Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPCleaner v2019.1.15.8 by Nicolas Coolman (2019/01/15)
~ Run by Rubão (Administrator) (19/01/2019 14:01:51)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Rubão\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Rubão\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 17134)
---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)
---\ Services (0)
~ No malicious or unnecessary items found. (Service)
---\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)
---\ Hosts file (1)
~ The hosts file is legitimate (24)
---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)
---\ Explorer ( File, Folder) (40)
MOVED file: C:\Users\Rubão\Desktop\µTorrent.lnk [Bad : C:\Users\Rubão\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVED file: C:\Users\Rubão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Rubão\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVED file: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi =>.SUP.Empty
MOVED file: C:\Windows\Installer\2072e379.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\27ed56f5.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\2cc4ce.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\e1fa8.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Users\Rubão\Downloads\Office Activator 2016.rar =>Hacktool.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-10092.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-10300.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-10568.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-3716.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-448.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-6028.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-6672.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-7336.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-8496.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-8992.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-9780.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-9808.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wct6B0D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wct72B6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wct93FB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wctAE4A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wctB57F.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\{73FE74E3-0BBE-428B-9D53-051FA07A4543} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Rubão\AppData\Local\Temp\{B145DD45-23B2-4A5F-9ABF-4A1DAB0B69B3} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Rubão\AppData\Local\Temp\~DFE7ECBBFE1A9D5EC7.TMP =>.SUP.Temporary.Other
MOVED file: C:\Users\Rubão\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P)
MOVED file: C:\Users\Rubão\Downloads\MUSICAS - PASSEIO\aTube_Catcher_0646843026.exe [Program - Web internet Setup] =>Adware.Amonetize
MOVED file: C:\Users\Rubão\Downloads\MUSICAS - PASSEIO\creative_destruction_3.0.36_20180906.exe [My Company, Inc. - Creative Destruction Setup] =>.SUP.MyCompanyInc
MOVED file: C:\Windows\SECOH-QAD.dll =>HackTool.KMSpico
MOVED file: C:\Windows\SECOH-QAD.exe =>HackTool.KMSpico
MOVED file: C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
MOVED file: C:\Program Files\KMSpico\KMSELDI.exe [@ByELDI - KMS GUI ELDI] =>HackTool.KMSpico
MOVED folder: C:\Users\Rubão\AppData\Roaming\dclogs =>Trojan.StolenData
MOVED folder: C:\Program Files\KMSpico =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
---\ Registry ( Key, Value, Data) (8)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P)
DELETED key*: HKCU\Software\undefined [] =>.SUP.Downloader
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24904964-4247-4EBE-BC79-21D7FF68C6A0}_is1 [My Company, Inc.] =>.SUP.MyCompanyInc
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_97C746C6D5075837F635C4C767B371B9 ['C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser
DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [0x03000000307EEB23D578D401] =>Trojan.Dropper
DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_97C746C6D5075837F635C4C767B371B9 [0x020000000000000000000000] =>Heuristic.Suspect
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6E95C542-A457-4534-885B-7E623F38F739} [C:\Program Files\KMSpico\KMSELDI.exe] =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{ACAFBD51-BEC2-438E-9771-906DD8BDA16E} [C:\Program Files\KMSpico\KMSELDI.exe] =>HackTool.KMSpico
---\ Summary of the elements found (17)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hacktool.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other
https://www.anti-malware.top/2016/05/24/adware-amonetize/ =>Adware.Amonetize
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.MyCompanyInc
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.StolenData
https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser
https://www.anti-malware.top/2016/09/07/trojan-dropper/ =>Trojan.Dropper
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
---\ Other deletions. (25)
~ Registry Keys Tracing deleted (25)
~ Remove the old reports ZHPCleaner. (0)
---\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
---\ Statistics
~ Items scanned : 1261
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 44164
~ End of clean in 00h00mn23s
---\ Reports (2)
ZHPCleaner-[S]-19012019-13_58_06.txt
ZHPCleaner-[R]-19012019-14_02_14.txt
~ Run by Rubão (Administrator) (19/01/2019 14:01:51)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Rubão\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Rubão\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 17134)
---\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)
---\ Services (0)
~ No malicious or unnecessary items found. (Service)
---\ Browser internet (0)
~ No malicious or unnecessary items found. (Browser)
---\ Hosts file (1)
~ The hosts file is legitimate (24)
---\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)
---\ Explorer ( File, Folder) (40)
MOVED file: C:\Users\Rubão\Desktop\µTorrent.lnk [Bad : C:\Users\Rubão\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVED file: C:\Users\Rubão\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Rubão\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
MOVED file: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi =>.SUP.Empty
MOVED file: C:\Windows\Installer\2072e379.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\27ed56f5.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\2cc4ce.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Windows\Installer\e1fa8.msp =>.SUP.Obsolete.Adobe
MOVED file: C:\Users\Rubão\Downloads\Office Activator 2016.rar =>Hacktool.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-10092.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-10300.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-10568.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-3716.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-448.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-6028.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-6672.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-7336.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-8496.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-8992.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-9780.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\aria-debug-9808.log =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wct6B0D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wct72B6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wct93FB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wctAE4A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\wctB57F.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Rubão\AppData\Local\Temp\{73FE74E3-0BBE-428B-9D53-051FA07A4543} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Rubão\AppData\Local\Temp\{B145DD45-23B2-4A5F-9ABF-4A1DAB0B69B3} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Rubão\AppData\Local\Temp\~DFE7ECBBFE1A9D5EC7.TMP =>.SUP.Temporary.Other
MOVED file: C:\Users\Rubão\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P)
MOVED file: C:\Users\Rubão\Downloads\MUSICAS - PASSEIO\aTube_Catcher_0646843026.exe [Program - Web internet Setup] =>Adware.Amonetize
MOVED file: C:\Users\Rubão\Downloads\MUSICAS - PASSEIO\creative_destruction_3.0.36_20180906.exe [My Company, Inc. - Creative Destruction Setup] =>.SUP.MyCompanyInc
MOVED file: C:\Windows\SECOH-QAD.dll =>HackTool.KMSpico
MOVED file: C:\Windows\SECOH-QAD.exe =>HackTool.KMSpico
MOVED file: C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator
MOVED file: C:\Program Files\KMSpico\KMSELDI.exe [@ByELDI - KMS GUI ELDI] =>HackTool.KMSpico
MOVED folder: C:\Users\Rubão\AppData\Roaming\dclogs =>Trojan.StolenData
MOVED folder: C:\Program Files\KMSpico =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico
---\ Registry ( Key, Value, Data) (8)
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P)
DELETED key*: HKCU\Software\undefined [] =>.SUP.Downloader
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24904964-4247-4EBE-BC79-21D7FF68C6A0}_is1 [My Company, Inc.] =>.SUP.MyCompanyInc
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_97C746C6D5075837F635C4C767B371B9 ['C:\Program Files (x86)\Google\Chrome\Application\chrome.exe' --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser
DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [0x03000000307EEB23D578D401] =>Trojan.Dropper
DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_97C746C6D5075837F635C4C767B371B9 [0x020000000000000000000000] =>Heuristic.Suspect
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6E95C542-A457-4534-885B-7E623F38F739} [C:\Program Files\KMSpico\KMSELDI.exe] =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{ACAFBD51-BEC2-438E-9771-906DD8BDA16E} [C:\Program Files\KMSpico\KMSELDI.exe] =>HackTool.KMSpico
---\ Summary of the elements found (17)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hacktool.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other
https://www.anti-malware.top/2016/05/24/adware-amonetize/ =>Adware.Amonetize
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.MyCompanyInc
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.StolenData
https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser
https://www.anti-malware.top/2016/09/07/trojan-dropper/ =>Trojan.Dropper
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
---\ Other deletions. (25)
~ Registry Keys Tracing deleted (25)
~ Remove the old reports ZHPCleaner. (0)
---\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
---\ Statistics
~ Items scanned : 1261
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 44164
~ End of clean in 00h00mn23s
---\ Reports (2)
ZHPCleaner-[S]-19012019-13_58_06.txt
ZHPCleaner-[R]-19012019-14_02_14.txt