ac7_468a_8636_45495a9e17aa_ [SalePlus] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Pf6b3e36b_7ac7_468a_8636_45495a9e17aa_.Pf6b3e36b_7ac7_468a_8636_45495a9e17aa_.9 [SalePlus] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [ReiEngine Class] (PUP.GetLiveSupport)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [ReiEngine Class] (PUP.GetLiveSupport)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\TorntvDownloader [] (Hijacker.TornTV)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{265d605d-d43a-45e3-a985-340d5412b55c} [RRegUlaaraDeals] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{2a6f47fd-8fe4-4375-84e6-2a37c9e6624b} [bestadblocker] (Adware.BestADBlocker)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{4cc330c8-0c61-401b-b239-71b0f7239d49} [SShopDrOp] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{f6b3e36b-7ac7-468a-8636-45495a9e17aa} [SalePlus] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm [] (PUP.WpManager)
DELETED key*: [X64] HKLM\SOFTWARE\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)
DELETED key*: [X64] HKLM\SOFTWARE\Reimage [] (PUP.ReimageRepair)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32 [] (Hijacker.TornTV)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS [] (Hijacker.TornTV)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector [Reimage] (PUP.ReimageRepair)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ContentExplorer.exe [] (PUP.ContentExplorer)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutleads.exe [] (PUP.DonutQuotes)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\donutquotes.exe [] (PUP.DonutQuotes)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaleads.exe [] (Adware.PastaLeads)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pastaquotes.exe [] (Adware.PastaQuotes)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe [] (PUP.Wajam)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerApp.exe [] (PUP.Wajam)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe [] (PUP.Wajam)
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe [] (PUP.Wajam)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Uniblue [] (PUP.UniblueSystem)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Wpm [] (PUP.WpManager)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] (Toolbar.Ask)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter [Enigma Software Group, LLC] (Crapware.SpyHunter)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{aa13d4c2} [PortRevel] (Adware.Graftor)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} [Fauxbar] (Adware.Multiplug)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} [ReiEngine Class] (PUP.ReimageRepair)
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)] (PUP.ReimageRepair)
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{2a6f47fd-8fe4-4375-84e6-2a37c9e6624b}\InprocServer32 [C:\Program Files (x86)\bestadblocker\b5uzONEr6qViqc.x64.dll (Not File)] (Adware.BestADBlocker)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} [CompReg Class] (PUP.ReimageRepair)
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)] (PUP.ReimageRepair)
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{f6b3e36b-7ac7-468a-8636-45495a9e17aa}\InprocServer32 [C:\Program Files (x86)\SalePlus\dpM74B3tT9UXLj.x64.dll (Not File)] (Adware.Multiplug)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 3182
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 109


End of clean at 14:07:04
===================
ZHPCleaner-[R]-31052015-14_07_04.txt
ZHPCleaner-[S]-31052015-14_03_44.txt

Publicité


Signaler le contenu de ce document

Publicité