Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015 Fichier d'export Registre : Run by BENOIT at 30/03/2017 10:09:27 High Elevated Privileges : OK Windows 8 Business Edition, 64-bit (Build 9200) Recycle Bin emptied (00mn 06s) Prefetcher emptied ========== Software ========== REMOVES: amuleC REMOVES: BikaQ Rss REMOVES: WinSnare ========== Process memory ========== REMOVES: Memory Process: C:\Windows\Installer\{BB1104E2-BF22-4754-831E-5A9EE253991C}\_853F67D554F05449430E7E.exe ========== Registry keys ========== REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0F7B5011-72EC-493D-A7BF-546591047E8E}] REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3678D164-84DB-4F73-AFD6-916342E10764}] REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB1104E2-BF22-4754-831E-5A9EE253991C}] REMOVES: Service: clean REMOVES: Service: InstallerService REMOVES: Service: serverws REMOVES: Service: WinSAPSvc REMOVES: Service: WinSnare REMOVES: HKLM\SOFTWARE\Wow6432Node\Arperk REMOVES: HKLM\SOFTWARE\Wow6432Node\Atodoentcoikse REMOVES: HKLM\SOFTWARE\Wow6432Node\Bavrykatok REMOVES: HKLM\SOFTWARE\Wow6432Node\Boxfat REMOVES: HKLM\SOFTWARE\Wow6432Node\Celerle REMOVES: HKLM\SOFTWARE\Wow6432Node\Chtydrerpuing REMOVES: HKLM\SOFTWARE\Wow6432Node\Ckavule REMOVES: HKLM\SOFTWARE\Wow6432Node\Clestlehacult REMOVES: HKLM\SOFTWARE\Wow6432Node\co.ao.aio REMOVES: HKLM\SOFTWARE\Wow6432Node\co.ao.qws REMOVES: HKLM\SOFTWARE\Wow6432Node\D95B5FA83D9DF5AEEDEAB41BABBCC014 REMOVES: HKLM\SOFTWARE\Wow6432Node\Dridetain REMOVES: HKLM\SOFTWARE\Wow6432Node\drinent.exe REMOVES: HKLM\SOFTWARE\Wow6432Node\Dronaing REMOVES: HKLM\SOFTWARE\Wow6432Node\Elex-tech REMOVES: HKLM\SOFTWARE\Wow6432Node\Explorer REMOVES: HKLM\SOFTWARE\Wow6432Node\Goldass REMOVES: HKLM\SOFTWARE\Wow6432Node\jhtrsq REMOVES: HKLM\SOFTWARE\Wow6432Node\MicroRay REMOVES: HKLM\SOFTWARE\Wow6432Node\msitask REMOVES: HKLM\SOFTWARE\Wow6432Node\Plwoiedcoergacult REMOVES: HKLM\SOFTWARE\Wow6432Node\Reejach REMOVES: HKLM\SOFTWARE\Wow6432Node\startpageing123Software REMOVES: HKLM\SOFTWARE\Wow6432Node\Vamuward REMOVES: HKLM\SOFTWARE\Wow6432Node\Zohetnerhiing REMOVES: HKCU\SOFTWARE\D95B5FA83D9DF5AEEDEAB41BABBCC014 REMOVES: HKCU\SOFTWARE\Explorer REMOVES: HKCU\SOFTWARE\Goldass REMOVES: HKCU\SOFTWARE\IM REMOVES: HKCU\SOFTWARE\KingsIsle Entertainment, Inc. REMOVES: HKCU\SOFTWARE\ProtectedStorage REMOVES: HKCU\SOFTWARE\Raft REMOVES: HKCU\SOFTWARE\WinSnare REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{F294D2AE-ECCF-11E6-85D5-64006A5CFC23}] REMOVES: [HKLM\Software\Classes\Installer\Products\\2E4011BB22FB457438E1A5E92E3599C1] REMOVES: [HKLM\Software\Classes\Installer\Features\2E4011BB22FB457438E1A5E92E3599C1] REMOVES: [HKLM\Software\Classes\Installer\Products\\461D8763BD4837F4FA6D1936241E7046] REMOVES: [HKLM\Software\Classes\Installer\Features\461D8763BD4837F4FA6D1936241E7046] REMOVES: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\Open\command REMOVES: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\Open\command ========== Registry values ========== ABSENT value Standard Profile: FirewallRaz : ABSENT value Domain Profile: FirewallRaz : REMOVES: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD} REMOVES: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266} REMOVES: FirewallRaz (Domain) : NetPres-In-TCP-NoScope REMOVES: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope REMOVES: FirewallRaz (None) : NetPres-WSD-In-UDP REMOVES: FirewallRaz (None) : NetPres-WSD-Out-UDP REMOVES: FirewallRaz (Public) : NetPres-In-TCP REMOVES: FirewallRaz (Public) : NetPres-Out-TCP REMOVES: FirewallRaz (None) : MCX-Prov-Out-TCP REMOVES: FirewallRaz (None) : MCX-McrMgr-Out-TCP REMOVES: FirewallRaz (Private) : TCP Query User{FF9BD57C-FEBC-470F-BBD6-854C8B1C01A4}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe REMOVES: FirewallRaz (Private) : UDP Query User{B93EDD7E-A728-4C62-A80E-B3C85D7914EC}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe REMOVES: FirewallRaz (None) : {DAA05029-C27E-4632-BB50-FB1063BAFC36} REMOVES: FirewallRaz (Public) : TCP Query User{65454CF0-CA88-4DBD-B6AD-9F9B49D61306}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe REMOVES: FirewallRaz (Public) : UDP Query User{FEAD2E10-A831-488D-B14B-99E5C215546C}C:\program files (x86)\java\jre1.8.0_111\bin\javaw.exe REMOVES ShellExecuteHooks: {F294D2AE-ECCF-11E6-85D5-64006A5CFC23} REMOVES: {AD5E2A49-1A20-4019-A96D-9E0DDEDDF3CB} ========== Elements of the registry data ========== REMOVES: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page REMOVES: R1 Search Page = http://www.startpageing123.com/search/?type=ds&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8qfofe3w&from=che0812&uid=ST3500630AS_5QG0PQEBXXXX5QG0PQEB&q={searchTerms} REMOVES: R1 Search Page = http://www.startpageing123.com/?type=hp&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8qfofe3w&from=che0812&uid=ST3500630AS_5QG0PQEBXXXX5QG0PQEB REMOVES: StartMenuInternet: C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.startpageing123.com/ REMOVES: StartMenuInternet: C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.startpageing123.com/ ========== Preferences browser ========== REMOVES Mozilla Pref: http://www.startpageing123.com/ ABSENT Mozilla Pref: user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.fr,DuckDuckGo,Portail Lexical - CNRTL,startpageing123,Wikipédia (fr)"[...] ABSENT Mozilla Pref: user_pref("browser.startup.homepage", "http://www.startpageing123.com/?type=hp&ts=1490636207&z=ba7406d6b62455eebe11b6fgez9t3eaqcc8[...] ========== Folders ========== Deletes temporary Windows (0) REMOVES Flash Cookies (0) REMOVES: C:\Program Files\dsh7q194 REMOVES: C:\Program Files (x86)\58BE9E3D_cacayima REMOVES: C:\Program Files (x86)\58C00CCC_cacayima REMOVES: C:\Program Files (x86)\58C1C30B_cacayima REMOVES: C:\Program Files (x86)\58C2B675_cacayima REMOVES: C:\Program Files (x86)\58C6A655_cacayima REMOVES: C:\Program Files (x86)\58C7C5E7_cacayima REMOVES: C:\Program Files (x86)\58C94694_cacayima REMOVES: C:\Program Files (x86)\58CAFB96_cacayima REMOVES: C:\Program Files (x86)\58CBCD7A_cacayima REMOVES: C:\Program Files (x86)\dsh7q194 REMOVES Reboot:** C:\Program Files (x86)\Elex-tech REMOVES Reboot:** C:\Program Files (x86)\Gherwaspanasution REMOVES Reboot:** C:\Program Files (x86)\Ghobus Collector REMOVES: C:\Program Files (x86)\MK REMOVES: C:\Program Files (x86)\n1 REMOVES: C:\Program Files (x86)\WinSnare(4.3.9) REMOVES: C:\Users\BENOIT\AppData\Roaming\Elex-tech REMOVES: C:\Users\BENOIT\AppData\Roaming\WinSAPSvc REMOVES: C:\Users\BENOIT\AppData\Roaming\WinSnare REMOVES: C:\Users\BENOIT\AppData\Local\Boxfat REMOVES: C:\Users\BENOIT\AppData\Local\MSfree Inc REMOVES: C:\Users\BENOIT\AppData\Local\Zujerle ========== Files ========== Deletes temporary Windows (0) (0 octets) REMOVES Flash Cookies (0) (0 octets) REMOVES: c:\users\benoit\appdata\roaming\clean\kyubey.exe REMOVES: c:\users\benoit\appdata\roaming\winsapsvc\winsap.dll REMOVES: c:\users\benoit\appdata\roaming\winsnare\winsnare.dll REMOVES: C:\Windows\Installer\1591c428.msi REMOVES: C:\Windows\Installer\6e2cccf.msi REMOVES: C:\Windows\Installer\71f28e12.msi REMOVES: C:\Users\BENOIT\AppData\Roaming\Mozilla\Firefox\Profiles\w0dex2ed.default-1487150875118\searchplugins\startpageing123.xml REMOVES:** c:\windows\installer\{bb1104e2-bf22-4754-831e-5a9ee253991c}\_853f67d554f05449430e7e.exe ========== Scheduled task ========== REMOVES: Milimili ========== Summary ========== 1 : Process memory 48 : Registry keys 19 : Registry values 7 : Elements of the registry data 25 : Folders 10 : Files 3 : Software 3 : Preferences browser 1 : Scheduled task End of clean in 02mn 49s ========== Path to file report ========== C:\Users\BENOIT\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/03/2017 10:09:34 [8174]