Format du document : text/plain
Prévisualisation
SysRestore
[MD5.2798942CAA300C48F3265F1B30DC9F73] - (...) -- C:\Users\proprietaire\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe [2082664] [PID.4020]
G2 - GCE: Preference [User Data\Default] [bjbkkpfgfjlcicclmfakhipaaoifgeno] Deal Boat v.1.23.67, (Activ�)
G2 - GCE: Preference [User Data\Default] [mocblcnaofikinigmceddfghppkkjbog] Smiley Bar for Facebook v.1.0.0.0 (Activ�)
O4 - HKLM\..\Wow6432Node\RunOnce: [upt4pc_fr_38.exe] . (...) -- C:\Users\proprietaire\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.exe
O4 - GS\SendTo: Desk 365.lnk . (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PC Performer] (...) -- C:\Program Files (x86)\PC Performer\PCPerformer.exe (.not file.) [0]
[MD5.0E71FD90765F5DFFFCF83B20B7907624] [APT] [Updater12747.exe] (.Innovative Apps.) -- C:\Users\proprietaire\AppData\Local\Updater12747\Updater12747.exe [210312]
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) -- C:\Users\proprietaire\AppData\Local\Updater12765\Updater12765.exe [210312]
O42 - Logiciel: Deal Boat - (.Innovative Apps.) [HKLM][64Bits] -- Deal Boat
O42 - Logiciel: tuto4pc_fr_38 - (.TUTO4PC.) [HKLM][64Bits] -- tuto4pc_fr_38_is1
[HKCU\Software\AppDataLow\Software\Deal Boat]
[HKCU\Software\Tutorials]
O43 - CFD: 26/05/2013 - 17:05:21 - [4,520] ----D C:\Program Files (x86)\Deal Boat
O43 - CFD: 29/05/2013 - 22:14:02 - [6,209] ----D C:\Program Files (x86)\tuto4pc_fr_38
O43 - CFD: 26/05/2013 - 17:04:48 - [0,175] ----D C:\Users\proprietaire\AppData\Local\Deal Boat
O43 - CFD: 11/11/2012 - 23:21:59 - [0,000] ----D C:\Users\proprietaire\AppData\Local\supt4pc_fr_14
O43 - CFD: 11/11/2012 - 23:21:59 - [2,916] ----D C:\Users\proprietaire\AppData\Local\tuto4pc_fr_14
O43 - CFD: 12/06/2013 - 16:24:27 - [1,989] ----D C:\Users\proprietaire\AppData\Local\tuto4pc_fr_38
O43 - CFD: 26/05/2013 - 17:05:18 - [0,201] ----D C:\Users\proprietaire\AppData\Local\Updater12747
O43 - CFD: 01/06/2013 - 15:07:08 - [0,201] ----D C:\Users\proprietaire\AppData\Local\Updater12765
O45 - LFCP:[MD5.AFCD75D5BBAEA8AA64EDE7595C5BBD01] - 01/06/2013 - 14:01:11 ---A- - C:\Windows\Prefetch\PCPERFORMER.EXE-F9E6CFDB.pf
O45 - LFCP:[MD5.01990DB0AA72BD3012271E9F9049026E] - 01/06/2013 - 14:06:38 ---A- - C:\Windows\Prefetch\NSB1_AR_201351311423_QVO6.EXE-CB166697.pf =>Hijacker.Qvo6
O45 - LFCP:[MD5.E57225239C2D9285B7EE41DE4F0767F1] - 01/06/2013 - 14:06:50 ---A- - C:\Windows\Prefetch\EXQ.EXE-CA5473E1.pf
O45 - LFCP:[MD5.54BBCA338586E9930EE69A2C63E85DEE] - 01/06/2013 - 14:07:03 ---A- - C:\Windows\Prefetch\DESK365.EXE-DA94FD34.pf
O45 - LFCP:[MD5.81BBC3FBC4532F0119BB4EB6ADFDDE41] - 01/06/2013 - 14:07:13 ---A- - C:\Windows\Prefetch\DESKSVC.EXE-17D4CED1.pf
O45 - LFCP:[MD5.4B866DB4B2782843FE8A359768E588E4] - 04/06/2013 - 06:19:28 ---A- - C:\Windows\Prefetch\TUTO4PC_FR_38.EXE-8BE0E621.pf
O45 - LFCP:[MD5.D5DFDCA20AC4BADF877B3846C5E3C7F0] - 09/06/2013 - 12:36:26 ---A- - C:\Windows\Prefetch\SAVINGS WAVE-CODEDOWNLOADER.E-3CFF9010.pf
O45 - LFCP:[MD5.D5503DC313EF3D4919FD58FD6A1CD084] - 29/05/2013 - 21:14:41 ---A- - C:\Windows\Prefetch\BROWSERPROTECT.EXE-8932F2BC.pf =>Hijacker.Eazel
O45 - LFCP:[MD5.F09F49355CC1A30C77FD1D955245080F] - 30/05/2013 - 06:33:11 ---A- - C:\Windows\Prefetch\MAJT4PCFR.TMP-8507887F.pf
O45 - LFCP:[MD5.2646648DB53749EA9759B77AD3F86CD8] - 30/05/2013 - 17:05:51 ---A- - C:\Windows\Prefetch\MAJT4PCFR.EXE-C580E390.pf
O45 - LFCP:[MD5.199FD6926BF81C93122B8FC7BC891843] - 30/05/2013 - 17:05:52 ---A- - C:\Windows\Prefetch\MAJT4PCFR.TMP-550E3EF4.pf
O53 - SMSR:HKLM\...\startupreg\Desk 365 [Key] . (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\tuto4pc_fr_38 [Key] . (...) -- C:\Program Files (x86)\tuto4pc_fr_38\tuto4pc_fr_38.exe
O53 - SMSR:HKLM\...\startupreg\WebCake Desktop [Key] . (...) -- C:\Users\proprietaire\AppData\Roaming\WebCake\WebCakeDesktop.exe (.not file.) =>Adware.WebCake
O61 - LFC: 09/06/2013 - 18:10:18 ---A- C:\Users\proprietaire\AppData\Local\tuto4pc_fr_38\tuto4pc_fr_38\1.10\eorezo.cyl [69]
O61 - LFC: 12/06/2013 - 15:24:27 ---A- C:\Users\proprietaire\AppData\Local\tuto4pc_fr_38\upt4pc_fr_38.cyp [780]
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9FEB8FB96CD4CF54A95AB4311193C2DA]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E]
[HKCU\Software\AppDataLow\Software\Deal Boat]
[HKLM\Software\Wow6432Node\Deal Boat]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Deal Boat]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc]
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog]
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122272247}]
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220122272265}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536]
C:\Program Files (x86)\Deal Boat
C:\Program Files (x86)\VideoPerformer
C:\Users\proprietaire\AppData\Local\Software
C:\Users\proprietaire\AppData\Local\Deal Boat
C:\Users\proprietaire\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog
O45 - LFCP:[MD5.0EE1C152121DE17F393468306B4D00A7] - 09/06/2013 - 16:16:43 ---A- - C:\Windows\Prefetch\VGRABBER_V1.4TOOLBARHELPER.EX-8796DEF6.pf
O53 - SMSR:HKLM\...\startupreg\SearchProtect [Key] . (...) -- C:\Users\proprietaire\AppData\Roaming\SearchProtect\bin\cltmng.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SearchProtectAll [Key] . (...) -- C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (.not file.)
O61 - LFC: 09/06/2013 - 16:31:52 ---A- C:\Users\proprietaire\AppData\Local\Google\Toolbar\broker_metrics.xml [1267]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
C:\Program Files (x86)\vGrabber-software
EmptyTemp
FirewallRaz
EmptyCLSID