Rapport de ZHPFix 2015.8.24.7 par Nicolas Coolman, Update du 24/08/2015 Fichier d'export Registre : Run by Christian at 19/10/2015 22:28:50 High Elevated Privileges : OK Windows XP Professional Service Pack 3 (Build 2600) Recycle Bin emptied (00mn 09s) ========== Software ========== REMOVES: iLivid ABSENT Uninstall Process: c:\documents and settings\christian\application data\istartsurf\uninstall.exe ABSENT Uninstall Process: c:\program files\iwebar\uninstall.exe ABSENT Uninstall Process: c:\program files\object browser\uninstall.exe ABSENT Uninstall Process: c:\program files\olbpre\uninst.exe ABSENT Uninstall Process: c:\program files\searchcore for browsers\uninstall.exe ABSENT Uninstall Process: c:\program files\windows searchqu toolbar\datamngr\toolbar\uninstalltb.exe ABSENT Uninstall Process: c:\program files\shopperpro\spremove.exe REMOVES: SpiderMessenger 1.0 REMOVES: SweetIM Toolbar for Internet Explorer 4.3 REMOVES: IObit Toolbar v6.0 REMOVES: SweetIM for Messenger 3.7 REMOVES: Productivity Center Supplement for ThinkPad ========== Process memory ========== REMOVES Reboot: Memory Process: C:\Program Files\RayDld\ihpmServer.exe REMOVES: Memory Process: C:\WINDOWS\Installer\{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}\ARPPRODUCTICON.exe REMOVES: Memory Process: C:\WINDOWS\Installer\{047B9A6A-21E7-45CF-8825-0A061EEF9B23}\ARPPRODUCTICON.exe ========== Memory modules ========== REMOVES Reboot: Memory Module: C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll ========== Registry keys ========== REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf] REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar] REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser] REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre] REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers] REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 410 MediaBar] REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro] REMOVES: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{047B9A6A-21E7-45CF-8825-0A061EEF9B23}] REMOVES: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D728E945-256D-4477-B377-6BBA693714AC}] REMOVES: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=10 REMOVES: Mozilla Plugin: @staging.google.com/globalUpdate Update;version=4 REMOVES: CLSID BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] REMOVES: CLSID BHO: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}] REMOVES: CLSID BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}] REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}] REMOVES: Service: globalUpdate REMOVES: Service: ihpmServer REMOVES: HKLM\SOFTWARE\a0c8270e-ccae-4248-8348-a7053e1a0c96 REMOVES: HKLM\SOFTWARE\a5e847fa-876d-4419-9249-ac2a1dabc84c REMOVES: HKLM\SOFTWARE\Babylon REMOVES: HKLM\SOFTWARE\Casino.com REMOVES: HKLM\SOFTWARE\Conduit REMOVES: HKLM\SOFTWARE\Crossrider REMOVES: HKLM\SOFTWARE\GlobalUpdate REMOVES: HKLM\SOFTWARE\InstalledBrowserExtensions REMOVES: HKLM\SOFTWARE\istartsurfSoftware REMOVES: HKLM\SOFTWARE\iWebar REMOVES: HKLM\SOFTWARE\iWebar-nv REMOVES: HKLM\SOFTWARE\iWebar-nv-ie REMOVES: HKLM\SOFTWARE\Magic Box Casino REMOVES: HKLM\SOFTWARE\Object Browser REMOVES: HKLM\SOFTWARE\Object Browser-nv REMOVES: HKLM\SOFTWARE\Object Browser-nv-ie REMOVES: HKLM\SOFTWARE\RayDld REMOVES: HKLM\SOFTWARE\ShopperPro REMOVES: HKLM\SOFTWARE\SweetIM REMOVES: HKLM\SOFTWARE\Systweak REMOVES: HKLM\SOFTWARE\Titan Poker REMOVES: HKLM\SOFTWARE\Uniblue REMOVES: HKLM\SOFTWARE\_CrossriderRegNamePlaceHolder_ REMOVES: HKCU\SOFTWARE\Casino.com REMOVES: HKCU\SOFTWARE\casinoonnet REMOVES: HKCU\SOFTWARE\Conduit REMOVES: HKCU\SOFTWARE\Crossrider REMOVES: HKCU\SOFTWARE\freeTVRadio REMOVES: HKCU\SOFTWARE\globalUpdate REMOVES: HKCU\SOFTWARE\Grand Virtual REMOVES: HKCU\SOFTWARE\ilivid REMOVES: HKCU\SOFTWARE\InstallCore REMOVES: HKCU\SOFTWARE\InstalledBrowserExtensions REMOVES: HKCU\SOFTWARE\iWebar-nv REMOVES: HKCU\SOFTWARE\iWebar-nv-ie REMOVES: HKCU\SOFTWARE\Magic Box Casino REMOVES: HKCU\SOFTWARE\Object Browser-nv REMOVES: HKCU\SOFTWARE\Object Browser-nv-ie REMOVES: HKCU\SOFTWARE\SearchCore for Browsers REMOVES: HKCU\SOFTWARE\ShopperPro REMOVES: HKCU\SOFTWARE\Softonic REMOVES: HKCU\SOFTWARE\SpiderMessenger REMOVES: HKCU\SOFTWARE\SweetIM REMOVES: HKCU\SOFTWARE\Systweak REMOVES: HKCU\SOFTWARE\Titan Poker REMOVES: HKCU\SOFTWARE\_CrossriderRegNamePlaceHolder_ REMOVES: SearchScopes :{099EF85B-3260-4b87-9239-33355EE6A548} REMOVES: SearchScopes :{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} REMOVES: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86} REMOVES: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} REMOVES: SearchScopes :{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} REMOVES: SearchScopes :{EEE6C360-6118-11DC-9C72-001320C79847} REMOVES: [HKLM\Software\Classes\Installer\Products\\1F1CA1BF74F8ECD41ADED0BF0A4F554B] REMOVES: [HKLM\Software\Classes\Installer\Features\1F1CA1BF74F8ECD41ADED0BF0A4F554B] REMOVES: [HKLM\Software\Classes\Installer\Products\\A6A9B7407E12FC548852A060E1FEB932] REMOVES: [HKLM\Software\Classes\Installer\Features\A6A9B7407E12FC548852A060E1FEB932] REMOVES: HKLM\SYSTEM\CurrentControlSet\Services\globalUpdatem REMOVES: HKLM\SOFTWARE\MANSION Casino REMOVES: HKLM\SOFTWARE\Safer Networking Limited REMOVES: HKLM\SOFTWARE\Supply Money REMOVES: HKLM\SOFTWARE\William Hill Poker REMOVES: HKCU\SOFTWARE\MANSION Casino REMOVES: HKCU\SOFTWARE\Safer Networking Limited REMOVES: HKCU\SOFTWARE\Supply Money REMOVES: HKCU\SOFTWARE\William Hill Poker REMOVES: Mozilla Plugin: @IObitBar.com/Plugin REMOVES: CLSID BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} REMOVES: CLSID BHO: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}] REMOVES: CLSID BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] REMOVES: CLSID BHO: {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE}] REMOVES: CLSID BHO: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} REMOVES: Service: IObitBarService REMOVES: HKLM\SOFTWARE\AskTBar REMOVES: HKLM\SOFTWARE\IObitBar REMOVES: HKCU\SOFTWARE\IObitBar REMOVES: HKCU\SOFTWARE\YahooPartnerToolbar Basis of registers IFEO branch non-infected ! [HKLM\SOFTWARE\Microsoft\...\Image File Execution Options\Your Image File Name Here without a path]REMOVES (Your Image File Name Here without a path) ========== Registry values ========== REMOVES: Toolbar: {EEE6C35B-6118-11DC-9C72-001320C79847} REMOVES: Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} REMOVES: Toolbar: {FE063DB9-4EC0-403e-8DD8-394C54984B2C} REMOVES: FirewallRaz (SP) : C:\Program Files\TOOLS\IBM\SDP70\jdk\jre\bin\javaw.exe REMOVES: FirewallRaz (SP) : C:\Program Files\TOOLS\IBM\SDP70\runtimes\base_v61\java\bin\java.exe REMOVES: FirewallRaz (SP) : C:\WINDOWS\system32\rundll32.exe REMOVES: FirewallRaz (SP) : C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe REMOVES: FirewallRaz (SP) : C:\Documents and Settings\Christian\Application Data\Dropbox\bin\Dropbox.exe REMOVES: FirewallRaz (SP) : C:\Program Files\adslTV\adsltv.exe REMOVES: FirewallRaz (SP) : C:\Program Files\adslTV\VLC\vlc.exe REMOVES: FirewallRaz (SP) : C:\Program Files\WHS ProStation\WHS ProStation.exe No value present in the exception of registry key (FirewallRaz) ProxyFix : Proxy configuration successfully removed REMOVES ProxyServer Value REMOVES ProxyEnable Value REMOVES EnableHttp1_1 Value REMOVES ProxyHttp1.1 Value REMOVES ProxyOverride Value ========== Elements of the registry data ========== REMOVES: R1 Search Page = 127.0.0.1;*.local REMOVES Explorer Association Data Application: http://www.fileextensionpro.com/redir.aspx?s=defytd1&LangID=%04x&Ext=%s REMOVES Explorer Association Data Intl: http://www.fileextensionpro.com/redir.aspx?s=defytd1&LangID=%04x&Ext=%s REMOVES Explorer Association Data XMLLookup: http://www.fileextensionpro.com/redir.aspx?s=defytd1&LangID=%04x&Ext=%s& REMOVES: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REMOVES: R1 Search Page = http://www.istartsurf.com/web/?type=ds&ts=1444647283&z=716b3521759198e2ad4c898gdzczez3q4z7m7o9b1c&from=tugss&uid=fujitsuxmhz2160bhxg1_k60wt8627jhmt8627jhmx&q={searchTerms} REMOVES AppInit: ta Manager.) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll ========== Preferences browser ========== NOW Chrome File: C:\Documents and Settings\Christian\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences REMOVES Chrome Site: http://r20---sn-5hn7ym7d.gvt1.com NOW Chrome File: C:\Documents and Settings\Christian\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences REMOVES Chrome Site: http://r4---sn-a0jpm-a0ml.gvt1.com NOW Chrome File: C:\Documents and Settings\Christian\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ABSENT Chrome Site: http://redirector.gvt1.com NOW Chrome File: C:\Documents and Settings\Christian\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ABSENT Chrome Site: http://dev.visualwebsiteoptimizer.com NOW Chrome File: C:\Documents and Settings\Christian\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences REMOVES Chrome Site: http://static.avast.com NOW Chrome File: C:\Documents and Settings\Christian\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences REMOVES Chrome Site: http://search.babylon.com/ ABSENT Mozilla Pref: user_pref("extensions.xpiState", "{\"app-profile\":{\"{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\":{\"d\":\"C:\\\\Documents and Settin[...] ========== Folders ========== No folders empty CLSID Local user ========== Files ========== REMOVES Reboot: c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0018-abcdeffedcba} REMOVES Reboot: c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0019-abcdeffedcba} REMOVES: c:\windows\tasks\expressripsevendays.job REMOVES: c:\windows\tasks\expressripshakeicon.job REMOVES: c:\windows\tasks\expresszipreminder.job REMOVES: c:\documents and settings\christian\tempwmicbatchfile.bat REMOVES: c:\documents and settings\christian\desktop\anciennes données de firefox\9kj5mqit.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll REMOVES Reboot: c:\program files\mozilla firefox\extensions\iobit@mybrowserbar.com REMOVES Reboot: c:\program files\mozilla firefox\extensions\pdfforge@mybrowserbar.com REMOVES Reboot: c:\program files\mozilla firefox\extensions\wtxpcom@mybrowserbar.com REMOVES: c:\program files\globalupdate\update\1.3.25.0\npglobalupdateupdate4.dll REMOVES: c:\documents and settings\all users\application data\shopperpro\shopperpro.dll REMOVES: c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll REMOVES: c:\program files\globalupdate\update\globalupdate.exe REMOVES: c:\program files\raydld\ihpmserver.exe REMOVES: c:\windows\prefetch\globalupdate.exe-0477f13f.pf REMOVES: c:\windows\prefetch\globalupdatecrashhandler.exe-1996faba.pf REMOVES: c:\windows\prefetch\shopperpro.exe-34eec71f.pf REMOVES:* c:\windows\installer\{fb1ac1f1-8f47-4dce-a1ed-0dfba0f455b4}\arpproducticon.exe REMOVES:* c:\windows\installer\{047b9a6a-21e7-45cf-8825-0a061eef9b23}\arpproducticon.exe REMOVES Reboot: c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0011-abcdeffedcba} REMOVES Reboot: c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0013-abcdeffedcba} REMOVES Reboot: c:\program files\mozilla firefox\extensions\{cafeefac-0016-0000-0015-abcdeffedcba} REMOVES: c:\program files\asktbar\srchastt\1.bin\a5srchas.dll REMOVES: c:\program files\windows live\toolbar\wltcore.dll REMOVES: c:\program files\iobitbar\toolbar\1.bin\i0bar.dll REMOVES: c:\documents and settings\christian\desktop\anciennes données de firefox\9kj5mqit.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\xpatlcom.dll ========== HOSTS file ========== The Hosts file is healthy ========== System restore ========== The system successfully created restore point ========== Other ========== NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iWebar] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 410 MediaBar] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpiderMessenger_is1] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{047B9A6A-21E7-45CF-8825-0A061EEF9B23}] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}] NON-TREATY [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}] ========== Summary ========== 3 : Process memory 1 : Memory modules 101 : Registry keys 18 : Registry values 8 : Elements of the registry data 1 : Folders 27 : Files 13 : Software 13 : Preferences browser 1 : HOSTS file 1 : System restore 12 : Other End of clean in 51mn 01s ========== Path to file report ========== C:\Documents and Settings\Christian\Application Data\ZHP\ZHPFix[R1].txt - 19/10/2015 22:28:59 [14423]