cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash

C:\ProgramData\KMSAutoS\KMSAuto Net.exe =>HackTool.WinActivator
C:\WINDOWS\System32\Tasks\KMSAutoNet =>HackTool.WinActivator
C:\Users\ADil\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn =>Toolbar.AVGSafeGuard
C:\Users\ADil\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzw8sk.default-1439030047509\extensions\avg@toolbar.xpi =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>Toolbar.AVGSafeGuard
HKCU\SOFTWARE\AVG Web TuneUp =>Toolbar.AVGSafeGuard
HKCU\SOFTWARE\ExpressFiles =>PUP.Optional.ExpressFiles
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
HKCU\SOFTWARE\TeleCharger =>.Superfluous.Downloader
HKCU\SOFTWARE\undefined =>.Superfluous.Downloader
C:\Program Files (x86)\AVG Web TuneUp =>Toolbar.AVGSafeGuard
C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
C:\ProgramData\AVG Web TuneUp =>Toolbar.AVGSafeGuard
C:\ProgramData\KMSAutoS =>PUP.Optional.Windows
C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
C:\Users\ADil\AppData\Roaming\ExpressFiles =>PUP.Optional.ExpressFiles
C:\Users\ADil\AppData\Roaming\SSN =>PUP.Optional.SaveSerpNow
C:\Users\ADil\AppData\Local\AVG Web TuneUp =>Toolbar.AVGSafeGuard
C:\WINDOWS\Prefetch\EXPRESSFILES.EXE-75074FBD.pf =>PUP.Optional.ExpressFiles
C:\WINDOWS\Prefetch\PERFORMANCEOPTIMIZER.EXE-23A96D70.pf =>PUP.Optional.BProtector
C:\WINDOWS\Prefetch\REIMAGE.EXE-BEE43FC1.pf =>PUP.Optional.ReImageRepair
C:\WINDOWS\Prefetch\REIMAGEPACKAGE.EXE-62A9E75B.pf =>PUP.Optional.ReImageRepair
C:\WINDOWS\Prefetch\REIMAGEREPAIR.EXE-5F4B3542.pf =>PUP.Optional.ReImageRepair
C:\WINDOWS\Prefetch\REIMAGEREPAIR.EXE-D46D7A18.pf =>PUP.Optional.ReImageRepair
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} =>PUP.Optional.MyWebSearch
HKLM\Software\Classes\Installer\Products\45B71F1875D5E58488CC6F2DD0665B0E =>PUP.Optional.UpdateAdmin
HKLM\Software\Classes\Installer\Features\45B71F1875D5E58488CC6F2DD0665B0E =>PUP.Optional.UpdateAdmin
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\performanceoptimizer_RASAPI32 =>PUP.Optional.BProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\performanceoptimizer_RASMANCS =>PUP.Optional.BProtector
O39 - APT: KMSAutoNet - (.MSFree Inc..) -- C:\WINDOWS\System32\Tasks\KMSAutoNet [3786] =>HackTool.WinActivator
[MD5.6EE7F3ECD5111CD5306792FD3141515D] [APT] [KMSAutoNet] (.MSFree Inc..) -- C:\ProgramData\KMSAutoS\KMSAuto Net.exe [6977272] =>HackTool.WinActivator
SR - Auto [16/12/2015] [ 1923984] (vToolbarUpdater40.2.4) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe =>.AVG Technologies CZ, s.r.o.®
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("extensions.xpiState", "{\"app-profile\":{\"avg@toolbar\":{\"d\":\"C:\\\\Users\\\\ADil\\\\AppData\\\\Roaming\\\\Mozilla\[...] =>Toolbar.AVGSearch
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("browser.search.defaultenginename", "AVG Secure Search"); =>Toolbar.AVGSearch
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("browser.search.hiddenOneOffs", "AVG Secure Search"); =>Toolbar.AVGSearch
O43 - CFD: 14/11/2015 - [] D -- C:\Users\ADil\AppData\Local\AVG Web TuneUp =>Toolbar.AVGSafeGuard
O43 - CFD: 14/11/2015 - [] D -- C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch
O43 - CFD: 14/11/2015 - [] D -- C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch
O43 - CFD: 14/11/2015 - [] D -- C:\ProgramData\AVG Web TuneUp =>Toolbar.AVGSafeGuard
O43 - CFD: 16/12/2015 - [] D -- C:\Program Files (x86)\AVG Web TuneUp =>.AVG Technologies CZ, s.r.o.® =>Toolbar.AVGSafeGuard
HKCU\SOFTWARE\AVG Web TuneUp =>Toolbar.AVGSafeGuard
HKLM\SOFTWARE\Wow6432Node\AVG Web TuneUp =>Toolbar.AVGSafeGuard
P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (...) -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll =>Toolbar.AVGSearch
P2 - EXT FILE: (...) -- C:\Users\ADil\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzw8sk.default-1439030047509\extensions\avg@toolbar.xpi =>Toolbar.AVGSearch
G2 - GCE: Preference [User Data\Default] [chfdnecihphmhljaaejmgoiahnihplgn] AVG Web TuneUp =>Toolbar.AVGSafeGuard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\performanceoptimizer_RASAPI32 =>PUP.Optional.BProtector
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\performanceoptimizer_RASMANCS =>PUP.Optional.BProtector
O90 - PUC: "45B71F1875D5E58488CC6F2DD0665B0E" . (.UpdateAdmin.) -- C:\WINDOWS\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}\icon.ico =>PUP.Optional.UpdateAdmin
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com/ =>PUP.Optional.MyWebSearch
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("plugin.state.npconduitfirefoxplugin", 0); =>PUP.Optional.Conduit
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("browser.startup.homepage", "https://mysearch.avg.com/?cid={354DF90E-A3A9-4CB2-A32D-B3873CFF2043}&mid=da7db78abcec47cca3[...] =>PUP.Optional.MyWebSearch
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("extensions.newtabtools.optionspointershown", true); =>PUP.Optional.SPointer
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("extensions.quick_start.enable_search1", false); =>PUP.Optional.QuickStart
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); =>PUP.Optional.QuickStart
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"https://mysearch.avg.com\"},{\"name\":\"Goo[...] =>PUP.Optional.MyWebSearch
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("avg.wtu.ext.Revert_HP", "https://www.malwarebytes.org/restorebrowser//general/newhometab.php?hometab=home&partner=11433[...] =>PUP.Optional.CertifiedToolbar
O45 - LFCP:[MD5.8C57350780A7ADDEB24659FCD6447361] 18/12/2015 A -- C:\WINDOWS\Prefetch\EXPRESSFILES.EXE-75074FBD.pf =>PUP.Optional.ExpressFiles
O45 - LFCP:[MD5.957723466DEA60AD984AADC666E56902] 12/12/2015 A -- C:\WINDOWS\Prefetch\PERFORMANCEOPTIMIZER.EXE-23A96D70.pf =>PUP.Optional.BProtector
O45 - LFCP:[MD5.E0E9BB9E6DCE3B71FB3020AEDD10E58F] 29/11/2015 A -- C:\WINDOWS\Prefetch\REIMAGE.EXE-BEE43FC1.pf =>PUP.Optional.ReImageRepair
O45 - LFCP:[MD5.398AF59E814A7E5B6A80AB37015B84A6] 26/11/2015 A -- C:\WINDOWS\Prefetch\REIMAGEPACKAGE.EXE-62A9E75B.pf =>PUP.Optional.ReImageRepair
O45 - LFCP:[MD5.121CFF9A72A28E0923285337C4C2ABD7] 26/11/2015 A -- C:\WINDOWS\Prefetch\REIMAGEREPAIR.EXE-5F4B3542.pf =>PUP.Optional.ReImageRepair
O45 - LFCP:[MD5.0A6949973343FD37973E78E8992F003B] 29/11/2015 A -- C:\WINDOWS\Prefetch\REIMAGEREPAIR.EXE-D46D7A18.pf =>PUP.Optional.ReImageRepair
O43 - CFD: 30/09/2015 - [] D -- C:\Users\ADil\AppData\Roaming\SSN =>PUP.Optional.SaveSerpNow
O43 - CFD: 28/11/2015 - [] D -- C:\Users\ADil\AppData\Roaming\ExpressFiles =>PUP.Optional.ExpressFiles
O43 - CFD: 19/12/2015 - [] D -- C:\ProgramData\KMSAutoS =>PUP.Optional.Windows
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
HKCU\SOFTWARE\ExpressFiles =>PUP.Optional.ExpressFiles
M0 - MFSP: prefs.js [ADil - jbfzw8sk.default-1439030047509] https://mysearch.avg.com/?cid={354DF90E-A3A9-4CB2-A32D-B3873CFF2043}&mid=da7db78abcec47cca371857c76f44663-df6afcf521aec14e2c7037f269ac2d5da209d6d6&lang=fr&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-11-14 14:27:49&v=4.2.2.128&pid=wtu&sg=&sap=hp =>PUP.Optional.MyWebSearch
O58 - SDL:2014/12/29 03:59:36 A . (.Visicom Media Inc. - ManyCam Virtual Microphone.) -- C:\WINDOWS\System32\drivers\mcaudrv_x64.sys [35960] =>.Superfluous.VisicomManyCam
O58 - SDL:2014/12/29 04:05:44 A . (.Visicom Media Inc. - ManyCam Virtual Webcam Driver.) -- C:\WINDOWS\System32\drivers\mcvidrv.sys [49272] =>.Superfluous.VisicomManyCam
HKCU\SOFTWARE\undefined =>.Superfluous.Downloader
HKCU\SOFTWARE\TeleCharger =>.Superfluous.Downloader
O69 - SBI: prefs.js [ADil - jbfzw8sk.default-1439030047509] user_pref("avg.wtu.ext.dnsWhiteList", "toolbarhome.com,avg.com"); =>Trojan.Vonteera
P2 - EXT FILE: (...) -- C:\Users\ADil\AppData\Roaming\Mozilla\Firefox\Profiles\jbfzw8sk.default-1439030047509\extensions\newtabtools@darktrojan.net.xpi
[MD5.00000000000000000000000000000000] [APT] [Format Factory] (...) -- C:\Users\ADil\AppData\Local\Temp\is-8CMKQ.tmp\prsetup.exe (.not file.) [0]
O20 - AppInit_DLLs: . (...) - C:\Windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll (.not file.)
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [TuneUpUtilities_Task_BkGndMaintenance2013] (...) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Format Factory] (...) -- C:\Users\ADil\AppData\Local\Temp\is-8CMKQ.tmp\prsetup.exe (.not file.) [0]
O43 - CFD: 24/01/2014 - [0] HD -- C:\Program Files (x86)\Temp
O43 - CFD: 07/01/2016 - [] D -- C:\Users\ADil\AppData\Local\Temp
O43 - CFD: 05/08/2015 - [0] SHD -- C:\Users\ADil\AppData\Local\Temporary Internet Files
O43 - CFD: 19/11/2015 - [0] D -- C:\ProgramData\Temp
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated®
O4 - HKCU\..\Run: [CyberGhost] . (.CyberGhost S.R.L. - CyberGhost.) -- C:\Program Files\CyberGhost 5\CyberGhost.exe =>.CyberGhost S.R.L.®
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>.BitTorrent Inc®
O4 - HKCU\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe =>.Bogdan Sharkov®
O4 - HKLM\..\Wow6432Node\Run: [Macro Manager] . (.GrassSoftware - Macro Manager.) -- C:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroManager.exe
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2803208679-2434042382-3264808341-1001\..\RunOnce: [WAB Migrate] . (.Microsoft Corporation - Windows Contacts.) -- C:\Program Files (x86)\Windows Mail\wab.exe =>.Microsoft Corporation

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3c23aa43-d056-4bc5-b703-456d35833ea2}: NameServer = 37.221.175.198,95.169.183.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c7e74ec7-9974-4222-aa14-2f45138d47f0}: NameServer = 37.221.175.198,95.169.183.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c7e74ec7-9974-4222-aa14-2f45138d47f0}: DhcpNameServer = 95.169.183.219 89.41.60.38 37.221.175.198

Publicité


Signaler le contenu de ce document

Publicité