Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPCleaner v2015.8.20.329 by Nicolas Coolman (2015/08/20)
~ Run by Roland (Administrator) (21/08/2015 19:59:10)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Roland\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Roland\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10240)
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (22)
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.aflt", "orgnl"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.dfltLng", ""); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.did", "10650"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.excTlbr", false); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.id", "88c2b4b900000000000002f1a1a683d2"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.installerproductid", "26"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.instlDay", "15514"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.instlRef", ""); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.ms_url_id", ""); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.ppd", "20%5F5"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.prdct", "incredibar"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.productid", "26"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.smplGrp", "none"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.tlbrId", "base"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6PQBjf2YAV&loc=IB[...] =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.upn2", "6PQBjf2YAV"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.upn2n", "92543107859528865"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:50:59"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); =>PUP.Optional.IncrediBar
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 192.168.*.*;*.local] =>Hijacker.Proxy
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (94)
MOVED file: C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\bzuobp64.default\CT2504091\CT2504091.searchProtectorData =>PUP.Optional.SearchProtect
MOVED file: C:\END =>PUP.Optional.Conduit
MOVED file: C:\Windows\Installer\2c594.msi [APN, LLC - ] =>PUP.Optional.Bandoo
MOVED file: C:\Windows\Installer\ac0b8db.msi [APN, LLC - ] =>PUP.Optional.Bandoo
MOVED file: C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe [Tarma Software Research Pty Ltd - Tarma® Installer] =>PUP.Optional.Tarma
MOVED file: C:\Windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0F01}\ToolbarIcon.exe =>Toolbar.AsktBar
MOVED folder: C:\Program Files (x86)\FileOpenerPro =>PUP.Optional.InstallCore
MOVED folder: C:\Program Files (x86)\LinkSwift =>PUP.Optional.LinkSwift
MOVED folder: C:\Program Files (x86)\Video Download Converter =>PUP.Optional.VideoDownloadConverter
MOVED folder: C:\ProgramData\Babylon =>PUP.Optional.Babylon
MOVED folder: C:\ProgramData\InstallMate =>PUP.Optional.Tarma
MOVED folder: C:\ProgramData\SparkTrust =>PUP.Optional.SparkTrust
MOVED folder: C:\ProgramData\SpeedMaxPc =>PUP.Optional.SpeedMaxPc
MOVED folder: C:\ProgramData\Tarma Installer =>PUP.Optional.Tarma
MOVED folder: C:\ProgramData\Trymedia =>PUP.Optional.Trymedia
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter =>PUP.Optional.VideoDownloadConverter
MOVED folder: C:\Users\Roland\AppData\Roaming\Babylon =>PUP.Optional.Babylon
MOVED folder: C:\Users\Roland\AppData\Roaming\DriverCure =>PUP.Optional.Paretologic
MOVED folder: C:\Users\Roland\AppData\Roaming\SparkTrust =>PUP.Optional.SparkTrust
MOVED folder: C:\Users\Roland\AppData\Roaming\SpeedMaxPc =>PUP.Optional.SpeedMaxPc
MOVED folder: C:\Users\Roland\AppData\LocalLow\ADDICT-THING =>PUP.Optional.JustPlugIt
MOVED folder: C:\Users\Roland\AppData\LocalLow\AskToolbar =>Toolbar.Ask
MOVED folder: C:\Users\Roland\AppData\Local\Babylon =>PUP.Optional.Babylon
MOVED folder: C:\Users\Roland\AppData\LocalLow\Conduit =>PUP.Optional.Conduit
MOVED folder: C:\WINDOWS\Installer\MSI11F5.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI20A.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI382.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4023.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4257.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI43AF.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI45D3.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4826.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4FA.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5589.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5710.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI58A8.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5ECA.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI610E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI63ED.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6642.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI682.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6894.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6A5B.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6C8E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6FB1.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI71A6.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI735C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI76B9.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI781D.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI789E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI7A55.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8485.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8768.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI877.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI89BC.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8BB1.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8DA6.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8F6C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9408.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9745.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9959.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9BAC.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9D0.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9DEF.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA7E5.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIAA28.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIAD9E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIB85F.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBA28.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC080.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC5A1.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC842.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICAB4.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICCB7.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICECD.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID12F.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID336.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID3ED.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID40.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID536.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID5D3.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID628.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID73C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID7C9.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID7DF.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID9B4.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIDC5B.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIED3C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIF645.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIF927.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFB7A.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFCE2.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFEF6.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFF1.tmp- =>Empty
---\\ Registry ( Key, Value, Data) (51)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AB1E37DA-99E2-440A-8D9E-63EB92BC74D0} [http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl] [Ask.com] (Toolbar.Ask)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AB1E37DA-99E2-440A-8D9E-63EB92BC74D0} [http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} [] =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\APN PIP [] =>PUP.Optional.Conduit
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\Conduit [] =>PUP.Optional.Conduit
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\DesktopContainer [] =>PUP.Optional.OutfoxTV
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\ImInstaller [] =>Toolbar.IncrediMail
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\PIP [] =>Toolbar.Ask
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\SparkTrust [] =>PUP.Optional.SparkTrust
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\SpeedMaxPc [] =>PUP.Optional.SpeedMaxPc
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\YahooPartnerToolbar [] =>Toolbar.YahooPartner
DELETED key: HKCU\Software\APN PIP [] =>PUP.Optional.Conduit
DELETED key: HKCU\Software\Conduit [] =>PUP.Optional.Conduit
DELETED key: HKCU\Software\DesktopContainer [] =>PUP.Optional.OutfoxTV
DELETED key: HKCU\Software\ImInstaller [] =>Toolbar.IncrediMail
DELETED key: HKCU\Software\PIP [] =>Toolbar.Ask
DELETED key: HKCU\Software\SparkTrust [] =>PUP.Optional.SparkTrust
DELETED key: HKCU\Software\SpeedMaxPc [] =>PUP.Optional.SpeedMaxPc
DELETED key: HKCU\Software\YahooPartnerToolbar [] =>Toolbar.YahooPartner
DELETED key*: HKCU\Software\AppDataLow\Software\Conduit [] =>PUP.Optional.Conduit
DELETED key*: HKCU\Software\AppDataLow\Software\Smartbar [] =>PUP.Optional.QuickShare
DELETED key*: HKU\.DEFAULT\Software\IBUpdaterService [] =>PUP.Optional.Boxore
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Prod.cap [] =>PUP.Optional.ClaroSearch
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} [ISessionData] =>PUP.Optional.Soft2PC
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr [CescrtHlpr Object] =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 [CescrtHlpr Object] =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1 [cpbrkpie Control] =>PUP.Optional.CouponBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\FileOpenerPro [] =>PUP.Optional.InstallCore
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\D2A425F473650034677A7A857BC0F010 [Ask Toolbar] =>Toolbar.AsktBar
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService [] =>PUP.Optional.WebCake
DELETED key*: [X64] HKLM\SOFTWARE\Tarma Installer [] =>PUP.Optional.Tarma
DELETED key*: [X64] HKLM\SOFTWARE\Web Assistant [] =>PUP.Optional.IncrediBar
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor [] =>PUP.Optional.MindSpark
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader [] =>PUP.Optional.MindSpark
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe [] =>PUP.Optional.Dealply
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Babylon [] =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] =>PUP.Optional.Conduit
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\PIP [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SparkTrust [] =>PUP.Optional.SparkTrust
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SpeedMaxPc [] =>PUP.Optional.SpeedMaxPc
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Trymedia Systems [] =>PUP.Optional.Trymedia
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Web Assistant [] =>PUP.Optional.IncrediBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} [ISessionData] =>PUP.Optional.Soft2PC
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\fileopenerpro [FileOpenerPro] =>PUP.Optional.InstallCore
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\D2A425F473650034677A7A857BC0F010 [] =>Toolbar.AsktBar
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 1209
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 167
~ End of clean in 1 minutes
===================
ZHPCleaner-[R]-21082015-20_00_28.txt
ZHPCleaner-[S]-21082015-19_57_50.txt
~ Run by Roland (Administrator) (21/08/2015 19:59:10)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Roland\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Roland\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 10240)
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (22)
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.aflt", "orgnl"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.dfltLng", ""); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.did", "10650"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.excTlbr", false); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.id", "88c2b4b900000000000002f1a1a683d2"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.installerproductid", "26"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.instlDay", "15514"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.instlRef", ""); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.ms_url_id", ""); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.ppd", "20%5F5"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.prdct", "incredibar"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.productid", "26"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.smplGrp", "none"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.tlbrId", "base"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6PQBjf2YAV&loc=IB[...] =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.upn2", "6PQBjf2YAV"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.upn2n", "92543107859528865"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:50:59"); =>PUP.Optional.IncrediBar
DELETED: [bzuobp64.default] - user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); =>PUP.Optional.IncrediBar
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 192.168.*.*;*.local] =>Hijacker.Proxy
---\\ Hosts file (1)
~ The hosts file is legitimate (21)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (94)
MOVED file: C:\Users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\bzuobp64.default\CT2504091\CT2504091.searchProtectorData =>PUP.Optional.SearchProtect
MOVED file: C:\END =>PUP.Optional.Conduit
MOVED file: C:\Windows\Installer\2c594.msi [APN, LLC - ] =>PUP.Optional.Bandoo
MOVED file: C:\Windows\Installer\ac0b8db.msi [APN, LLC - ] =>PUP.Optional.Bandoo
MOVED file: C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe [Tarma Software Research Pty Ltd - Tarma® Installer] =>PUP.Optional.Tarma
MOVED file: C:\Windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0F01}\ToolbarIcon.exe =>Toolbar.AsktBar
MOVED folder: C:\Program Files (x86)\FileOpenerPro =>PUP.Optional.InstallCore
MOVED folder: C:\Program Files (x86)\LinkSwift =>PUP.Optional.LinkSwift
MOVED folder: C:\Program Files (x86)\Video Download Converter =>PUP.Optional.VideoDownloadConverter
MOVED folder: C:\ProgramData\Babylon =>PUP.Optional.Babylon
MOVED folder: C:\ProgramData\InstallMate =>PUP.Optional.Tarma
MOVED folder: C:\ProgramData\SparkTrust =>PUP.Optional.SparkTrust
MOVED folder: C:\ProgramData\SpeedMaxPc =>PUP.Optional.SpeedMaxPc
MOVED folder: C:\ProgramData\Tarma Installer =>PUP.Optional.Tarma
MOVED folder: C:\ProgramData\Trymedia =>PUP.Optional.Trymedia
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Download Converter =>PUP.Optional.VideoDownloadConverter
MOVED folder: C:\Users\Roland\AppData\Roaming\Babylon =>PUP.Optional.Babylon
MOVED folder: C:\Users\Roland\AppData\Roaming\DriverCure =>PUP.Optional.Paretologic
MOVED folder: C:\Users\Roland\AppData\Roaming\SparkTrust =>PUP.Optional.SparkTrust
MOVED folder: C:\Users\Roland\AppData\Roaming\SpeedMaxPc =>PUP.Optional.SpeedMaxPc
MOVED folder: C:\Users\Roland\AppData\LocalLow\ADDICT-THING =>PUP.Optional.JustPlugIt
MOVED folder: C:\Users\Roland\AppData\LocalLow\AskToolbar =>Toolbar.Ask
MOVED folder: C:\Users\Roland\AppData\Local\Babylon =>PUP.Optional.Babylon
MOVED folder: C:\Users\Roland\AppData\LocalLow\Conduit =>PUP.Optional.Conduit
MOVED folder: C:\WINDOWS\Installer\MSI11F5.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI20A.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI382.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4023.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4257.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI43AF.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI45D3.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4826.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI4FA.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5589.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5710.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI58A8.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI5ECA.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI610E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI63ED.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6642.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI682.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6894.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6A5B.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6C8E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI6FB1.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI71A6.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI735C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI76B9.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI781D.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI789E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI7A55.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8485.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8768.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI877.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI89BC.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8BB1.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8DA6.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8F6C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9408.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9745.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9959.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9BAC.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9D0.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI9DEF.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIA7E5.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIAA28.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIAD9E.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIB85F.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIBA28.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC080.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC5A1.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIC842.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICAB4.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICCB7.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSICECD.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID12F.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID336.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID3ED.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID40.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID536.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID5D3.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID628.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID73C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID7C9.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID7DF.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSID9B4.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIDC5B.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIED3C.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIF645.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIF927.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFB7A.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFCE2.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFEF6.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSIFF1.tmp- =>Empty
---\\ Registry ( Key, Value, Data) (51)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AB1E37DA-99E2-440A-8D9E-63EB92BC74D0} [http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl] [Ask.com] (Toolbar.Ask)
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AB1E37DA-99E2-440A-8D9E-63EB92BC74D0} [http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} [] =>PUP.Optional.CrossRider
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\APN PIP [] =>PUP.Optional.Conduit
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\Conduit [] =>PUP.Optional.Conduit
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\DesktopContainer [] =>PUP.Optional.OutfoxTV
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\ImInstaller [] =>Toolbar.IncrediMail
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\PIP [] =>Toolbar.Ask
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\SparkTrust [] =>PUP.Optional.SparkTrust
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\SpeedMaxPc [] =>PUP.Optional.SpeedMaxPc
DELETED key*: HKEY_USERS\S-1-5-21-1832894771-1512126686-778580116-1001\Software\YahooPartnerToolbar [] =>Toolbar.YahooPartner
DELETED key: HKCU\Software\APN PIP [] =>PUP.Optional.Conduit
DELETED key: HKCU\Software\Conduit [] =>PUP.Optional.Conduit
DELETED key: HKCU\Software\DesktopContainer [] =>PUP.Optional.OutfoxTV
DELETED key: HKCU\Software\ImInstaller [] =>Toolbar.IncrediMail
DELETED key: HKCU\Software\PIP [] =>Toolbar.Ask
DELETED key: HKCU\Software\SparkTrust [] =>PUP.Optional.SparkTrust
DELETED key: HKCU\Software\SpeedMaxPc [] =>PUP.Optional.SpeedMaxPc
DELETED key: HKCU\Software\YahooPartnerToolbar [] =>Toolbar.YahooPartner
DELETED key*: HKCU\Software\AppDataLow\Software\Conduit [] =>PUP.Optional.Conduit
DELETED key*: HKCU\Software\AppDataLow\Software\Smartbar [] =>PUP.Optional.QuickShare
DELETED key*: HKU\.DEFAULT\Software\IBUpdaterService [] =>PUP.Optional.Boxore
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Prod.cap [] =>PUP.Optional.ClaroSearch
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} [ISessionData] =>PUP.Optional.Soft2PC
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr [CescrtHlpr Object] =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 [CescrtHlpr Object] =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1 [cpbrkpie Control] =>PUP.Optional.CouponBar
DELETED key*: [X64] HKLM\SOFTWARE\Classes\FileOpenerPro [] =>PUP.Optional.InstallCore
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\D2A425F473650034677A7A857BC0F010 [Ask Toolbar] =>Toolbar.AsktBar
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService [] =>PUP.Optional.WebCake
DELETED key*: [X64] HKLM\SOFTWARE\Tarma Installer [] =>PUP.Optional.Tarma
DELETED key*: [X64] HKLM\SOFTWARE\Web Assistant [] =>PUP.Optional.IncrediBar
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter Search Scope Monitor [] =>PUP.Optional.MindSpark
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoDownloadConverter_4z Browser Plugin Loader [] =>PUP.Optional.MindSpark
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DealPlyLive.exe [] =>PUP.Optional.Dealply
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Babylon [] =>PUP.Optional.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] =>PUP.Optional.Conduit
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\PIP [] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SparkTrust [] =>PUP.Optional.SparkTrust
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SpeedMaxPc [] =>PUP.Optional.SpeedMaxPc
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Trymedia Systems [] =>PUP.Optional.Trymedia
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Web Assistant [] =>PUP.Optional.IncrediBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} [ISessionData] =>PUP.Optional.Soft2PC
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\fileopenerpro [FileOpenerPro] =>PUP.Optional.InstallCore
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>Toolbar.AskBar
DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\D2A425F473650034677A7A857BC0F010 [] =>Toolbar.AsktBar
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 1209
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 167
~ End of clean in 1 minutes
===================
ZHPCleaner-[R]-21082015-20_00_28.txt
ZHPCleaner-[S]-21082015-19_57_50.txt