cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Script ZHPFix
EmptyPrefetch
FirewallRaz
PROXYFix
EmptyTemp
EmptyFlash
EmptyClsid
SysRestore

G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.1.0 (D�sactiv�) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] Nouvel onglet v.5.1 (D�sactiv�) =>Adware.SearchYa
O4 - GS\QuickLaunch [NETPLAYERSKZ]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\TaskBar [NETPLAYERSKZ]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\Application\chrome.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\Program [NETPLAYERSKZ]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - GS\SystemTools [NETPLAYERSKZ]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com =>Hijacker.Qvo6
O4 - HKLM\..\Wow6432Node\Run: [tuto4pc_fr_53] Cl� orpheline =>PUP.AgenceExclusive
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.00000000000000000000000000000000] [APT] [DSite] (...) -- C:\Users\NETPLAYERSKZ\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.exe (.not file.) [0] =>Hijacker.DSite
O39 - APT: DSite - (...) -- C:\Windows\Tasks\DSite.job [306] =>Hijacker.iHaveNet
O39 - APT: DSite - (...) -- C:\Windows\System32\Tasks\DSite [306] =>Hijacker.DSite
[HKCU\Software\AppDataLow\Software\LyricsWoofer] =>Adware.AddLyrics
[HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}]
[HKCU\Software\DSiteProducts] =>Hijacker.DSite
[HKCU\Software\Duuqu] =>PUP.Duuqu
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.Mocaflix
[HKLM\Software\Wow6432Node\TUTO_4PC] =>PUP.AgenceExclusive
[HKLM\Software\Wow6432Node\V9]
[HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia
[HKLM\Software\Wow6432Node\deskSvc] =>Hijacker.22Find
O43 - CFD: 02/02/2014 - 14:48:07 - [0] ----D C:\Program Files (x86)\NeWSaverr =>PUP.NewSaver
O43 - CFD: 23/05/2014 - 15:15:05 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 30/03/2014 - 06:47:04 - [0] ----D C:\ProgramData\Performancer
O43 - CFD: 02/07/2013 - 04:40:22 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 09/11/2012 - 14:59:11 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 07/08/2014 - 13:25:46 - [0] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\DSite =>Hijacker.DSite
O43 - CFD: 02/07/2013 - 04:31:38 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\eIntaller
O43 - CFD: 02/07/2013 - 04:31:27 - [0] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\Nosibay =>PUP.BubbleDock
O43 - CFD: 08/08/2013 - 16:12:02 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Local\Duuqu =>PUP.Duuqu
O45 - LFCP:[MD5.DCCCBAAB7502322B8BAB2031E2292A35] - 21/10/2014 - 08:31:52 ---A- - C:\Windows\Prefetch\EVEREST_DISKBENCH.DLL-C4F913C6.pf =>PUP.GiganticSavings
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =>Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {32958601-AC28-B0B0-B43C-3FDDF72FD894} - (MyStart Search) - http://mystart.incredibar.com =>Adware.IncrediBar
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (Funmoods) - http://searchfunmoods.com =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\desk365_RASAPI32 =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\desk365_RASMANCS =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASAPI32 =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\deskSvc_RASMANCS =>Hijacker.22Find
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32 =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASAPI32 =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASMANCS =>PUP.Funmoods
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32 =>Adware.IncrediBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS =>Adware.IncrediBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32 =>Adware.IncrediBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS =>Adware.IncrediBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASAPI32 =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASMANCS =>PUP.BubbleDock
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsFanUpdater_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsFanUpdater_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsWooferUPD_RASAPI32 =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LyricsWooferUPD_RASMANCS =>Adware.AddLyrics
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\nsb1_ar_2013613141731_qvo6_RASAPI32 =>Hijacker.Qvo6
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\nsb1_ar_2013613141731_qvo6_RASMANCS =>Hijacker.Qvo6
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamUpdater_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0C5C_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-0C5C_RASMANCS =>Adware.Yontoo
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj] =>Adware.SearchYa^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser] =>Hijacker.22Find^
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\SP Global] =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Tracing\incredibar_install_RASAPI32] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\incredibar_install_RASMANCS] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASAPI32] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\IncredibarToolbar_RASMANCS] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc] =>Hijacker.22find
[HKLM\Software\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\Software\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}] =>Adware.MagniPic
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\eSafeSvc] =>PUP.eSafeSecurity
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:tuto4pc_fr_53 =>PUP.AgenceExclusive^
C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\NETPLAYERSKZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj =>Adware.SearchYa^
C:\Program Files (x86)\NeWSaverr =>PUP.NewSaver^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\NETPLAYERSKZ\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\NETPLAYERSKZ\AppData\Roaming\DSite =>Hijacker.DSite^
C:\Users\NETPLAYERSKZ\AppData\Roaming\Nosibay =>PUP.BubbleDock^
C:\Users\NETPLAYERSKZ\AppData\Local\Duuqu =>PUP.Duuqu^
C:\Users\NETPLAYERSKZ\AppData\Roaming\eIntaller =>PUP.eSafeSecurity
C:\Users\NETPLAYERSKZ\AppData\LocalLow\SearchNewTab =>Adware.FastSaveApp
C:\Windows\Tasks\DSite.job =>Hijacker.iHaveNet^
C:\Windows\System32\Tasks\DSite =>Hijacker.DSite^
[HKCU\Software\AppDataLow\Software\LyricsWoofer] =>Adware.AddLyrics^
[HKCU\Software\DSiteProducts] =>Hijacker.DSite^
[HKCU\Software\Duuqu] =>PUP.Duuqu^
[HKLM\Software\Wow6432Node\Babylon] =>PUP.Babylon^
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu^
[HKLM\Software\Wow6432Node\TUTO_4PC] =>PUP.AgenceExclusive^
[HKLM\Software\Wow6432Node\Vittalia] =>PUP.Vittalia^
[HKLM\Software\Wow6432Node\deskSvc] =>Hijacker.22Find^
C:\Users\NETPLAYERSKZ\Downloads\SaveAs.exe =>PUP.Offerware
[HKCU\Software\Softonic]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyDeltaTB_RASMANCS
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}]
[HKCU\Software\Softonic]
O51 - MPSK:{9f74d21f-29c7-11e2-a824-8c89a5e5edce}\AutoRun\command. (.Pas de propri�taire - Saints Row IV (c) Deep Silver Setup.) -- E:\setup.exe
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
G1 - GCS: Preference [User Data\Default] None
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O43 - CFD: 21/08/2013 - 06:33:29 - [] ----D C:\Users\NETPLAYERSKZ\AppData\Roaming\Reg
C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Intel Active Management Technology User Notification Service (UNS) - Intel Corporation -
HKLM\SYSTEM\CurrentControlSet\Services\UNS
C:\Windows\system32\wuaueng.dll
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe








Publicité


Signaler le contenu de ce document

Publicité