Scribd
Upload
176 views4 pages

ZHP Cleaner

This document is a log from ZHPCleaner, a system cleaning tool. It summarizes the detections and removals of potentially unwanted programs (PUPs), adware, and other threats. Key findings include: - Detection and removal of 4 services related to PUP.SystemK and adware - Removal of browser extensions and preferences related to adware like RollAround and Multiplug - Deletion of files and folders associated with PUPs and adware from the system directories, browser profiles, and temporary folders - Removal of registry keys, values, and data associated with hijackers, PUPs, and adware from places like Browser Helper Objects, Services, and

Uploaded by

Jawad Maal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
176 views4 pages

ZHP Cleaner

This document is a log from ZHPCleaner, a system cleaning tool. It summarizes the detections and removals of potentially unwanted programs (PUPs), adware, and other threats. Key findings include: - Detection and removal of 4 services related to PUP.SystemK and adware - Removal of browser extensions and preferences related to adware like RollAround and Multiplug - Deletion of files and folders associated with PUPs and adware from the system directories, browser profiles, and temporary folders - Removal of registry keys, values, and data associated with hijackers, PUPs, and adware from places like Browser Helper Objects, Services, and

Uploaded by

Jawad Maal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

~

~
~
~
~
~
~
~
~
~
~

ZHPCleaner v2015.6.3.265 by Nicolas Coolman (2015\06\3)


Run by MAALOUM (Administrator) (25/06/2015 13:38:43)
Site : http://nicolascoolman.com/fr
Facebook : https://www.facebook.com/nicolascoolman1
State version : Pas de fichier rseau
Type : Netttoyer
Report : C:\Users\MAALOUM\Desktop\ZHPCleaner.txt
Quarantine : C:\Users\MAALOUM\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
UAC : Activate
Boot Mode : Normal (Normal boot)
Windows 7, 64-bit Service Pack 1 (Build 7601)

---\\ Service. (4)


SUPPRIM : F06DEFF2-5B9C-490D-910F-35D3A9119622 (PUP.SystemK)
ARRET : SmdmFService (PUP.SystemK)
ARRET : Service Mgr RollAround (Heuristic.RollAround)
ARRET : Update Mgr RollAround (Heuristic.RollAround)
---\\ Navigateur internet. (5)
SUPPRIM: [0vx9n8mz.default] - user_pref("extensions.RollAround.cg", "875d9125-073
f-4995-aa06-0fefa3a69596"); (Adware.RollAround)
DEPLAC fichier: C:\Users\MAALOUM\AppData\Roaming\Mozilla\Firefox\Profiles\0vx9n8m
z.default\searchplugins\WebSearch.xml (Hijacker.SimpleSearches) [1ACE41F251F24
C5A6D24663DB4F50493]
REMPLAC Chrome Preferences: [hxxp://pstatic.kingtopdeals.com/ (Adware.Multiplug)
REMPLAC Chrome Preferences: hxxps://rollaround-a.akamaihd.net/ (Adware.RollAround
)
REMPLAC Chrome Preferences: [hxxps://rollaround-a.akamaihd.net/ (Adware.RollAroun
d)
---\\ Fichier hte. (1)
~ Le fichier hte est lgitime. (21)
---\\ Tche planifie. (0)
~ Aucun lment malicieux trouv.
---\\ Explorateur ( Dossiers, Fichiers ). (14)
DEPLAC fichier: C:\Users\MAALOUM\AppData\Roaming\Mozilla\Firefox\Profiles\0vx9n8m
z.default\searchplugins\WebSearch.xml (Hijacker.SimpleSearches)
DEPLAC fichier^: C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg [
Aztec Media Inc - SmdmFConfiguration] (PUP.SystemK)
DEPLAC fichier^: C:\Program Files (x86)\Assets Manager\smdmf\SmdmFService.exe [Az
tec Media Inc - SmdmF Service] (PUP.SystemK)
DEPLAC fichier: C:\Program Files (x86)\GreenTree Applications\YTD Video Downloade
r\ytd.exe [GreenTree Applications SRL - YTD Video Downloader] (PUP.GreenTreeApp)
DEPLAC fichier: C:\Users\Public\Desktop\YTD Video Downloader.lnk (PUP.GreenTree
App)
DEPLAC fichier: C:\Windows\Prefetch\SMDMFSERVICE.EXE-4AA7D1F8.pf (PUP.SystemK)
DEPLAC fichier: C:\Users\MAALOUM\AppData\Local\Temp\~nsu.tmp\Au_.exe [Aztec Media
Inc - Linkey - Uninstall] (PUP.SystemK)
DEPLAC dossier: C:\Program Files (x86)\Assets Manager (PUP.SystemK)
DEPLAC dossier: C:\Program Files (x86)\Roll Around (Adware.RollAround)
DEPLAC dossier: C:\Program Files (x86)\youtubeadblocker (Adware.Multiplug)
DEPLAC dossier: C:\ProgramData\5672932759329687721 (Adware.CrossRider)
DEPLAC dossier: C:\ProgramData\nhihdhkhlkplbafgfbeplidhdeciapnm (Toolbar.Ask)

DEPLAC dossier^: C:\ProgramData\smdmf (PUP.SystemK)


DEPLAC dossier: C:\Users\MAALOUM\AppData\Roaming\OpenCandy (Adware.OpenCandy)
---\\ Base de Registres ( Cls, Valeurs, Donnes ). (39)
REMPLAC donne: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
\\DefaultScope \\\{22A86324-75DC-44EB-88A4-945A5A0CF5F3} (Hijacker.SearchScopes)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93
-D776-472f-A0FF-E1416B8B2E3A} [http://q.search-simple.com/?affID=bl_875d9125-073
f-4995-aa06-0fefa3a69596&q={searchTerms}] [Yahoo Search!] (Hijacker.SearchSimple
)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17
-9C68-4BB3-B188-DD9AF0FD2503} [http://www.default-search.net/search?sid=503&aid=
100&itype=n&ver=15625&tm=631&src=ds&p={searchTerms}] [default-search.net] (Hijac
ker.SearchNet)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScop
es\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} [http://www.default-search.net/search?
sid=503&aid=100&itype=n&ver=15625&tm=631&src=ds&p={searchTerms}] [default-search
.net] (Hijacker.SearchNet)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScop
es\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} [http://websearch.coolsearches.info/?l
=1&q={searchTerms}&pid=2921&r=2015/04/04&hid=837133082032558447[...]] [WebSearch
] (Hijacker.SimpleSearches)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{d67c3b91-5c94-4c61-a6c8-0ac44fe379fe} [UniDeals] (Adware.Multip
lug)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{e155c703-85a0-455b-a309-a49174718ac0} [UniDeals] (Adware.Multip
lug)
SUPPRIM cl*: [X64] HKLM\Software\Classes\CLSID\{d67c3b91-5c94-4c61-a6c8-0ac44fe379
fe} [UniDeals] (Adware.Multiplug)
SUPPRIM cl*: [X64] HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
{d67c3b91-5c94-4c61-a6c8-0ac44fe379fe} [] (Adware.Multiplug)
SUPPRIM cl*: [X64] HKLM\Software\Classes\CLSID\{e155c703-85a0-455b-a309-a49174718a
c0} [UniDeals] (Adware.Multiplug)
SUPPRIM cl*: [X64] HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
{e155c703-85a0-455b-a309-a49174718ac0} [] (Adware.Multiplug)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Expl
orer\Browser Helper Objects\{83c0e288-8fa0-43d3-acc7-c1e839d85abc} [Roll Around]
(Adware.RollAround)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93
-D776-472f-A0FF-E1416B8B2E3A} [http://q.search-simple.com/?affID=bl_875d9125-073
f-4995-aa06-0fefa3a69596&q={searchTerms}] (Hijacker.SearchSimple)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17
-9C68-4BB3-B188-DD9AF0FD2503} [http://www.default-search.net/search?sid=503&aid=
100&itype=n&ver=15625&tm=631&src=ds&p={searchTerms}] (Hijacker.SearchNet)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScop
es\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} [http://www.default-search.net/search?
sid=503&aid=100&itype=n&ver=15625&tm=631&src=ds&p={searchTerms}] (Hijacker.Searc
hNet)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScop
es\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} [http://websearch.coolsearches.info/?l
=1&q={searchTerms}&pid=2921&r=2015/04/04&hid=8371330820325584474&lg=EN&cc=MA&unq
vl=85] (Hijacker.SimpleSearches)
SUPPRIM cl^: HKLM\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A9
119622 [C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg (Not File
)] (PUP.SystemK)
SUPPRIM cl^: HKLM\SYSTEM\CurrentControlSet\Services\SmdmFService [C:\Program Files
(x86)\Assets Manager\smdmf\SmdmFService.exe (Not File)] (PUP.SystemK)
SUPPRIM cl*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Service Mgr RollAround [

"C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe" (Not F
ile)] (Heuristic.RollAround)
SUPPRIM cl*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Update Mgr RollAround ["
C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater
.exe" (Not File)] (Heuristic.RollAround)
SUPPRIM cl^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F35D3A9119622 [C:\Program Files (x86)\Assets Manager\smdmf\x64\smdmfmgrc3.cfg (No
t File)] (PUP.SystemK)
SUPPRIM cl^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\SmdmFService [C:\Program
Files (x86)\Assets Manager\smdmf\SmdmFService.exe (Not File)] (PUP.SystemK)
SUPPRIM cl*: HKEY_USERS\S-1-5-21-1375202689-1315002916-1913171047-1000\Software\Li
nkey [] (PUP.LinkeySearch)
SUPPRIM cl: HKCU\Software\Linkey [] (PUP.LinkeySearch)
SUPPRIM cl*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\king
topdeals.com [] (Adware.Multiplug)
SUPPRIM cl*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\psta
tic.kingtopdeals.com [124] (Adware.Multiplug)
SUPPRIM cl*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\roll
around-a.akamaihd.net [126709] (Adware.RollAround)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Classes\Linkey.Linkey [Linkey Class] (PUP.LinkeyS
earch)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Classes\P6a9b7b68_eba7_488f_a162_4584a59551ad_.P6
a9b7b68_eba7_488f_a162_4584a59551ad_ [youtubeadblocker] (Adware.Multiplug)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Classes\P6a9b7b68_eba7_488f_a162_4584a59551ad_.P6
a9b7b68_eba7_488f_a162_4584a59551ad_.9 [youtubeadblocker] (Adware.Multiplug)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Classes\CLSID\{6a9b7b68-eba7-488f-a162-4584a59551
ad} [youtubeadblocker] (Adware.Multiplug)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Linkey [] (PUP.LinkeySearch)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Wow6432Node\Linkey [] (PUP.LinkeySearch)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Wow6432Node\RollAround [] (Adware.RollAround)
SUPPRIM cl^: [X64] HKLM\SOFTWARE\Wow6432Node\SmdmF [] (PUP.SettingsManager)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Unin
stall\Assets Manager [Aztec Media Inc] (PUP.SystemK)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Unin
stall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} [GreenTree Applications SRL] (PUP.G
reenTreeApp)
SUPPRIM cl*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Unin
stall\{4820778D-AB0D-6D18-C316-52A6A0E1D507} [youtubeadblocker] (Adware.Multiplu
g)
SUPPRIM cl: [X64] HKLM\SOFTWARE\Classes\CLSID\{6a9b7b68-eba7-488f-a162-4584a59551a
d}\InprocServer32 [C:\Program Files (x86)\youtubeadblocker\TKfttbovdfGRvN.x64.dl
l (Not File)] (Adware.Multiplug)
---\\ Bilan de la rparation
~ Rparation ralise avec succs.
~ Ce navigateur est absent (Opera Software)
~ Le systme a t redmarr.
---\\ Statistiques
~ Items scanns : 889
~ Items trouvs : 0
~ Items annuls : 0
~ Items rpars : 67
End of clean at 13:41:03
===================
ZHPCleaner-[R]-25062015-13_41_03.txt

ZHPCleaner-[S]-25062015-13_36_12.txt

You might also like