Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by BENOIT at 30/03/2017 10:09:27
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Recycle Bin emptied (00mn 06s)
Prefetcher emptied
========== Software ==========
REMOVES: amuleC
REMOVES: BikaQ Rss
REMOVES: WinSnare
========== Process memory ==========
REMOVES: Memory Process: C:\Windows\Installer\{BB1104E2-BF22-4754-831E-5A9EE253991C}\_853F67D554F05449430E7E.exe
========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F7B5011-72EC-493D-A7BF-546591047E8E}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3678D164-84DB-4F73-AFD6-916342E10764}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB1104E2-BF22-4754-831E-5A9EE253991C}]
REMOVES: Service: clean
REMOVES: Service: InstallerService
REMOVES: Service: serverws
REMOVES: Service: WinSAPSvc
REMOVES: Service: WinSnare
REMOVES: HKLM\SOFTWARE\Wow6432Node\Arperk
REMOVES: HKLM\SOFTWARE\Wow6432Node\Atodoentcoikse
REMOVES: HKLM\SOFTWARE\Wow6432Node\Bavrykatok
REMOVES: HKLM\SOFTWARE\Wow6432Node\Boxfat
REMOVES: HKLM\SOFTWARE\Wow6432Node\Celerle
REMOVES: HKLM\SOFTWARE\Wow6432Node\Chtydrerpuing
REMOVES: HKLM\SOFTWARE\Wow6432Node\Ckavule
REMOVES: HKLM\SOFTWARE\Wow6432Node\Clestlehacult
REMOVES: HKLM\SOFTWARE\Wow6432Node\co.ao.aio
REMOVES: HKLM\SOFTWARE\Wow6432Node\co.ao.qws
REMOVES: HKLM\SOFTWARE\Wow6432Node\D95B5FA83D9DF5AEEDEAB41BABBCC014
REMOVES: HKLM\SOFTWARE\Wow6432Node\Dridetain
REMOVES: HKLM\SOFTWARE\Wow6432Node\drinent.exe
REMOVES: HKLM\SOFTWARE\Wow6432Node\Dronaing
REMOVES: HKLM\SOFTWARE\Wow6432Node\Elex-tech
REMOVES: HKLM\SOFTWARE\Wow6432Node\Explorer
REMOVES: HKLM\SOFTWARE\Wow6432Node\Goldass
REMOVES: HKLM\SOFTWARE\Wow6432Node\jhtrsq
REMOVES: HKLM\SOFTWARE\Wow6432Node\MicroRay
REMOVES: HKLM\SOFTWARE\Wow6432Node\msitask
REMOVES: HKLM\SOFTWARE\Wow6432Node\Plwoiedcoergacult
REMOVES: HKLM\SOFTWARE\Wow6432Node\Reejach
REMOVES: HKLM\SOFTWARE\Wow6432Node\startpageing123Software
REMOVES: HKLM\SOFTWARE\Wow6432Node\Vamuward
REMOVES: HKLM\SOFTWARE\Wow6432Node\Zohetnerhiing
REMOVES: HKCU\SOFTWARE\D95B5FA83D9DF5AEEDEAB41BABBCC014
REMOVES: HKCU\SOFTWARE\Explorer
REMOVES: HKCU\SOFTWARE\Goldass
REMOVES: HKCU\SOFTWARE\IM
REMOVES: HKCU\SOFTWARE\KingsIsle Entertainment, Inc.
REMOVES: HKCU\SOFTWARE\ProtectedStorage
REMOVES: HKCU\SOFTWARE\Raft
REMOVES: HKCU\SOFTWARE\WinSnare
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{F294D2AE-ECCF-11E6-85D5-64006A5CFC23}]
REMOVES: [HKLM\Software\Classes\Installer\Products\\2E4011BB22FB457438E1A5E92E3599C1]
REMOVES: [HKLM\Software\Classes\Installer\Features\2E4011BB22FB457438E1A5E92E3599C1]
REMOVES: [HKLM\Software\Classes\Installer\Products\\461D8763BD4837F4FA6D1936241E7046]
REMOVES: [HKLM\Software\Classes\Installer\Features\461D8763BD4837F4FA6D1936241E7046]
REMOVES: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\Open\command
REMOVES: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command
========== Registry values ==========
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
REMOVES: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
REMOVES: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
REMOVES: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
REMOVES: FirewallRaz (None) : NetPres-WSD-In-UDP
REMOVES: FirewallRaz (None) : NetPres-WSD-Out-UDP
REMOVES: FirewallRaz (Public) : NetPres-In-TCP
REMOVES: FirewallRaz (Public) : NetPres-Out-TCP
REMOVES: FirewallRaz (None) : MCX-Prov-Out-TCP
REMOVES: FirewallRaz (None) : MCX-McrMgr-Out-TCP
REMOVES: FirewallRaz (Private) : TCP Query User{FF9BD57C-FEBC-470F-BBD6-854C8B1C01A4}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES: FirewallRaz (Private) : UDP Query User{B93EDD7E-A728-4C62-A80E-B3C85D7914EC}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES: FirewallRaz (None) : {DAA05029-C27E-4632-BB50-FB1063BAFC36}
REMOVES: FirewallRaz (Public) : TCP Query User{65454CF0-CA88-4DBD-B6AD-9F9B49D61306}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES: FirewallRaz (Public) : UDP Query User{FEAD2E10-A831-488D-B14B-99E5C215546C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES ShellExecuteHooks: {F294D2AE-ECCF-11E6-85D5-64006A5CFC23}
REMOVES: {AD5E2A49-1A20-4019-A96D-9E0DDEDDF3CB}
========== Elements of the registry data ==========
REMOVES: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R1 Search Page = http://www.startpageing123.com/search/?type=ds&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8qfofe3w&from=che0812&uid=ST3500630AS_5QG0PQEBXXXX5QG0PQEB&q={searchTerms}
REMOVES: R1 Search Page = http://www.startpageing123.com/?type=hp&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8qfofe3w&from=che0812&uid=ST3500630AS_5QG0PQEBXXXX5QG0PQEB
REMOVES: StartMenuInternet: C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.startpageing123.com/
REMOVES: StartMenuInternet: C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.startpageing123.com/
========== Preferences browser ==========
REMOVES Mozilla Pref: http://www.startpageing123.com/
ABSENT Mozilla Pref: user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.fr,DuckDuckGo,Portail Lexical - CNRTL,startpageing123,Wikipédia (fr)"[...]
ABSENT Mozilla Pref: user_pref("browser.startup.homepage", "http://www.startpageing123.com/?type=hp&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8[...]
========== Folders ==========
Deletes temporary Windows (0)
REMOVES Flash Cookies (0)
REMOVES: C:\Program Files\dsh7q194
REMOVES: C:\Program Files (x86)\58BE9E3D_cacayima
REMOVES: C:\Program Files (x86)\58C00CCC_cacayima
REMOVES: C:\Program Files (x86)\58C1C30B_cacayima
REMOVES: C:\Program Files (x86)\58C2B675_cacayima
REMOVES: C:\Program Files (x86)\58C6A655_cacayima
REMOVES: C:\Program Files (x86)\58C7C5E7_cacayima
REMOVES: C:\Program Files (x86)\58C94694_cacayima
REMOVES: C:\Program Files (x86)\58CAFB96_cacayima
REMOVES: C:\Program Files (x86)\58CBCD7A_cacayima
REMOVES: C:\Program Files (x86)\dsh7q194
REMOVES Reboot:** C:\Program Files (x86)\Elex-tech
REMOVES Reboot:** C:\Program Files (x86)\Gherwaspanasution
REMOVES Reboot:** C:\Program Files (x86)\Ghobus Collector
REMOVES: C:\Program Files (x86)\MK
REMOVES: C:\Program Files (x86)\n1
REMOVES: C:\Program Files (x86)\WinSnare(4.3.9)
REMOVES: C:\Users\BENOIT\AppData\Roaming\Elex-tech
REMOVES: C:\Users\BENOIT\AppData\Roaming\WinSAPSvc
REMOVES: C:\Users\BENOIT\AppData\Roaming\WinSnare
REMOVES: C:\Users\BENOIT\AppData\Local\Boxfat
REMOVES: C:\Users\BENOIT\AppData\Local\MSfree Inc
REMOVES: C:\Users\BENOIT\AppData\Local\Zujerle
========== Files ==========
Deletes temporary Windows (0) (0 octets)
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\users\benoit\appdata\roaming\clean\kyubey.exe
REMOVES: c:\users\benoit\appdata\roaming\winsapsvc\winsap.dll
REMOVES: c:\users\benoit\appdata\roaming\winsnare\winsnare.dll
REMOVES: C:\Windows\Installer\1591c428.msi
REMOVES: C:\Windows\Installer\6e2cccf.msi
REMOVES: C:\Windows\Installer\71f28e12.msi
REMOVES: C:\Users\BENOIT\AppData\Roaming\Mozilla\Firefox\Profiles\w0dex2ed.default-1487150875118\searchplugins\startpageing123.xml
REMOVES:** c:\windows\installer\{bb1104e2-bf22-4754-831e-5a9ee253991c}\_853f67d554f05449430e7e.exe
========== Scheduled task ==========
REMOVES: Milimili
========== Summary ==========
1 : Process memory
48 : Registry keys
19 : Registry values
7 : Elements of the registry data
25 : Folders
10 : Files
3 : Software
3 : Preferences browser
1 : Scheduled task
End of clean in 02mn 49s
========== Path to file report ==========
C:\Users\BENOIT\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/03/2017 10:09:34 [8174]
Fichier d'export Registre :
Run by BENOIT at 30/03/2017 10:09:27
High Elevated Privileges : OK
Windows 8 Business Edition, 64-bit (Build 9200)
Recycle Bin emptied (00mn 06s)
Prefetcher emptied
========== Software ==========
REMOVES: amuleC
REMOVES: BikaQ Rss
REMOVES: WinSnare
========== Process memory ==========
REMOVES: Memory Process: C:\Windows\Installer\{BB1104E2-BF22-4754-831E-5A9EE253991C}\_853F67D554F05449430E7E.exe
========== Registry keys ==========
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F7B5011-72EC-493D-A7BF-546591047E8E}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3678D164-84DB-4F73-AFD6-916342E10764}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB1104E2-BF22-4754-831E-5A9EE253991C}]
REMOVES: Service: clean
REMOVES: Service: InstallerService
REMOVES: Service: serverws
REMOVES: Service: WinSAPSvc
REMOVES: Service: WinSnare
REMOVES: HKLM\SOFTWARE\Wow6432Node\Arperk
REMOVES: HKLM\SOFTWARE\Wow6432Node\Atodoentcoikse
REMOVES: HKLM\SOFTWARE\Wow6432Node\Bavrykatok
REMOVES: HKLM\SOFTWARE\Wow6432Node\Boxfat
REMOVES: HKLM\SOFTWARE\Wow6432Node\Celerle
REMOVES: HKLM\SOFTWARE\Wow6432Node\Chtydrerpuing
REMOVES: HKLM\SOFTWARE\Wow6432Node\Ckavule
REMOVES: HKLM\SOFTWARE\Wow6432Node\Clestlehacult
REMOVES: HKLM\SOFTWARE\Wow6432Node\co.ao.aio
REMOVES: HKLM\SOFTWARE\Wow6432Node\co.ao.qws
REMOVES: HKLM\SOFTWARE\Wow6432Node\D95B5FA83D9DF5AEEDEAB41BABBCC014
REMOVES: HKLM\SOFTWARE\Wow6432Node\Dridetain
REMOVES: HKLM\SOFTWARE\Wow6432Node\drinent.exe
REMOVES: HKLM\SOFTWARE\Wow6432Node\Dronaing
REMOVES: HKLM\SOFTWARE\Wow6432Node\Elex-tech
REMOVES: HKLM\SOFTWARE\Wow6432Node\Explorer
REMOVES: HKLM\SOFTWARE\Wow6432Node\Goldass
REMOVES: HKLM\SOFTWARE\Wow6432Node\jhtrsq
REMOVES: HKLM\SOFTWARE\Wow6432Node\MicroRay
REMOVES: HKLM\SOFTWARE\Wow6432Node\msitask
REMOVES: HKLM\SOFTWARE\Wow6432Node\Plwoiedcoergacult
REMOVES: HKLM\SOFTWARE\Wow6432Node\Reejach
REMOVES: HKLM\SOFTWARE\Wow6432Node\startpageing123Software
REMOVES: HKLM\SOFTWARE\Wow6432Node\Vamuward
REMOVES: HKLM\SOFTWARE\Wow6432Node\Zohetnerhiing
REMOVES: HKCU\SOFTWARE\D95B5FA83D9DF5AEEDEAB41BABBCC014
REMOVES: HKCU\SOFTWARE\Explorer
REMOVES: HKCU\SOFTWARE\Goldass
REMOVES: HKCU\SOFTWARE\IM
REMOVES: HKCU\SOFTWARE\KingsIsle Entertainment, Inc.
REMOVES: HKCU\SOFTWARE\ProtectedStorage
REMOVES: HKCU\SOFTWARE\Raft
REMOVES: HKCU\SOFTWARE\WinSnare
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{F294D2AE-ECCF-11E6-85D5-64006A5CFC23}]
REMOVES: [HKLM\Software\Classes\Installer\Products\\2E4011BB22FB457438E1A5E92E3599C1]
REMOVES: [HKLM\Software\Classes\Installer\Features\2E4011BB22FB457438E1A5E92E3599C1]
REMOVES: [HKLM\Software\Classes\Installer\Products\\461D8763BD4837F4FA6D1936241E7046]
REMOVES: [HKLM\Software\Classes\Installer\Features\461D8763BD4837F4FA6D1936241E7046]
REMOVES: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\Open\command
REMOVES: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command
========== Registry values ==========
ABSENT value Standard Profile: FirewallRaz :
ABSENT value Domain Profile: FirewallRaz :
REMOVES: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
REMOVES: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
REMOVES: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
REMOVES: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
REMOVES: FirewallRaz (None) : NetPres-WSD-In-UDP
REMOVES: FirewallRaz (None) : NetPres-WSD-Out-UDP
REMOVES: FirewallRaz (Public) : NetPres-In-TCP
REMOVES: FirewallRaz (Public) : NetPres-Out-TCP
REMOVES: FirewallRaz (None) : MCX-Prov-Out-TCP
REMOVES: FirewallRaz (None) : MCX-McrMgr-Out-TCP
REMOVES: FirewallRaz (Private) : TCP Query User{FF9BD57C-FEBC-470F-BBD6-854C8B1C01A4}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES: FirewallRaz (Private) : UDP Query User{B93EDD7E-A728-4C62-A80E-B3C85D7914EC}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES: FirewallRaz (None) : {DAA05029-C27E-4632-BB50-FB1063BAFC36}
REMOVES: FirewallRaz (Public) : TCP Query User{65454CF0-CA88-4DBD-B6AD-9F9B49D61306}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES: FirewallRaz (Public) : UDP Query User{FEAD2E10-A831-488D-B14B-99E5C215546C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe
REMOVES ShellExecuteHooks: {F294D2AE-ECCF-11E6-85D5-64006A5CFC23}
REMOVES: {AD5E2A49-1A20-4019-A96D-9E0DDEDDF3CB}
========== Elements of the registry data ==========
REMOVES: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R1 Search Page = http://www.startpageing123.com/search/?type=ds&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8qfofe3w&from=che0812&uid=ST3500630AS_5QG0PQEBXXXX5QG0PQEB&q={searchTerms}
REMOVES: R1 Search Page = http://www.startpageing123.com/?type=hp&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8qfofe3w&from=che0812&uid=ST3500630AS_5QG0PQEBXXXX5QG0PQEB
REMOVES: StartMenuInternet: C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.startpageing123.com/
REMOVES: StartMenuInternet: C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.startpageing123.com/
========== Preferences browser ==========
REMOVES Mozilla Pref: http://www.startpageing123.com/
ABSENT Mozilla Pref: user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.fr,DuckDuckGo,Portail Lexical - CNRTL,startpageing123,Wikipédia (fr)"[...]
ABSENT Mozilla Pref: user_pref("browser.startup.homepage", "http://www.startpageing123.com/?type=hp&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8[...]
========== Folders ==========
Deletes temporary Windows (0)
REMOVES Flash Cookies (0)
REMOVES: C:\Program Files\dsh7q194
REMOVES: C:\Program Files (x86)\58BE9E3D_cacayima
REMOVES: C:\Program Files (x86)\58C00CCC_cacayima
REMOVES: C:\Program Files (x86)\58C1C30B_cacayima
REMOVES: C:\Program Files (x86)\58C2B675_cacayima
REMOVES: C:\Program Files (x86)\58C6A655_cacayima
REMOVES: C:\Program Files (x86)\58C7C5E7_cacayima
REMOVES: C:\Program Files (x86)\58C94694_cacayima
REMOVES: C:\Program Files (x86)\58CAFB96_cacayima
REMOVES: C:\Program Files (x86)\58CBCD7A_cacayima
REMOVES: C:\Program Files (x86)\dsh7q194
REMOVES Reboot:** C:\Program Files (x86)\Elex-tech
REMOVES Reboot:** C:\Program Files (x86)\Gherwaspanasution
REMOVES Reboot:** C:\Program Files (x86)\Ghobus Collector
REMOVES: C:\Program Files (x86)\MK
REMOVES: C:\Program Files (x86)\n1
REMOVES: C:\Program Files (x86)\WinSnare(4.3.9)
REMOVES: C:\Users\BENOIT\AppData\Roaming\Elex-tech
REMOVES: C:\Users\BENOIT\AppData\Roaming\WinSAPSvc
REMOVES: C:\Users\BENOIT\AppData\Roaming\WinSnare
REMOVES: C:\Users\BENOIT\AppData\Local\Boxfat
REMOVES: C:\Users\BENOIT\AppData\Local\MSfree Inc
REMOVES: C:\Users\BENOIT\AppData\Local\Zujerle
========== Files ==========
Deletes temporary Windows (0) (0 octets)
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\users\benoit\appdata\roaming\clean\kyubey.exe
REMOVES: c:\users\benoit\appdata\roaming\winsapsvc\winsap.dll
REMOVES: c:\users\benoit\appdata\roaming\winsnare\winsnare.dll
REMOVES: C:\Windows\Installer\1591c428.msi
REMOVES: C:\Windows\Installer\6e2cccf.msi
REMOVES: C:\Windows\Installer\71f28e12.msi
REMOVES: C:\Users\BENOIT\AppData\Roaming\Mozilla\Firefox\Profiles\w0dex2ed.default-1487150875118\searchplugins\startpageing123.xml
REMOVES:** c:\windows\installer\{bb1104e2-bf22-4754-831e-5a9ee253991c}\_853f67d554f05449430e7e.exe
========== Scheduled task ==========
REMOVES: Milimili
========== Summary ==========
1 : Process memory
48 : Registry keys
19 : Registry values
7 : Elements of the registry data
25 : Folders
10 : Files
3 : Software
3 : Preferences browser
1 : Scheduled task
End of clean in 02mn 49s
========== Path to file report ==========
C:\Users\BENOIT\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/03/2017 10:09:34 [8174]