Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015 Fichier d'export Registre : Run by TAREKO at 15-06-2015 22:58:28 High Elevated Privileges : OK Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600) Recycle Bin emptied (00mn 06s) ========== Software ========== ABSENT Uninstall Process: c:\program files (x86)\qbittorrent\uninst.exe ABSENT Uninstall Process: c:\users\temp.tarek\appdata\roaming\utorrent\utorrent.exe ========== Process memory ========== REMOVES: Memory Process: C:\Program Files (x86)\Visible Body - Cracked by m!DVT\Human Anatomy Atlas\Human Anatomy Atlas.exe REMOVES: Memory Process: C:\Program Files (x86)\Visible Body - Cracked by m!DVT\Human Anatomy Atlas\Uninstall.exe ========== Registry keys ========== REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\qBittorrent] REMOVES Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] REMOVES:* CLSID Extra Buttons: {2670000A-7350-4f3c-8081-5663EE0C6C49} REMOVES:* CLSID Extra Buttons: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} REMOVES: HKCU\Software\Conduit REMOVES: HKCU\Software\GreedyTorrent REMOVES: HKCU\Software\InstalledBrowserExtensions REMOVES:* HKLM\Software\InstalledBrowserExtensions REMOVES: HKLM\Software\Wow6432Node\610b548c-8d28-431d-bef6-2c8e823ff180 REMOVES: HKLM\Software\Wow6432Node\8ffc9d8e-ade0-4037-84d7-9fc4d130a636 REMOVES CLSID MPSK: {1e794c12-9cd6-11e4-bec6-28d24448a393} REMOVES CLSID MPSK: {5c748c08-8d08-11e4-bebb-28d24448a393} REMOVES CLSID MPSK: {7dc56522-9440-11e4-bec0-28d24448a393} REMOVES CLSID MPSK: {7dc5683f-9440-11e4-bec0-28d24448a393} REMOVES CLSID MPSK: {d6f63452-3810-11e4-be86-28d24448a393} REMOVES:* HKLM\Software\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020} REMOVES: HKCU\Software\Microsoft\Office\Word\Addins\BabylonOfficeAddin.OfficeAddin REMOVES: HKCU\Software\Microsoft\Office\PowerPoint\Addins\BabylonOfficeAddin.OfficeAddin REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} REMOVES: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478} REMOVES: HKLM\Software\Classes\BabyDict REMOVES: HKLM\Software\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48} REMOVES: HKLM\Software\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A} REMOVES: HKLM\Software\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E} REMOVES: HKLM\Software\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5} REMOVES:* HKLM\Software\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A} REMOVES: HKLM\Software\Classes\.bdc ========== Registry values ========== REMOVES RunValue: Skype REMOVES RunValue: uTorrent REMOVES RunValue: BitTorrent REMOVES RunValue: GreedyTorrent REMOVES RunValue: mcui_exe REMOVES RunValue: download.ninja REMOVES RunValue: AdobeAAMUpdater-1.0 REMOVES RunValue: SynTPEnh REMOVES RunValue: Facebook Update REMOVES RunValue: DU Meter REMOVES RunValue: ???????? REMOVES RunValue: DAEMON Tools Lite REMOVES RunValue: f.lux REMOVES RunValue: YouCam Tray REMOVES RunValue: VirtualCloneDrive REMOVES RunValue: iTunesHelper REMOVES RunValue: HSPALauncher REMOVES: {E8482F4E-B427-41C0-BC1D-2E7DC7154EB1} REMOVES: {A9D08ED1-443F-4DBC-A81F-4E9E0DA7EEEB} ABSENT value Standard Profile: FirewallRaz : ABSENT value Domain Profile: FirewallRaz : REMOVES: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D} REMOVES: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6} REMOVES: FirewallRaz (Domain) : NetPres-In-TCP-NoScope REMOVES: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope REMOVES: FirewallRaz (None) : NetPres-WSD-In-UDP REMOVES: FirewallRaz (None) : NetPres-WSD-Out-UDP REMOVES: FirewallRaz (Public) : NetPres-In-TCP REMOVES: FirewallRaz (Public) : NetPres-Out-TCP REMOVES: FirewallRaz (None) : MCX-Prov-Out-TCP REMOVES: FirewallRaz (None) : MCX-McrMgr-Out-TCP REMOVES: FirewallRaz (Public) : UDP Query User{0DDEC7FF-1E3B-44E5-A6B7-CD762F0D5423}D:\program files (x86)\pro evolution soccer 2015\pes2015.exe REMOVES: FirewallRaz (Public) : TCP Query User{AE1EB5B8-7634-40A5-A58E-F2FD5936F0FF}D:\program files (x86)\pro evolution soccer 2015\pes2015.exe REMOVES: FirewallRaz (None) : {E4B2DC41-A314-4128-8D3F-D48C02CBD252} REMOVES: FirewallRaz (Private) : {14F259DC-B5A1-4978-9D99-BE85D65D15A1} REMOVES: FirewallRaz (Private) : {0034B80D-2187-4D43-8A3B-EC216B774C11} REMOVES: FirewallRaz (Public) : {A3667BF8-BAB8-4351-AF27-2CC92A757BD1} REMOVES: FirewallRaz (Public) : {C8F6A957-D288-48AA-ABCD-488A2162D377} REMOVES: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266} REMOVES: FirewallRaz (None) : {808F1451-4108-46FD-ADBB-F17324B5F0BD} REMOVES: FirewallRaz (Private) : TCP Query User{F4407EB1-002F-4BBB-9C79-A60E030D979C}C:\program files (x86)\konami\pro evolution soccer 6\pes6.exe REMOVES: FirewallRaz (Private) : UDP Query User{71ABFB54-2A99-48BC-B9FC-38C7FAD98CCD}C:\program files (x86)\konami\pro evolution soccer 6\pes6.exe REMOVES: FirewallRaz (None) : {E80E03FE-E97C-4736-A1F6-B483F475F20B} REMOVES: FirewallRaz (Public) : TCP Query User{BCD4B11E-299D-4C5E-8F73-E80AC3A3DC18}C:\program files (x86)\java\jre7\bin\javaw.exe REMOVES: FirewallRaz (Public) : UDP Query User{59F8D8FD-2333-4D55-AD6D-C58BDAE86125}C:\program files (x86)\java\jre7\bin\javaw.exe REMOVES: FirewallRaz (Public) : {A251B0AA-FD01-4E1F-B92A-9CFC4A29B1B9} REMOVES: FirewallRaz (Public) : {610DBA16-1C7C-4144-8F83-7BF1E24DFC12} REMOVES: FirewallRaz (Domain) : {E30C751E-0470-4621-B3DD-219AEC30E03D} REMOVES: FirewallRaz (Domain) : {4D902D4E-A9DE-40A6-8104-642E29884E6F} REMOVES: FirewallRaz (Public) : {BBB38A53-AB54-4BF8-9E2A-D140AC9D7F6A} REMOVES: FirewallRaz (None) : {4F1B30CE-BEC6-429E-A6AA-11A7D38C5513} REMOVES: FirewallRaz (None) : {84DC54C7-A5DE-41FD-86AB-C978333D4AC3} REMOVES: FirewallRaz (Private) : TCP Query User{1717ECF4-51DD-4992-A75D-6E7AAF1E1568}C:\program files (x86)\greedytorrent\gtor.exe REMOVES: FirewallRaz (Private) : UDP Query User{3DE70A4A-A674-4967-A667-CF9E6C25568C}C:\program files (x86)\greedytorrent\gtor.exe REMOVES: FirewallRaz (Public) : {96A1D20C-4709-4918-B49A-79FD6C34D505} REMOVES: FirewallRaz (Public) : {7EF662D9-39B6-40CD-8998-AF9F4327A44B} REMOVES: FirewallRaz (Public) : {72C70CE3-FDA4-463B-A4A4-442913AF509D} REMOVES: FirewallRaz (Public) : {96A27692-CDB6-448C-B050-C006786D3FA9} REMOVES: FirewallRaz (Domain) : {70EE0533-B113-4E8C-9470-6117883A388C} REMOVES: FirewallRaz (Domain) : {B44F9D72-ECC6-415F-A67F-39110C902B80} ProxyFix : Proxy configuration successfully removed REMOVES ProxyServer Value REMOVES ProxyEnable Value REMOVES EnableHttp1_1 Value REMOVES ProxyHttp1.1 Value REMOVES ProxyOverride Value ========== Folders ========== REMOVES: C:\Program Files (x86)\GreedyTorrent REMOVES: C:\Program Files (x86)\qBittorrent REMOVES: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GreedyTorrent REMOVES: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent REMOVES Reboot:** C:\Users\TAREKO\AppData\Roaming\BitTorrent REMOVES: C:\Users\TAREKO\AppData\Roaming\BitTorrent Maelstrom REMOVES: C:\Users\TAREKO\AppData\Roaming\uTorrent Deletes temporary Windows (11) REMOVES Flash Cookies (0) ========== Files ========== REMOVES Reboot: c:\users\tareko\appdata\roaming\bittorrent\bittorrent.exe REMOVES: c:\program files (x86)\greedytorrent\gtor.exe REMOVES: c:\users\tareko\appdata\local\facebook\update\facebookupdate.exe REMOVES Reboot: c:\program files (x86)\du meter\dumeter.exe REMOVES: c:\users\tareko\appdata\local\fluxsoftware\flux\flux.exe REMOVES: c:\windows\prefetch\bittorrent.exe-48a8206c.pf REMOVES: c:\windows\prefetch\qbittorrent.exe-e16051e4.pf REMOVES: c:\users\tareko\appdata\local\microsoft\windows\connectedsearch\templates\shared.factslist_8_1_rp-bf695b40.dll REMOVES: c:\users\tareko\appdata\local\microsoft\windows\connectedsearch\templates\shared.rating_8_1_rp-5b672b01.dll REMOVES: c:\users\tareko\appdata\local\temp\jrt\mws.bat REMOVES: c:\users\tareko\appdata\local\temp\jrt\get.bat REMOVES: c:\users\tareko\appdata\local\temp\jrt\misc.bat Deletes temporary Windows (108) (6,944,033 octets) REMOVES Flash Cookies (0) (0 octets) ========== HOSTS file ========== Locked or missing Hosts file ! ========== Scheduled task ========== REMOVES: {BB7B76AD-9030-4B66-B154-ACF7EF5299ED} ========== System restore ========== The system successfully created restore point ========== Other ========== NON-TREATY Read more at http://www.cjoint.com/c/EFpuWvCOBry#1UoQKavsoZE5My9X.99 ========== Summary ========== 2 : Process memory 28 : Registry keys 66 : Registry values 9 : Folders 14 : Files 2 : Software 1 : HOSTS file 1 : Scheduled task 1 : System restore 1 : Other End of clean in 01mn 12s ========== Path to file report ========== C:\Users\TAREKO\AppData\Roaming\ZHP\ZHPFix[R1].txt - 15-06-2015 22:56:10 [741] C:\Users\TAREKO\AppData\Roaming\ZHP\ZHPFix[R2].txt - 15-06-2015 22:58:34 [9127]