ZHPDiag usage
Closed
Alex1957
Posts
3
Registration date
Tuesday November 26, 2013
Status
Member
Last seen
November 27, 2013
-
Nov 26, 2013 at 04:03 PM
alex1957 - Nov 30, 2013 at 06:38 PM
alex1957 - Nov 30, 2013 at 06:38 PM
5 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 26, 2013 at 04:47 PM
Nov 26, 2013 at 04:47 PM
Hello
ZHP Diag reports are analysed by experienced Virus/Security contributors to detect malware and provide the best way to irradicate the virus or viruses.
In you case, there is adware which got in your machine because of online downloads, probably from torrents.
There is also an autorun virus in your E drive.
There are some Greek files which I cannot read.
Here are two steps to follow:
Step One:
Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
Step two:
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in all of your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
Ambucias
Moderator/virus security contributor
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
ZHP Diag reports are analysed by experienced Virus/Security contributors to detect malware and provide the best way to irradicate the virus or viruses.
In you case, there is adware which got in your machine because of online downloads, probably from torrents.
There is also an autorun virus in your E drive.
There are some Greek files which I cannot read.
Here are two steps to follow:
Step One:
Download the following Adwcleaner created by Xplode
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.
Step two:
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in all of your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
Ambucias
Moderator/virus security contributor
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
Alex1957
Posts
3
Registration date
Tuesday November 26, 2013
Status
Member
Last seen
November 27, 2013
Nov 26, 2013 at 07:16 PM
Nov 26, 2013 at 07:16 PM
Thanks a lot! I'll try to do it tomorrow as it's already 1.15 am here and I'm falling asleep.Just a quick question - together with ZHPDiag I downloaded ZHPFix,can I use it to remove what is to be removed?And if yes then how?
thanks again,
Alex
thanks again,
Alex
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 27, 2013 at 05:29 AM
Nov 27, 2013 at 05:29 AM
Good question !
Please don't use ZHP Fix ! It's last resort. If malware is not all removed by the tools I gave you then, I will write you a custom made script to be used with ZHP Fix.
Please don't use ZHP Fix ! It's last resort. If malware is not all removed by the tools I gave you then, I will write you a custom made script to be used with ZHP Fix.
Alex1957
Posts
3
Registration date
Tuesday November 26, 2013
Status
Member
Last seen
November 27, 2013
Nov 27, 2013 at 12:00 PM
Nov 27, 2013 at 12:00 PM
Hi
I ran the AdwCleaner,here is the report:
# AdwCleaner v3.013 - Report created 27/11/2013 at 17:53:10
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ??????? - WIN-SDTODTH2STH
# Running from : C:\Users\???????\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Users\???????\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\???????\AppData\LocalLow\Connect_DLC_5
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B06F53B-95F8-4FE0-993D-A2E3D6511AB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8E24389-F354-4469-82CB-3B68780B371C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Connect_DLC_5
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v25.0.1 (en-US)
[ File : C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\2x7etu9k.default-1384699491063\prefs.js ]
*************************
AdwCleaner[R0].txt - [32005 octets] - [26/11/2013 20:29:11]
AdwCleaner[R1].txt - [2497 octets] - [27/11/2013 17:51:44]
AdwCleaner[S0].txt - [28608 octets] - [26/11/2013 20:30:28]
AdwCleaner[S1].txt - [2466 octets] - [27/11/2013 17:53:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2526 octets] ##########
I ran the AdwCleaner,here is the report:
# AdwCleaner v3.013 - Report created 27/11/2013 at 17:53:10
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ??????? - WIN-SDTODTH2STH
# Running from : C:\Users\???????\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Users\???????\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\???????\AppData\LocalLow\Connect_DLC_5
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B06F53B-95F8-4FE0-993D-A2E3D6511AB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8E24389-F354-4469-82CB-3B68780B371C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Connect_DLC_5
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v25.0.1 (en-US)
[ File : C:\Users\???????\AppData\Roaming\Mozilla\Firefox\Profiles\2x7etu9k.default-1384699491063\prefs.js ]
*************************
AdwCleaner[R0].txt - [32005 octets] - [26/11/2013 20:29:11]
AdwCleaner[R1].txt - [2497 octets] - [27/11/2013 17:51:44]
AdwCleaner[S0].txt - [28608 octets] - [26/11/2013 20:30:28]
AdwCleaner[S1].txt - [2466 octets] - [27/11/2013 17:53:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2526 octets] ##########
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,170
Nov 27, 2013 at 04:35 PM
Nov 27, 2013 at 04:35 PM
Hi,
Well, well, adwcleaner did a wonderful job.
Did you run usbfix for the autorun virus on E?
Once you are done, I would appreciate if you delete the ZHP Diag log that you have now. Produce a new one and upload it on speedyshare. I just want to make sure we got everything and that your machine is as clean as whistle.
Regards
P.S. By the way, what are you doing in France?
Well, well, adwcleaner did a wonderful job.
Did you run usbfix for the autorun virus on E?
Once you are done, I would appreciate if you delete the ZHP Diag log that you have now. Produce a new one and upload it on speedyshare. I just want to make sure we got everything and that your machine is as clean as whistle.
Regards
P.S. By the way, what are you doing in France?
Didn't find the answer you are looking for?
Ask a question