cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Script ZHPFix
G2 - GCE: Preference [User Data\Default] [hbcennhacfaagdopikcegfcobcadeocj] Ebay Shopping Assistant by Spigot v.1.1 (D�sactiv�) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [icdlfehblmklkikfigmjhbmmpmkmpooj] Domain Error Assistant v.1.3 (D�sactiv�) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [mhkaekfpcppmmioggniknbnbdbcigpkk] Slick Savings v.2.4 (D�sactiv�) =>PUP.Dealio
G2 - GCE: Preference [User Data\Default] [pfndaklgolladniicklehhancnlgocpp] Amazon Shopping Assistant by Spigot v.1.0 (D�sactiv�) =>PUP.Dealio
M3 - MFPP: Plugins - [rocky_000] -- C:\Users\rocky_000\AppData\Roaming\Mozilla\Firefox\Profiles\6uqxnl8u.default\searchplugins\default-search.xml =>Hijacker.Browsers
M3 - MFPP: Plugins - [rocky_000] -- C:\Users\rocky_000\AppData\Roaming\Mozilla\Firefox\Profiles\6uqxnl8u.default\searchplugins\VenteeRo.xml =>Trojan.Vonteera
M0 - MFSP: prefs.js [rocky_000 - 6uqxnl8u.default] http://www.arabyonline.com
M0 - MFSP: user.js [rocky_000 - 6uqxnl8u.default] http://www.arabyonline.com
M2 - MFEP: prefs.js [rocky_000 - 6uqxnl8u.default\quick_start@gmail.com] [] Quick Start v1.31 (..) =>PUP.QuickStart
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com
O1 - Hosts: 127.0.0.2 www.mefeedia.com
O1 - Hosts: 127.0.0.3 www.anchorfree.net
O2 - BHO: AdSafe - {598AC71E-BE58-3981-B78A-5C138F423AD6} . (...) -- C:\Users\rocky_000\AppData\Roaming\VolIE\AdSafe_32.dll =>Trojan.Vonteera
O4 - HKLM\..\Run: [InstallerLauncher] C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe (.not file.)

O20 - AppInit_DLLs: . (.Skytech Co., Ltd. - Skytech.) - C:\Program Files\SupTab\SearchProtect32.dll =>PUP.SupTab
O23 - Service: IePlugin Services (IePluginServices) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
O23 - Service: WindowsProtectManger Service (WindowsProtectManger) . (.Fuyu LIMITED - WindowsProtectManger Service.) - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe =>PUP.Fuyu
[MD5.12DDEB74C2C96027DCF2F62AA7A5AFE1] [APT] [4CEFD9B73D6C-1CRMOI2] (...) -- C:\Users\rocky_000\AppData\Roaming\ARHome\Updater.exe [96704] =>Trojan.Vonteera
[MD5.12DDEB74C2C96027DCF2F62AA7A5AFE1] [APT] [5FOFD9B73D6C-2CRMOI6] (...) -- C:\Users\rocky_000\AppData\Roaming\ARHome\Updater.exe [96704] =>Trojan.Vonteera
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\WINDOWS\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{75DB9721-119D-473A-892E-4CFB6A4A39C7}] (...) -- C:\Users\rocky_000\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.) [0] =>PUP.SweetPage
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [284] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [284] =>Trojan.Keygen
O41 - Driver: ({a3f28269-ad17-41a8-b032-3e0313ef8979}w) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys =>PUP.LinkiDoo
O42 - Logiciel: ARHome - (.NoVooIT.) [HKCU] -- ARHome =>Trojan.Vonteera
O42 - Logiciel: WindowsProtectManger20.0.0.401 - (.Fuyu LIMITED.) [HKLM] -- WindowsProtectManger =>PUP.Fuyu
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera
[HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera
[HKLM\Software\SupDp] =>PUP.SupTab
[HKLM\Software\SystemK] =>PUP.SystemK
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\supTab] =>PUP.SupTab
O43 - CFD: 20/03/2014 - 00:25:31 - [0] ----D C:\Program Files\Mega Browse =>PUP.MegaBrowse
O43 - CFD: 18/06/2014 - 00:55:25 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 17/06/2014 - 16:26:05 - [] ----D C:\ProgramData\IePluginServices =>Trojan.SProtector
O43 - CFD: 17/06/2014 - 16:25:48 - [] ----D C:\ProgramData\WindowsProtectManger =>PUP.Fuyu
O43 - CFD: 18/06/2014 - 20:21:21 - [] ----D C:\Users\rocky_000\AppData\Roaming\ARHome =>Trojan.Vonteera
O43 - CFD: 18/06/2014 - 20:21:28 - [] ----D C:\Users\rocky_000\AppData\Roaming\VolIE =>Trojan.Vonteera
O43 - CFD: 16/04/2014 - 10:10:20 - [] ----D C:\Users\rocky_000\AppData\Local\VNT
O44 - LFC:[MD5.37574643FBDD4FE6DE3E5A1C772B7E25] - 16/06/2014 - 14:52:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [52928] =>PUP.LinkiDoo
O58 - SDL:16/06/2014 - 14:52:02 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [52928] =>PUP.LinkiDoo
O69 - SBI: SearchScopes [HKCU] {756D1D40-E491-4E1D-9BC6-5B37CEDE646E} [DefaultScope] - (VenteeRo) - http://www.arabyonline.com =>Trojan.Vonteera
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net =>Hijacker.Browsers
[MD5.473DA614EDD8F0A0B4F40C465AE8272A] [SPRF][01/04/2014] (...) -- C:\ProgramData\1396355715.740.bin [114194]
[MD5.EB85F09EE50C3406A3E124EE05FA1AB4] [SPRF][04/04/2014] (...) -- C:\ProgramData\1396639003.340.bin [1089]
[MD5.56FB4F6C4376E1230C556AE5F6FBBB73] [SPRF][16/06/2014] (...) -- C:\Users\rocky_000\AppData\Roaming\Kopf.exe [310208]
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS =>PUP.WebGet
SR - | Auto 08/05/2014 704112 | (IePluginServices) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginServices\PluginService.exe =>Trojan.SProtector
SR - | Auto 12/06/2014 591776 | (WindowsProtectManger) . (.Fuyu LIMITED.) - C:\ProgramData\WindowsProtectManger\wprotectmanager.exe =>PUP.Fuyu
[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk] =>PUP.Dealio^
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp] =>PUP.Dealio^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598AC71E-BE58-3981-B78A-5C138F423AD6}] =>Trojan.Vonteera^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginServices] =>Trojan.SProtector^
[HKLM\SYSTEM\CurrentControlSet\Services\WindowsProtectManger] =>PUP.Fuyu^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ARHome] =>Trojan.Vonteera^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger] =>PUP.Fuyu^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}] =>Adware.Bandoo^
C:\Users\rocky_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj =>PUP.Dealio^
C:\Users\rocky_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj =>PUP.Dealio^
C:\Users\rocky_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk =>PUP.Dealio^
C:\Users\rocky_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp =>PUP.Dealio^
C:\Users\rocky_000\AppData\Roaming\Mozilla\Firefox\Profiles\6uqxnl8u.default\extensions\quick_start@gmail.com =>PUP.QuickStart^
C:\Program Files\Mega Browse =>PUP.MegaBrowse^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginServices =>Trojan.SProtector^
C:\ProgramData\WindowsProtectManger =>PUP.Fuyu^
C:\Users\rocky_000\AppData\Roaming\ARHome =>Trojan.Vonteera^
C:\Users\rocky_000\AppData\Roaming\VolIE =>Trojan.Vonteera^
C:\Users\rocky_000\AppData\Roaming\ARHome\Updater.exe =>Trojan.Vonteera^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
[HKCU\Software\NoVooITSet] =>Trojan.Vonteera^
[HKCU\Software\Vonteera Safe ads] =>Trojan.Vonteera^
[HKLM\Software\SupDp] =>PUP.SupTab^
[HKLM\Software\SystemK] =>PUP.SystemK^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\supTab] =>PUP.SupTab^

EmptyFlash
EmptyTemp
EmptyClsid
Emptyprefetch
FirewallRaz
Proxyfix
SysRestore

Publicité


Signaler le contenu de ce document

Publicité