~ ZHPCleaner v2014.11.30.242 by Nicolas Coolman (30/11/2014) ~ Run by Patrick (Administrator) (30/11/2014 19:47:05) ~ Forum : http://forum.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Réparer ~ Report : C:\Users\Patrick\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Patrick\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Service. (0) ~ Aucun élément malicieux trouvé. ---\\ Navigateur internet. (27) REMPLACÉ Firefox: [2036mt3g.default] URL HomePage : hxxp://Vosteran.com/?f=1&a=vst_ir_14_48_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzz0FtA0Fzz0A0B0Ey[...] Firefox: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2036mt3g.default\prefs.js REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.AL", 2); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.aflt", "vst_ir_14_48_ff"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.appId", "{4CB3598A-82E8-4D1F-983F-061238AE696E}"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.cd", "2XzuyEtN2Y1L1QzutDtDtCzz0FtA0Fzz0A0B0EyByCzytAyBtN0D0Tzu0StCtD[...] (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.cr", "1625915173"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.dfltLng", ""); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.dfltSrch", true); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.dnsErr", true); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.excTlbr", false); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.hmpg", true); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.hmpgUrl", "http://Vosteran.com/?f=1&a=vst_ir_14_48_ff&cd=2XzuyEtN2Y1[...] (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.id", "0018F3F8ABE76937"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.instlDay", "16401"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.instlRef", "142905_b"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.newTabUrl", "http://Vosteran.com/?f=2&a=vst_ir_14_48_ff&cd=2XzuyEtN2[...] (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.prdct", "srchvstrn"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.tlbrId", ""); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.tlbrSrchUrl", "http://Vosteran.com/?f=3&a=vst_ir_14_48_ff&cd=2XzuyEt[...] (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.vrsn", ""); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn.vrsni", ""); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn_i.newTab", true); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn_i.smplGrp", "none"); (PUP.Vosteran) REMPLACÉ: [2036mt3g.default] - user_pref("extensions.srchvstrn_i.vrsnTs", "22:20:28"); (PUP.Vosteran) ---\\ Fichier hôte. (0) ~ Aucun élément malicieux trouvé. ---\\ Tâche planifiée. (1) SUPPRIMÉ: [WSE_Vosteran] (PUP.Vosteran) ---\\ Explorateur ( Dossiers, Fichiers ). (10) DEPLACÉ: C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys [StdLib - StdLib] (PUP.LinkiDoo) DEPLACÉ: C:\Windows\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64.sys [StdLib - StdLib] (PUP.LinkiDoo) DEPLACÉ: C:\Windows\System32\drivers\{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64.sys [StdLib - StdLib] (PUP.LinkiDoo) DEPLACÉ: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2036mt3g.default\searchplugins\Vosteran.xml [] (PUP.Vosteran) DEPLACÉ: C:\Program Files (x86)\ShoppingChip\f.x64.dll [ - ] (PUP.ShoppingChip) SUPPRIMÉ: [WSE_Vosteran] [ - ] C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\UPDATE~1.EXE (PUP.Vosteran) DEPLACÉ: C:\Users\Patrick\Downloads\FastPlayerPro.exe[TODO: ] (PUP.FastPlayer) DEPLACÉ: C:\Users\Patrick\Downloads\ParetoLogic FileCure.exe[ParetoLogic Inc.] (PUP.FileCure) DEPLACÉ: C:\Users\Patrick\Downloads\SpyHunter-Installer.exe [Enigma Software Group USA, LLC.] (PUP.EnigmaSoftware) DEPLACÉ: C:\Users\Patrick\Downloads\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\Crack\SpyHunter4.exe [Enigma Software Group USA, LLC.] (PUP.EnigmaSoftware) ---\\ Base de Registres ( Clés, Valeurs, Données ). (25) SUPPRIMÉ: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64 [C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys] (PUP.LinkiDoo) SUPPRIMÉ: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64 [C:\Windows\System32\drivers\{f0087990-17d0-4537-ad91-6a7a9c5c1b37}Gw64.sys] (PUP.LinkiDoo) SUPPRIMÉ: [X64] HKLM\SYSTEM\CurrentControlSet\Services\{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64 [C:\Windows\System32\drivers\{f2f2c4d5-f6ac-4c21-8cea-257783669e49}Gw64.sys] (PUP.LinkiDoo) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3B1AC58-8CDA-1997-2BBA-524F32AF6932} [ShoppingChip] (PUP.ShoppingChip) SUPPRIMÉ: HKCR\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153} [DuuquUpdate Update3Web] (PUP.FrameFox) SUPPRIMÉ: HKCR\CLSID\{4813D02C-2D62-418E-A62D-46DB093202CF} [CCListBar.ListBar] (Adware.BHO) SUPPRIMÉ: HKCR\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9} [Duuqu Update Core Class] (PUP.FrameFox) SUPPRIMÉ: HKCR\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B} [Duuqu Update Legacy On Demand] (PUP.FrameFox) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport) SUPPRIMÉ: HKCR\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [IMdt] (Adware.IMBooster) SUPPRIMÉ: HKCR\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [IManager] (Adware.IMBooster) SUPPRIMÉ: HKCU\Software\AnyProtect (PUP.AnyProtect) SUPPRIMÉ: HKCU\Software\InstallCore (Adware.InstallCore) SUPPRIMÉ: HKCU\Software\Vosteran Browser (PUP.Vosteran) SUPPRIMÉ: HKCU\Software\wse_vosteran (PUP.Vosteran) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuuquUpdate.exe (PUP.FrameFox) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\InstallCore (Adware.InstallCore) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MyCamera Download Plugin (Trojan.Lop) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran (PUP.Vosteran) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0028CB34-D5D3-460F-B308-A39A095A5E01} [SpyHunter] (Crapware.SpyHunter) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Google Chrome) ~ Ce navigateur est absent (Opera Software) End of clean at 19:51:42