cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ ZHPFix v2019.9.23.141 by Nicolas Coolman (2019/09/23)
~ Run by عبد الغني (Administrator) (05/10/2019 00:26:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Certificate ZHPFix: Legal
~ State version : Version OK
~ Report : C:\Users\عبد الغني\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows Seven Black Edition, 64-bit (Build 7600)



---\\ SCRIPT DE L'UTILISATEUR. (73)
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash

[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe [57344] [PID.2900]
[MD5.5603C2C8940F5E43864D4000304AB175] - (.Copyright (C) - .) -- C:\Windows\Domino.exe [49152] [PID.2912]
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ©
O4 - HKLM\..\Run: [AdobeCEPServiceManager] . (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe ©
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe ©
O4 - HKLM\..\Run: [Syncios device service] . (...) -- C:\Program Files\Syncios\SynciosDeviceService.exe
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe ©
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe ©
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe ©
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe ©
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] . (.Copyright (C) - .) -- C:\Windows\Domino.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe ©
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ©
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe ©
Read more at http://www.cjoint.com/c/EJFrm2EXius#dPlOOQfg7wPQVUPE.99
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe ©
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ©
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe ©
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8
[MD5.00000000000000000000000000000000] [APT] [MyBarStart] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [MyBarUpdate] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Trojan Killer] (...) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (.not file.) [0]
O42 - Logiciel: globalupdate Helper - (.globalupdate Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\McAfee.com
HKLM\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
HKCU\SOFTWARE\Bitdefender
HKCU\SOFTWARE\MCAFEE
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
O43 - CFD: 25/10/2015 - [] D -- C:\Program Files\NixSrv =>PUP.Optional.Amonetize
O43 - CFD: 30/08/2015 - [] D -- C:\ProgramData\ExtTag.quarantined =>PUP.Optional.ExtTag
O43 - CFD: 06/07/2015 - [] D -- C:\ProgramData\IObit
O43 - CFD: 13/07/2015 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 06/07/2015 - [] D -- C:\ProgramData\ProductData =>PUP.Optional.Generic
O43 - CFD: 06/07/2015 - [] D -- C:\Users\Home\AppData\Roaming\IObit
O43 - CFD: 29/07/2015 - [] D -- C:\Users\Home\AppData\Roaming\RHEng =>PUP.Optional.Conduit
O43 - CFD: 25/07/2015 - [] D -- C:\Users\Home\AppData\Local\CrashRpt =>.Superfluous.CrashReports
O43 - CFD: 14/09/2015 - [0] D -- C:\Users\Home\AppData\Local\PackageAware =>PUP.Optional.BearShare
O43 - CFD: 31/10/2015 - [] D -- C:\Users\Home\AppData\Local\temp
O43 - CFD: 06/07/2015 - [0] SHD -- C:\Users\Home\AppData\Local\Temporary Internet Files
O45 - LFCP:[MD5.A5F0953EB45164E7480207319E8C4220] 23/10/2015 A -- C:\Windows\Prefetch\LAVASOFT.SEARCHPROTECT.WINSER-9008E6D1.pf =>PUP.Optional.SearchProtect
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.alias", "oursurfing"); =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.iconURL", "http://www.oursurfing.com/favicon.ico"); =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.name", "oursurfing"); =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.ptid", "amt"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.uid", "SAMSUNGXHD160JJXP_S0DFJ1TP115473"); =>PUP.Optional.SearchEngine
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.url", "http://www.oursurfing.com/web/?type=ds&ts=1440799809&z=e0abc42dd0ac491e841cf1eg9z5zd[...] =>PUP.Optional.OurSurfing
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("extensions.quick_start.enable_search1", false); =>PUP.Optional.QuickStart
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); =>PUP.Optional.QuickStart
O90 - PUC: "93BAD29AC2E44034A96BCB446EB8552E" . (.globalupdate Helper.) =>PUP.Optional.GlobalUpdate
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
C:\Program Files\NixSrv =>PUP.Optional.Amonetize
C:\ProgramData\ExtTag.quarantined =>PUP.Optional.ExtTag
C:\ProgramData\ProductData =>PUP.Optional.Generic
C:\Users\Home\AppData\Roaming\RHEng =>PUP.Optional.Conduit
C:\Users\Home\AppData\Local\CrashRpt =>.Superfluous.CrashReports
C:\Users\Home\AppData\Local\PackageAware =>PUP.Optional.BearShare
C:\Windows\Prefetch\LAVASOFT.SEARCHPROTECT.WINSER-9008E6D1.pf =>PUP.Optional.SearchProtect
HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate
HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate


---\\ LOGICIEL. (1)
DESINSTALLER : {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}


---\\ SERVICE. (0)


---\\ TÂCHE PLANIFIÉE. (0)


---\\ NAVIGATEUR INTERNET. (2)
ABSENT Donnée URLSearchHooks: [\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ABSENT Donnée PhishingFilter: 0 [HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\\Enabled]


---\\ EXPLORATEUR ( Dossiers, Fichiers ). (3)
SUPPRIMÉ Dossier : C:\ProgramData\IObit
SUPPRIMÉ Dossier : C:\ProgramData\McAfee
SUPPRIMÉ Dossier : C:\ProgramData\ProductData


---\\ REGISTRE ( Clés, Valeurs, Données ). (25)
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\QuickTime\QTTask.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Syncios\SynciosDeviceService.exe]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Analog Devices\Core\smax4pnp.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\igfxtray.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\hkcmd.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\igfxpers.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\ZSSnp211.exe]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\Domino.exe]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Internet Download Manager\IDMan.exe ©]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Skype\Phone\Skype.exe ©]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\CCleaner\CCleaner.exe ©]
ABSENT Valeur Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Internet Download Manager\IDMan.exe ©]
ABSENT Valeur Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Skype\Phone\Skype.exe ©]
ABSENT Valeur Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\CCleaner\CCleaner.exe ©]
REMPLACÉ Donnée TCPIP: 10.211.254.254 8.8.8.8 [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer]
ABSENT Clé: HKLM\SOFTWARE\McAfee.com
ABSENT Clé: HKLM\SOFTWARE\Reimage
ABSENT Clé: HKCU\SOFTWARE\Bitdefender
ABSENT Clé: HKCU\SOFTWARE\MCAFEE
ABSENT Clé: HKCU\SOFTWARE\Reimage
ABSENT Clé: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
SUPPRIMÉ Clé: HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E [93BAD29AC2E44034A96BCB446EB8552E ]
SUPPRIMÉ Clé: HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E [93BAD29AC2E44034A96BCB446EB8552E ]


---\\ COMMANDE. (0)


---\\ NON TRAITÉ. (8)
Script ZHPFix
FirewallRaz
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe [57344] [PID.2900]
[MD5.5603C2C8940F5E43864D4000304AB175] - (.Copyright (C) - .) -- C:\Windows\Domino.exe [49152] [PID.2912]
Read more at http://www.cjoint.com/c/EJFrm2EXius#dPlOOQfg7wPQVUPE.99
[MD5.00000000000000000000000000000000] [APT] [MyBarStart] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [MyBarUpdate] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Trojan Killer] (...) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (.not file.) [0]

***** ~ Fin de rapport terminé en 00h00mn10s

Publicité


Signaler le contenu de ce document

Publicité