Rapport de ZHPFix 2013.3.9.1 par Nicolas Coolman, Update du 9/03/2013 Fichier d'export Registre : Run by Jean at 16/04/2013 18:35:40 High Elevated Privileges : OK Windows 8 Home Premium Edition, 64-bit (Build 9200) Corbeille vidée ========== Logiciel(s) ========== SUPPRIME Updater Service ABSENT Software Key: {889DF117-14D1-44EE-9F31-C5FB5D47F68B} ========== Processus mémoire ========== SUPPRIME Reboot Memory Process: C:\Users\Jean\AppData\Roaming\Yontoo\YontooDesktop.exe SUPPRIME Memory Process: C:\Users\Jean\AppData\Local\Temp\uninst1.exe ========== Clé(s) du Registre ========== SUPPRIME Key: CLSID BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} ABSENT Key: Service: IBUpdaterService SUPPRIME Key: HKCU\Software\BabylonToolbar SUPPRIME Key: HKLM\Software\Wow6432Node\Babylon SUPPRIME Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} SUPPRIME Key*: HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} SUPPRIME Key*: HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} SUPPRIME Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} SUPPRIME Key: HKLM\Software\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} ABSENT Key: HKLM\Software\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} SUPPRIME Key: HKLM\Software\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} ABSENT Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} ABSENT Key: HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32 SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS ABSENT Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service SUPPRIME Key: HKLM\Software\Classes\Prod.cap SUPPRIME Key: HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{45564571-A21B-48ED-B584-69752EEE9C3D} SUPPRIME Key: HKLM\Software\Classes\YontooIEClient.Api SUPPRIME Key: HKLM\Software\Classes\YontooIEClient.Api.1 SUPPRIME Key: HKLM\Software\Classes\YontooIEClient.Layers SUPPRIME Key: HKLM\Software\Classes\YontooIEClient.Layers.1 SUPPRIME Key: HKLM\Software\Classes\AppID\YontooIEClient.DLL ABSENT Key: HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api ABSENT Key: HKLM\Software\Wow6432Node\Classes\YontooIEClient.Api.1 ABSENT Key: HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers ABSENT Key: HKLM\Software\Wow6432Node\Classes\YontooIEClient.Layers.1 ABSENT Key: HKLM\Software\Wow6432Node\Classes\AppID\YontooIEClient.DLL ABSENT Key: Service: Yontoo Desktop Updater ========== Valeur(s) du Registre ========== SUPPRIME RunValue: Yontoo Desktop ABSENT RunValue: Yontoo Desktop ABSENT [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:Yontoo Desktop ABSENT [HKCU\Software\e0d6dbbd3de917\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" ABSENT [HKCU\Software\e0d6dbbd3de917\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" ========== Dossier(s) ========== SUPPRIME Reboot Folder**: C:\Program Files (x86)\Yontoo SUPPRIME Folder: C:\ProgramData\Babylon SUPPRIME Folder: C:\ProgramData\BrowserProtect ABSENT C:\ProgramData\IBUpdaterService SUPPRIME Folder: C:\Users\Jean\AppData\Roaming\Babylon SUPPRIME Reboot Folder**: C:\Users\Jean\AppData\Roaming\Yontoo SUPPRIME Reboot Folder**: c:\program files (x86)\viewpoint SUPPRIME Folder: c:\programdata\viewpoint ========== Fichier(s) ========== SUPPRIME File: c:\program files (x86)\yontoo\yontooieclient.dll SUPPRIME Reboot c:\users\jean\appdata\roaming\yontoo\yontoodesktop.exe ABSENT File: c:\programdata\ibupdaterservice\ibsvc.exe SUPPRIME File: c:\users\jean\appdata\local\temp\uninst1.exe ABSENT Folder/File: c:\programdata\babylon ABSENT Folder/File: c:\programdata\ibupdaterservice ABSENT Folder/File: c:\users\jean\appdata\roaming\babylon ABSENT Folder/File: c:\users\jean\appdata\local\temp\uninst1.exe SUPPRIME Reboot c:\program files (x86)\yontoo\y2desktop.updater.exe ========== Autre ========== NON TRAITE Malware (61) ========== Récapitulatif ========== 2 : Processus mémoire 36 : Clé(s) du Registre 5 : Valeur(s) du Registre 8 : Dossier(s) 9 : Fichier(s) 2 : Logiciel(s) 1 : Autre End of clean in 00mn 17s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 15/04/2013 16:39:03 [5405] C:\ZHP\ZHPFix[R2].txt - 16/04/2013 17:01:00 [555] C:\ZHP\ZHPFix[R3].txt - 16/04/2013 18:35:40 [5405]