cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.6.21.280 by Nicolas Coolman (2015\06\21)
~ Run by Dave&Flo (Administrator) (22/06/2015 14:12:31)
~ Site : http://www.nicolascoolman.com/fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Netttoyer
~ Report : C:\Users\Dave&Flo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Dave&Flo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 8.1, 64-bit (Build 9600)


---\\ Service. (4)
ARRETÉ : WindowsMangerProtect (PUP.Fuyu)
SUPPRIMÉ : {562466dc-a068-420e-b1db-fa8e9156d974}Gw64 (PUP.LinkiDoo)
ARRETÉ : Update Primary Color (Adware.Sambreel)
ARRETÉ : Util Primary Color (Adware.Sambreel)


---\\ Navigateur internet. (13)
REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [hxxp://www.oursurfing.com/?type=hp&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [hxxp://www.oursurfing.com/?type=hp&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.oursurfing.com/?type=hp&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.oursurfing.com/?type=hp&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.oursurfing.com/?type=hp&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Start Page [hxxp://www.oursurfing.com/?type=hp&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1[...]] (Hijacker.OurSurfing)
REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3[...]] (Hijacker.OurSurfing)
REMPLACÉ Quicklaunch: C:\Users\Dave&Flo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://www.oursurfing.com/?type=sc&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD] (Hijacker.Browser)
REMPLACÉ Startup\Programs: C:\Users\Dave&Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : http://www.oursurfing.com/?type=sc&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD] (Hijacker.Browser)
REMPLACÉ Desktop: C:\Users\Public\Desktop\Google Chrome.lnk [Bad : http://www.oursurfing.com/?type=sc&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD] (Hijacker.Browser)


---\\ Fichier hôte. (1)
~ Le fichier hôte est légitime. (21)


---\\ Tâche planifiée. (1)
SUPPRIMÉ tâche: [MaxComputerCleaner_Start] [C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe (Not File) ] (PUP.MaxComputerCleaner)


---\\ Explorateur ( Dossiers, Fichiers ). (35)
DEPLACÉ fichier: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [DTools LIMITED - Windows DTools] (PUP.Fuyu)
DEPLACÉ fichier: C:\WINDOWS\System32\drivers\{562466dc-a068-420e-b1db-fa8e9156d974}Gw64.sys [StdLib - StdLib] (PUP.LinkiDoo)
DEPLACÉ fichier: C:\Windows\Prefetch\AIRWEBBAR.TMP-E62EE5A8.pf (PUP.WebBar)
DEPLACÉ fichier: C:\Windows\Prefetch\AIRWEBBAR_SOFT_PARTNER.TMP-BEE4D36D.pf (PUP.WebBar)
DEPLACÉ fichier: C:\Windows\Prefetch\MAXCOMPUTERCLEANER.EXE-5B0AAD99.pf (PUP.MaxComputerCleaner)
DEPLACÉ fichier: C:\Windows\Prefetch\MAXCOMPUTERCLEANERSETUP_SILEN-C80AD47C.pf (PUP.MaxComputerCleaner)
DEPLACÉ fichier: C:\Windows\Prefetch\PACKAGE_AIRWEBBAR_INSTALLER_M-661F031B.pf (PUP.WebBar)
DEPLACÉ fichier: C:\Windows\Prefetch\PACKAGE_BOXORE_INSTALLER_MULT-224F73A4.pf (Adware.Boxore)
DEPLACÉ fichier: C:\Windows\Prefetch\PACKAGE_BOXORE_INSTALLER_MULT-F71D1AA9.pf (Adware.Boxore)
DEPLACÉ fichier: C:\Windows\Prefetch\PACKAGE_CSDI_OURSURFING_INSTA-119EC26A.pf (Hijacker.OurSurfing)
DEPLACÉ fichier: C:\Windows\Prefetch\PACKAGE_CSDI_OURSURFING_INSTA-949D581E.pf (Hijacker.OurSurfing)
DEPLACÉ fichier: C:\Users\Dave&Flo\AppData\Local\Temp\uttEA60.tmp.exe [ClientConnect Ltd. - Custom Installer] (PUP.ClientConnect)
DEPLACÉ fichier: C:\END (PUP.Conduit)
DEPLACÉ dossier: C:\Program Files (x86)\Max Computer Cleaner (PUP.MaxComputerCleaner)
DEPLACÉ dossier: C:\Program Files (x86)\MaxComputerCleaner (PUP.MaxComputerCleaner)
DEPLACÉ dossier: C:\Program Files (x86)\MaxComputerCleaner_v33.801 (PUP.MaxComputerCleaner)
DEPLACÉ dossier^: C:\Program Files (x86)\Primary Color (Adware.Sambreel)
DEPLACÉ dossier: C:\Program Files (x86)\Wajam (PUP.Wajam)
DEPLACÉ dossier: C:\HealthAlert (PUP.HealthAlert)
DEPLACÉ dossier: C:\ProgramData\WindowsMangerProtect (PUP.Fuyu)
DEPLACÉ dossier: C:\Users\Dave&Flo\AppData\Roaming\oursurfing (Hijacker.OurSurfing)
DEPLACÉ dossier: C:\Users\Dave&Flo\Documents\MaxComputerCleaner (PUP.MaxComputerCleaner)
DEPLACÉ dossier: C:\Users\Dave&Flo\Documents\Optimizer Pro (PUP.OptimizerPro)
DEPLACÉ dossier: C:\Users\Dave&Flo\AppData\LocalLow\SmartWeb (PUP.SmartWebSearch)
DEPLACÉ dossier: C:\Users\Dave&Flo\AppData\Local\Max_Computer_Cleaner (PUP.MaxComputerCleaner)
DEPLACÉ dossier: C:\Users\Dave&Flo\AppData\Local\Temp\Primary Color (Adware.Sambreel)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSI3835.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSI4C7.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSI4DE9.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSI5C6A.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSI697D.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSI9C9.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSIB12.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSIE764.tmp- (Empty)
DEPLACÉ dossier: C:\WINDOWS\Installer\MSIFAE0.tmp- (Empty)


---\\ Base de Registres ( Clés, Valeurs, Données ). (40)
SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [http://www.trovi.com/Results.aspx?gd=&ctid=CT3333004&octid=EB_ORIGINAL_CTID&ISID=17305FFF-ABA5-49D4-[...]] [Trovi] (Hijacker.Trovigo)
SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&fr[...]] [oursurfing] (Hijacker.OurSurfing)
SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&fr[...]] [oursurfing] (Hijacker.OurSurfing)
SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&fr[...]] [oursurfing] (Hijacker.OurSurfing)
REMPLACÉ donnée: HKLM\...\Google Chrome\Shell\open\Command\\"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.oursurfing.com/?type=sc&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD (Hijacker.OurSurfing)
REMPLACÉ donnée: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD (Hijacker.OurSurfing)
SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [http://www.trovi.com/Results.aspx?gd=&ctid=CT3333004&octid=EB_ORIGINAL_CTID&ISID=17305FFF-ABA5-49D4-9871-307992BD7D6B&SearchSource=58&CUI=&UM=8&UP=SP23E01F7E-C4EB-4B33-8F61-960E2E05F72E&D=062015&q={searchTerms}&SSPV=] (Hijacker.Trovigo)
SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD&q={searchTerms}] (Hijacker.OurSurfing)
SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD&q={searchTerms}] (Hijacker.OurSurfing)
SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.oursurfing.com/web/?type=ds&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD&q={searchTerms}] (Hijacker.OurSurfing)
SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Not File)] (PUP.Fuyu)
SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\{562466dc-a068-420e-b1db-fa8e9156d974}Gw64 [C:\WINDOWS\System32\drivers\{562466dc-a068-420e-b1db-fa8e9156d974}Gw64.sys (Not File)] (PUP.LinkiDoo)
SUPPRIMÉ clé: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{562466dc-a068-420e-b1db-fa8e9156d974}Gw64 [C:\WINDOWS\System32\drivers\{562466dc-a068-420e-b1db-fa8e9156d974}Gw64.sys (Not File)] (PUP.LinkiDoo)
SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Update Primary Color ["C:\Program Files (x86)\Primary Color\updatePrimaryColor.exe" (Not File)] (Adware.Sambreel)
SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Util Primary Color ["C:\Program Files (x86)\Primary Color\bin\utilPrimaryColor.exe" (Not File)] (Adware.Sambreel)
SUPPRIMÉ clé: [X64] HKLM\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect [C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Not File)] (PUP.Fuyu)
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3121693006-2879305433-4093868496-1001\Software\MaxComputerCleanerConfig [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3121693006-2879305433-4093868496-1001\Software\MaxComputerCleanerLanguage [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3121693006-2879305433-4093868496-1001\Software\maxcomputerclenner [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3121693006-2879305433-4093868496-1001\Software\Primary Color [] (Adware.Sambreel)
SUPPRIMÉ clé: HKCU\Software\MaxComputerCleanerConfig [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé: HKCU\Software\MaxComputerCleanerLanguage [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé: HKCU\Software\maxcomputerclenner [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé: HKCU\Software\Primary Color [] (Adware.Sambreel)
SUPPRIMÉ clé*: HKCU\Software\AppDataLow\Software\DynConIE [] (PUP.DynConIE)
SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Primary Color [] (Adware.Sambreel)
SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect [] (PUP.Fuyu)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\WebBar [] (PUP.WebBar)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\oursurfingSoftware [] (Hijacker.OurSurfing)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Primary Color [] (Adware.Sambreel)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\supWindowsMangerProtect [] (PUP.Fuyu)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\oursurfing uninstall [oursurfing] (Hijacker.OurSurfing)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_Maintenance_RASAPI32 [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_Maintenance_RASMANCS [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_RASAPI32 [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MaxComputerCleaner_RASMANCS [] (PUP.MaxComputerCleaner)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [Manager Class] (Adware.Sambreel)
SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32 [C:\Program Files (x86)\Primary Color\bin\562466dca068420eb1dbfa8e9156d97464.dll] (Adware.Sambreel)
SUPPRIMÉ valeur: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://www.oursurfing.com/?type=hp&ts=1434954739&z=0e07ca15c3669308ae9f7e6g3zdc1zdtbw2zcmaz1o&from=age&uid=WDCXWD10EZEX-21M2NA0_WCC3FKE06TRDFKE06TRD] (Hijacker.OurSurfing)
SUPPRIMÉ valeur: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\MaxComputerCleaner_v33.801 [C:\Program Files (x86)\MaxComputerCleaner_v33.801\MaxComputerCleaner_Maintenance.exe ro] (PUP.MaxComputerCleaner)


---\\ Bilan de la réparation
~ Réparation réalisée avec succès.
~ Ce navigateur est absent (Mozilla Firefox)
~ Ce navigateur est absent (Opera Software)
~ Le système a été redémarré.


---\\ Statistiques
~ Items scannés : 4747
~ Items trouvés : 0
~ Items annulés : 0
~ Items réparés : 93


End of clean at 14:13:50
===================
ZHPCleaner-[R]-22062015-14_13_50.txt
ZHPCleaner-[S]-22062015-14_11_55.txt

Publicité


Signaler le contenu de ce document

Publicité