cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPCleaner v2015.7.16.299 by Nicolas Coolman (2015/07/16)
~ Run by fidji (Administrator) (20/07/2015 04:02:08)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\fidji\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\fidji\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 8.1, 64-bit (Build 9600)


---\\ Services (3)
CLOSED : IHProtect Service (PUP.Optional.AgentODR)
CLOSED : WindowsMangerProtect (PUP.Optional.Fuyu)
CLOSED : c31ed948 (PUP.Optional.OptimizerPro)


---\\ Browser internet (26)
DELETED Firefox: [ikruzmsp.default-1424443669790] URL HomePage : hxxp://www.oursurfing.com/?type=hp&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc[...] (PUP.Optional.OurSurfing)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("browser.search.searchengine.alias", "oursurfing"); (PUP.Optional.SearchEngine)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); (PUP.Optional.SearchEngine)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("browser.search.searchengine.iconURL", "http://www.oursurfing.com/favicon.ico"); (PUP.Optional.SearchEngine)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("browser.search.searchengine.name", "oursurfing"); (PUP.Optional.SearchEngine)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("browser.search.searchengine.ptid", "tt4u"); (PUP.Optional.SearchEngine)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("browser.search.searchengine.uid", "WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8"); (PUP.Optional.SearchEngine)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("browser.search.searchengine.url", "http://www.oursurfing.com/web/?type=ds&ts=1437293512&z[...] (PUP.Optional.SearchEngine)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("extensions.quick_start.enable_search1", false); (PUP.Optional.QuickStart)
DELETED: [ikruzmsp.default-1424443669790] - user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); (PUP.Optional.QuickStart)
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll [PriceGong - PriceGong - Price Comparison] (PUP.Optional.PriceGong) [E72021333545779CA271E2854221F6C4]
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin\PriceGong.png (PUP.Optional.PriceGong) [1EDEBF07B9B5B3778AC4522D10867AEA]
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US\pricegong.dtd (PUP.Optional.PriceGong) [9C6FDE6D6EDDB87F07A0C3E5D54957D5]
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\pricegong-3.x.xul (PUP.Optional.PriceGong) [B3105A80FABF78347461985EF41A7260]
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\pricegong-4.x.xul (PUP.Optional.PriceGong) [1B6043F8C658C6F8F871000D42507BE4]
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [hxxp://www.oursurfing.com/?type=hp&ts=1437293512&z=94b59e669a3db63702a94d8g5z8ca[...]] (PUP.Optional.OurSurfing)
REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.oursurfing.com/?type=hp&ts=1437293512&z=94b59e669a3db63702a94d8g5z8ca[...]] (PUP.Optional.OurSurfing)
REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.oursurfing.com/web/?type=ds&ts=1437293512&z=94b59e669a3db63702a94d8g5[...]] (PUP.Optional.OurSurfing)
REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.oursurfing.com/web/?type=ds&ts=1437293512&z=94b59e669a3db63702a94d8g5[...]] (PUP.Optional.OurSurfing)
REPLACED IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [hxxp://www.oursurfing.com/?type=hp&ts=1437293512&z=94b59e669a3db63702a94d8g5z8ca[...]] (PUP.Optional.OurSurfing)
REPLACED IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [hxxp://www.oursurfing.com/web/?type=ds&ts=1437293512&z=94b59e669a3db63702a94d8g5[...]] (PUP.Optional.OurSurfing)
REPLACED IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page [hxxp://www.oursurfing.com/web/?type=ds&ts=1437293512&z=94b59e669a3db63702a94d8g5[...]] (PUP.Optional.OurSurfing)
REPLACED Quicklaunch: C:\Users\fidji\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://www.oursurfing.com/?type=sc&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc7wct7g0o&from=tt4u&uid=WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8] (Hijacker.Browser)
REPLACED TaskBar: C:\Users\fidji\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [Bad : http://www.oursurfing.com/?type=sc&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc7wct7g0o&from=tt4u&uid=WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8] (Hijacker.Browser)
REPLACED TaskBar: C:\Users\fidji\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [Bad : http://www.oursurfing.com/?type=sc&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc7wct7g0o&from=tt4u&uid=WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8] (Hijacker.Browser)
REPLACED Startup\Programs: C:\Users\fidji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : http://www.oursurfing.com/?type=sc&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc7wct7g0o&from=tt4u&uid=WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8] (Hijacker.Browser)


---\\ Hosts file (1)
~ The hosts file is legitimate (21)


---\\ Scheduled automatic tasks. (1)
DELETED task: [Bidaily Synchronize Task[8da6]] [C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job (Not File) ] (PUP.Optional.BidailySync)


---\\ Explorer ( File, Folder) (21)
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll [PriceGong - PriceGong - Price Comparison] (PUP.Optional.PriceGong)
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin\PriceGong.png (PUP.Optional.PriceGong)
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US\pricegong.dtd (PUP.Optional.PriceGong)
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\pricegong-3.x.xul (PUP.Optional.PriceGong)
MOVED file: C:\Users\fidji\AppData\Roaming\Mozilla\Firefox\Profiles\ikruzmsp.default-1424443669790\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\pricegong-4.x.xul (PUP.Optional.PriceGong)
MOVED file: C:\Program Files (x86)\MiuiTab\ProtectService.exe [XTab system - ProtectSvc.exe] (PUP.Optional.AgentODR)
MOVED file: C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [DTools LIMITED - Windows DTools] (PUP.Optional.Fuyu)
MOVED file: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job (PUP.Optional.BidailySync)
MOVED file: C:\END (PUP.Optional.Conduit)
MOVED folder: C:\Users\fidji\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok (PUP.Optional.PriceGong)
MOVED folder^: C:\Program Files (x86)\gmsd_fr_021010034 (PUP.Optional.CrossRider)
MOVED folder: C:\Program Files (x86)\MiuiTab (PUP.Optional.MiuiTab)
MOVED folder: C:\Program Files (x86)\Optimizer Pro 3.99 (PUP.Optional.OptimizerPro)
MOVED folder: C:\Program Files (x86)\PriceGong (PUP.Optional.PriceGong)
MOVED folder: C:\Program Files (x86)\Product Deals (PUP.Optional.Sambreel)
MOVED folder: C:\ProgramData\IHProtectUpDate (PUP.Optional.AgentODR)
MOVED folder: C:\ProgramData\WindowsMangerProtect (PUP.Optional.Fuyu)
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 (PUP.Optional.OptimizerPro)
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong (PUP.Optional.PriceGong)
MOVED folder: C:\Users\fidji\AppData\Roaming\oursurfing (PUP.Optional.OurSurfing)
MOVED folder^: C:\Users\fidji\AppData\Local\gmsd_fr_021010034 (PUP.Optional.CrossRider)


---\\ Registry ( Key, Value, Data) (9)
REPLACED data: HKLM\...\FIREFOX.EXE\Shell\open\Command\\"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.oursurfing.com/?type=sc&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc7wct7g0o&from=tt4u&uid=WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8 (PUP.Optional.OurSurfing)
REPLACED data: HKLM\...\Google Chrome\Shell\open\Command\\"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.oursurfing.com/?type=sc&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc7wct7g0o&from=tt4u&uid=WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8 (PUP.Optional.OurSurfing)
REPLACED data: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1437293512&z=94b59e669a3db63702a94d8g5z8cambodc7wct7g0o&from=tt4u&uid=WDCXWD10JPVX-80JC3T0_WD-WXM1E14FSXK8FSXK8 (PUP.Optional.OurSurfing)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} [PriceGong] (PUP.Optional.PriceGong)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} [PriceGong - Price Comparison] (PUP.Optional.PriceGong)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO [PriceGong - Price Comparison] (PUP.Optional.PriceGong)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1 [PriceGong - Price Comparison] (PUP.Optional.PriceGong)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl [PriceGongCtrl Class] (PUP.Optional.PriceGong)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1 [PriceGongCtrl Class] (PUP.Optional.PriceGong)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 943
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 60


End of clean at 04:03:07
===================
ZHPCleaner-[R]-18072015-12_05_52.txt
ZHPCleaner-[R]-20072015-04_03_07.txt
ZHPCleaner-[S]-18072015-09_43_33.txt
ZHPCleaner-[S]-18072015-12_05_30.txt
ZHPCleaner-[S]-20072015-04_01_48.txt

Publicité


Signaler le contenu de ce document

Publicité