Report

ZHPDiag usage [Closed]

Ask a question Alex1957 3Posts Tuesday November 26, 2013Registration date November 27, 2013 Last seen - Last answered on Nov 30, 2013 at 06:38 PM by alex1957
Hi guys
I checked my system with ZHPDiag,I got a report,what shall I do next?
here's a download link http://speedy.sh/zEwsF/ZHPDiag.txt
Thanks in advance for your help. Just in case ,i have Windows 7 on my laptop.
Alex
Helpful
+1
plus moins
Hello

ZHP Diag reports are analysed by experienced Virus/Security contributors to detect malware and provide the best way to irradicate the virus or viruses.

In you case, there is adware which got in your machine because of online downloads, probably from torrents.

There is also an autorun virus in your E drive.

There are some Greek files which I cannot read.

Here are two steps to follow:

Step One:

Download the following Adwcleaner created by Xplode

http://ccm.net/download/download-24088-adwcleaner
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Step two:

Download UsbFix (created by El Desaparecido) on your desktop.

http://ccm.net/download/download-24089-usbfix

If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.

Plug in all of your usb devices (Flash drive, pen drive. External HD etc...) don't open them.

Double click sur UsbFix.exe.

Click on deletion
.
Let the tool work.

Ambucias
Moderator/virus security contributor

At the end of the scan a report will show which you can copy and paste here..

The report is save at the root ( C:\UsbFix.txt ).
Was this answer helpful?  
Helpful
+0
plus moins
Thanks a lot! I'll try to do it tomorrow as it's already 1.15 am here and I'm falling asleep.Just a quick question - together with ZHPDiag I downloaded ZHPFix,can I use it to remove what is to be removed?And if yes then how?
thanks again,
Alex
Ambucias 45755Posts mardi 2 février 2010Registration date ModeratorStatus October 20, 2017 Last seen - Nov 27, 2013 at 05:29 AM
Good question !

Please don't use ZHP Fix ! It's last resort. If malware is not all removed by the tools I gave you then, I will write you a custom made script to be used with ZHP Fix.
Helpful
+0
plus moins
Hi
I ran the AdwCleaner,here is the report:

# AdwCleaner v3.013 - Report created 27/11/2013 at 17:53:10
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ??????? - WIN-SDTODTH2STH
# Running from : C:\Users\???????\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Users\???????\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\???????\AppData\LocalLow\Connect_DLC_5
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B06F53B-95F8-4FE0-993D-A2E3D6511AB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8E24389-F354-4469-82CB-3B68780B371C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Connect_DLC_5

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\2x7etu9k.default-1384699491063\prefs.js ]


*************************

AdwCleaner[R0].txt - [32005 octets] - [26/11/2013 20:29:11]
AdwCleaner[R1].txt - [2497 octets] - [27/11/2013 17:51:44]
AdwCleaner[S0].txt - [28608 octets] - [26/11/2013 20:30:28]
AdwCleaner[S1].txt - [2466 octets] - [27/11/2013 17:53:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2526 octets] ##########
Helpful
+0
plus moins
Hi,

Well, well, adwcleaner did a wonderful job.

Did you run usbfix for the autorun virus on E?

Once you are done, I would appreciate if you delete the ZHP Diag log that you have now. Produce a new one and upload it on speedyshare. I just want to make sure we got everything and that your machine is as clean as whistle.

Regards

P.S. By the way, what are you doing in France?
Helpful
+0
plus moins
Hi
sorry for the much belated answer but I was away for a couple of days.I'll do everything tomorrow, promise.
And well,I live in France just across the border from Switzerland where I'm working.
cheers

Member requests are more likely to be responded to.

Members can monitor the statuses of their requests from their account pages.

A CCM membership gives you access to additional options.

Not a member yet?

Sign up now. It takes less than a minute and is completely free!