Format du document : text/plain
Prévisualisation
Script ZHPFix
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com =>Hijacker.Qone8
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Cl� orpheline
O4 - GS\QuickLaunch [Jean-Claude]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\TaskBar [Jean-Claude]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Program [Jean-Claude]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-sys.job [368] =>PUP.GiganticSavings
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-Updater removing.job [306] =>PUP.GiganticSavings
[MD5.83F9FD1FD4B72219901CD9004AD06804] [APT] [bench-sys] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [69120] =>PUP.GiganticSavings
[HKCU\Software\Boxore] =>Adware.Boxore
[HKCU\Software\TutoTag] =>AgenceExclusive
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Bench] =>PUP.GiganticSavings
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Tutorials] =>AgenceExclusive
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager
[HKLM\Software\Wow6432Node\qone8Software] =>Hijacker.Qone8
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
O43 - CFD: 11/04/2014 - 12:12:29 - [0,469] ----D C:\Program Files (x86)\Bench =>PUP.GiganticSavings
O43 - CFD: 09/04/2014 - 17:40:19 - [0] ----D C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster
O43 - CFD: 09/04/2014 - 18:34:01 - [0] ----D C:\Program Files (x86)\Software
O43 - CFD: 09/04/2014 - 17:29:03 - [1,442] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab
O43 - CFD: 11/04/2014 - 12:14:43 - [0,672] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 09/04/2014 - 17:46:00 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 09/04/2014 - 17:29:48 - [0] ----D C:\Users\Jean-Claude\AppData\Roaming\Nosibay =>PUP.BubbleDock
O43 - CFD: 10/04/2014 - 09:41:20 - [0,916] ----D C:\Users\Jean-Claude\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 09/04/2014 - 17:41:52 - [0] ----D C:\Users\Jean-Claude\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 09/04/2014 - 17:29:03 - [0] ----D C:\Users\Jean-Claude\AppData\Local\Software
O45 - LFCP:[MD5.2273D2DD0924C800A8F852FE4177330C] - 09/04/2014 - 16:18:05 ---A- - C:\Windows\Prefetch\IMINENT_1712-B2FCAD5E.EXE-6CCF684A.pf =>Adware.IMBooster
O45 - LFCP:[MD5.8456E72F529ED3AD8DCDFD541CC23CA3] - 09/04/2014 - 16:18:08 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-03D2DAA0.pf =>PUP.Minibar
O45 - LFCP:[MD5.EF50BC8C30F3642BF6F4CF10F1D557B5] - 09/04/2014 - 16:18:09 ---A- - C:\Windows\Prefetch\IMINENT4FFX.EXE-12939050.pf =>Adware.IMBooster
O45 - LFCP:[MD5.D57E8B4FA42895F19C787D4C8A071444] - 09/04/2014 - 16:18:09 ---A- - C:\Windows\Prefetch\IMINENT4IE.EXE-DDE8AE0A.pf =>Adware.IMBooster
O45 - LFCP:[MD5.EF09C6C68E80FD2EA732BF7BF881687C] - 09/04/2014 - 16:18:11 ---A- - C:\Windows\Prefetch\MELONDREA_0702-81CFB2EF.EXE-842AF158.pf =>PUP.Melondrea
O45 - LFCP:[MD5.39F41EFCA09F8D46648E7E06F7D8D63F] - 09/04/2014 - 16:18:14 ---A- - C:\Windows\Prefetch\IMINENTTOOLBAR.EXE-0324CE6F.pf =>Adware.IMBooster
O45 - LFCP:[MD5.BE3F8CCD20714C4350813938180A9818] - 09/04/2014 - 16:18:22 ---A- - C:\Windows\Prefetch\LOLLIPOPINSTALLER.EXE-A24D334C.pf =>Adware.Lollipop
O45 - LFCP:[MD5.0E74B8780847771B816F1C3A80056C34] - 09/04/2014 - 16:18:36 ---A- - C:\Windows\Prefetch\MELONDREA.FIRSTRUN.EXE-F591D3A0.pf =>PUP.Melondrea
O45 - LFCP:[MD5.39FF776DE318E9E5F59FC8F90252A8B6] - 09/04/2014 - 16:18:58 ---A- - C:\Windows\Prefetch\FST_FR_0404-D267B49C.EXE-9FEEBDF8.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.C91D211E7AD3DE6B1152FD763113C5A7] - 09/04/2014 - 16:18:58 ---A- - C:\Windows\Prefetch\FST_FR_0404-D267B49C.TMP-9892966C.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.C70049846B3387D8DC3BC56C359291AF] - 09/04/2014 - 16:19:09 ---A- - C:\Windows\Prefetch\FST_FR_144.EXE-4E36631B.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.C8C52D867281739964247D35562CF0DB] - 09/04/2014 - 16:20:09 ---A- - C:\Windows\Prefetch\PRICEPEEP_EN_0303-A419CB8D.EX-1E40E1EC.pf =>Adware.PricePeep
O45 - LFCP:[MD5.FF12DD9210742A9E9B1843F9872CF002] - 09/04/2014 - 16:22:02 ---A- - C:\Windows\Prefetch\UPFST_FR_144.EXE-72818C8B.pf =>PUA.FSTfr9
O45 - LFCP:[MD5.D0BB490D8118414A1B7638A0A6C4FAEF] - 09/04/2014 - 16:28:35 ---A- - C:\Windows\Prefetch\NSBFR_QONE8.EXE-0D381433.pf =>Hijacker.Qone8
O45 - LFCP:[MD5.37AF3CD1154C7390E278E17FF7771439] - 09/04/2014 - 16:28:56 ---A- - C:\Windows\Prefetch\WPM.EXE-89AF0CF5.pf =>PUP.WpManager
O45 - LFCP:[MD5.EE693E13B23E21AC2E6E392292552AE1] - 09/04/2014 - 16:29:04 ---A- - C:\Windows\Prefetch\SUPTAB.EXE-52F4B054.pf =>PUP.SupTab
O45 - LFCP:[MD5.B1D603B316552B24A17B6D64B37B14D7] - 09/04/2014 - 16:29:12 ---A- - C:\Windows\Prefetch\BOXOREINSTALLER.EXE-6ABE83CB.pf =>Adware.Boxore
O45 - LFCP:[MD5.DCC830ADD2AEBB3324BABE68D4982BD6] - 09/04/2014 - 16:29:40 ---A- - C:\Windows\Prefetch\BOXORE.EXE-666CD123.pf =>Adware.Boxore
O45 - LFCP:[MD5.D1343C5046DA8079B2C182D238DA6546] - 09/04/2014 - 16:40:19 ---A- - C:\Windows\Prefetch\IMINENTSRV.EXE-9ECA5E9D.pf =>Adware.IMBooster
O45 - LFCP:[MD5.4F1B3B067ACE8706F82776CB2F6D4736] - 09/04/2014 - 16:41:52 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-CE051C18.pf =>Adware.Lollipop
O45 - LFCP:[MD5.DF566A193201459FDAD86C9DDB945EFF] - 09/04/2014 - 16:42:31 ---A- - C:\Windows\Prefetch\UPDATEMELONDREA.EXE-E0D94AC8.pf =>PUP.Melondrea
O45 - LFCP:[MD5.BC181B9950B2C0D08B314CC7090855CE] - 09/04/2014 - 17:01:40 ---A- - C:\Windows\Prefetch\SOFTWARECRASHHANDLER.EXE-5F240164.pf
O45 - LFCP:[MD5.2049B1C67A7F06235F406E3D50E9BBD2] - 11/04/2014 - 11:14:44 ---A- - C:\Windows\Prefetch\SUPTAB.EXE-734E953D.pf =>PUP.SupTab
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\__tips_manager [19] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\_ver [6] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\hotsearch [562] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\hotsearch_uptime [10] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\mostvisitData [1948] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\sliders [436] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\tips [99] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\tips_uptime [8] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\updateTime [9] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\wallpaper_data [1] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\wallpaper_option [2] =>PUP.SupTab
O61 - LFC: 11/04/2014 - 18:03:34 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Roaming\SupTab\wallpaper_options [31] =>PUP.SupTab
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com =>Hijacker.Qone8
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
SR - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKCU\Software\Boxore] =>Adware.Boxore
[HKLM\Software\Wow6432Node\Boxore] =>Adware.Boxore
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Classes\Iminent] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Program Files (x86)\Bench =>PUP.GiganticSavings^
C:\Program Files (x86)\IminentToolbar =>Adware.IMBooster^
C:\Program Files (x86)\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Jean-Claude\AppData\Roaming\Nosibay =>PUP.BubbleDock^
C:\Users\Jean-Claude\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\Jean-Claude\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Program Files (x86)\Software =>Adware.Boxore
C:\Users\Jean-Claude\AppData\Local\Software =>Adware.Boxore
C:\Users\Jean-Claude\AppData\Local\Temp\Iminent =>Adware.IMBooster
C:\Windows\Tasks\bench-sys.job =>PUP.GiganticSavings^
C:\Windows\Tasks\bench-Updater removing.job =>PUP.GiganticSavings^
C:\Program Files (x86)\Bench\Updater\updater.exe =>PUP.GiganticSavings^
[HKLM\Software\Wow6432Node\Bench] =>PUP.GiganticSavings^
[HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^
[HKLM\Software\Wow6432Node\qone8Software] =>Hijacker.Qone8^
[HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
FirewallRaz
PROXYFix
EmptyTemp
EmptyFlash
EmptyClsid
SysRestore