cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Script ZHPFix


Lignes indésirables :
G2 - EXT: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbadcnkcgcfgpbmcdleckpejgopimf [cacaoweb] =>PUP.CacaoWeb
G2 - EXT: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\leahdjjpjmnamomgpojikeapflgbmjab [cacaoweb] =>PUP.CacaoWeb
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.do =>Hijacker.SearchDo
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.do =>Hijacker.SearchDo
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.) =>PUP.Mobogenie
O4 - HKCU\..\Run: [updat] \B C:\Users\user\AppData\Local\Temp\updat.vbs (.not file.) => Infection Bot (Malware.Bot)
O4 - HKUS\S-1-5-21-4836775-1081772654-2752331463-1000\..\Run: [updat] \B C:\Users\user\AppData\Local\Temp\updat.vbs (.not file.) => Infection Bot (Malware.Bot)
[MD5.00000000000000000000000000000000] [APT] [Sk-Enhancer-S-5499298658] (...) -- c:\programdata\wintersoft\sk-enhancer\Sk-Enhancer.exe (.not file.) [0] =>Adware.SurfAndKeep
O39 - APT: Sk-Enhancer-S-5499298658 - (...) -- C:\Windows\Tasks\Sk-Enhancer-S-5499298658.job [458] =>Adware.SurfAndKeep
O39 - APT: Sk-Enhancer-S-5499298658 - (...) -- C:\Windows\System32\Tasks\Sk-Enhancer-S-5499298658 [458] =>Adware.SurfAndKeep
[HKCU\Software\AppDataLow\SProtector] =>PUP.Mocaflix
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKLM\Software\Babylon] =>PUP.Babylon
[HKLM\Software\dosearchesSoftware] =>PUP.DoSearches
[HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity
O43 - CFD: 04/03/2014 - 00:56:42 - [0] ----D C:\Program Files\DiVapton =>PUP.DiVapton
O43 - CFD: 24/06/2015 - 19:27:47 - [] ----D C:\Program Files\Mobogenie =>PUP.Mobogenie
O43 - CFD: 08/11/2013 - 15:02:47 - [0] ----D C:\Program Files\Sk-Enhancer =>Adware.SurfAndKeep
O43 - CFD: 29/09/2012 - 16:05:09 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon
O43 - CFD: 24/11/2013 - 01:43:36 - [] ----D C:\ProgramData\eSafe =>PUP.eSafeSecurity
O43 - CFD: 08/11/2013 - 15:01:48 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 29/09/2012 - 16:05:09 - [] ----D C:\Users\user\AppData\Roaming\Babylon =>PUP.Babylon
O43 - CFD: 24/06/2015 - 06:47:45 - [] ----D C:\Users\user\AppData\Roaming\cacaoweb =>PUP.CacaoWeb
O43 - CFD: 08/06/2015 - 13:35:06 - [] ----D C:\Users\user\AppData\Roaming\newnext.me =>PUP.NextLive
O43 - CFD: 24/06/2015 - 18:46:32 - [0] ----D C:\Users\user\AppData\Local\genienext =>PUP.NextLive
O43 - CFD: 28/01/2014 - 20:20:27 - [] ----D C:\Users\user\AppData\Local\Mobogenie =>PUP.Mobogenie
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- searches.com\?utm_source=b&utm_medium=smt&utm_campaign=rg&utm_content=sc&from=smt&uid=HitachiXHTS543232A7A384_E2034243FW3PEPFW3PEPX&ts=1383862029 C:\Program Files\Internet Explorer\iexplore.exe http://www.do =>Hijacker.wwwDo
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32 =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\updateDiVapton_RASMANCS =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\utilDiVapton_RASAPI32 =>PUP.DiVapton
HKLM\SOFTWARE\Microsoft\Tracing\utilDiVapton_RASMANCS =>PUP.DiVapton
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>PUP.Conduit
[HKLM\Software\Classes\Prod.cap] =>PUP.ClaroSearch
[HKCU\Software\cacaoweb] =>PUP.CacaoWeb
[HKCU\Software\AppDataLow\SProtector] =>PUP.AdvancedSystemProtector
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASAPI32] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\MyBabylontb_RASMANCS] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\AppID\secman.DLL] =>PUP.Babylon
[HKLM\Software\eSafeSecControl] =>PUP.eSafeSecurity
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc] =>PUP.eSafeSecurity
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon =>PUP.Mobogenie^
C:\Program Files\DiVapton =>PUP.DiVapton^
C:\Program Files\Mobogenie =>PUP.Mobogenie^
C:\Program Files\Sk-Enhancer =>Adware.SurfAndKeep^
C:\ProgramData\Babylon =>PUP.Babylon^
C:\ProgramData\eSafe =>PUP.eSafeSecurity^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\user\AppData\Roaming\Babylon =>PUP.Babylon^
C:\Users\user\AppData\Roaming\cacaoweb =>PUP.CacaoWeb^
C:\Users\user\AppData\Roaming\newnext.me =>PUP.NextLive^
C:\Users\user\AppData\Local\genienext =>PUP.NextLive^
C:\Users\user\AppData\Local\Mobogenie =>PUP.Mobogenie^
C:\Users\user\AppData\LocalLow\BabylonToolbar =>PUP.Babylon
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\leahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb
C:\Windows\Tasks\Sk-Enhancer-S-5499298658.job =>Adware.SurfAndKeep^
C:\Windows\System32\Tasks\Sk-Enhancer-S-5499298658 =>Adware.SurfAndKeep^
[HKLM\Software\Babylon] =>PUP.Babylon^
[HKLM\Software\dosearchesSoftware] =>PUP.DoSearches^
C:\Users\user\Downloads\cacaoweb.exe =>PUP.CacaoWeb
G2 - EXT: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [AVG Security Toolbar]
M3 - MFPP: Plugins - [user] -- C:\Program Files\Mozilla FireFox\searchplugins\avg-secure-search.xml
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
P2 - FPN: [HKLM] [@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin] - (...) -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\npsitesafety.dll (.not file.)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} . (...) -- C:\Program Files\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll (.not file.)
O3 - Toolbar: AVG Security Toolbar - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} . (...) -- C:\Program Files\AVG Secure Search\18.5.0.909\AVG Secure Search_toolbar.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Clé orpheline
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (...) -- C:\Windows\TEMP\{B5EEEABF-1FA3-490B-86B4-F478F8D2CB66}.exe (.not file.) [0]
O39 - APT: AVG-Secure-Search-Update_JUNE2013_TB_rmv - (...) -- C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [352]
O39 - APT: AVG-Secure-Search-Update_JUNE2013_TB_rmv - (...) -- C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv [352]
[HKCU\Software\AVG Secure Search]
[HKLM\Software\AVG Secure Search]
[HKLM\Software\AVG Security Toolbar]
O43 - CFD: 26/08/2014 - 17:26:32 - [] ----D C:\Program Files\AVG Security Toolbar
O43 - CFD: 05/03/2015 - 16:51:08 - [] ----D C:\Program Files\Common Files\AVG Secure Search
O43 - CFD: 23/06/2014 - 15:26:36 - [] ----D C:\ProgramData\AVG Secure Search
O43 - CFD: 21/03/2014 - 21:40:09 - [] ----D C:\Users\user\AppData\Local\AVG Secure Search
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} [DefaultScope] - (AVG Secure Search) - http://isearch.avg.com
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_JUNE2013_TB_RASMANCS
[HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}] (AVG Security Toolbar)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}]
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}]
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}]
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]
[HKLM\Software\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}]
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}]
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}]
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}]
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}]
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}]
[HKLM\Software\Classes\AppID\ScriptHelper.EXE]
[HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI]
[HKLM\Software\Classes\AVG Secure Search.PugiObj]
[HKLM\Software\Classes\AVG Secure Search.PugiObj.1]
[HKLM\Software\Classes\S]
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi]
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1]
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE]
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1]
[HKLM\Software\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof]
[HKLM\Software\Classes\AVG Secure Search.BrowserWndAPI.1]
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}]
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{95B7759C-8C7F-4BF1-B163-73684A933233}
C:\Program Files\AVG Security Toolbar
C:\Program Files\Common Files\AVG Secure Search
C:\ProgramData\AVG Secure Search
C:\Users\user\AppData\Local\AVG Secure Search
C:\Users\user\AppData\LocalLow\AVG Secure Search
C:\Users\user\AppData\Local\Temp\avg@toolbar
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv
[HKCU\Software\AVG Secure Search]
[HKLM\Software\AVG Secure Search]
[HKLM\Software\AVG Security Toolbar]
[HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}] (AVG Security Toolbar)

Lignes superflues ou inutiles :
McAfee Security Scan Plus v3.8.130.8 => McAfee, Inc
P2 - FPN: [HKLM] [@mcafee.com/McAfeeMssPlugin] - (.McAfee, Inc. - McAfee MSS+ NPAPI Plugin.) -- C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll => McAfee, Inc
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll => McAfee, Inc
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files\iSkysoft\iTube Studio\BrowserPlugInHelper.exe (.not file.) => Fichier absent
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000Core] (.Facebook Inc..) -- C:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000UA] (.Facebook Inc..) -- C:\users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000Core - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000Core.job [902] => Facebook Update Task User
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000Core - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000Core [902] => Facebook Update Task User
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000UA - (.Facebook Inc..) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000UA.job [924] => Facebook Update Task User
O39 - APT: FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000UA - (.Facebook Inc..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4836775-1081772654-2752331463-1000UA [924] => Facebook Update Task User
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan => McAfee, Inc
O43 - CFD: 20/10/2013 - 12:47:12 - [] ----D C:\Program Files\McAfee Security Scan => McAfee, Inc
O43 - CFD: 02/10/2012 - 18:08:23 - [] ----D C:\ProgramData\McAfee Security Scan => McAfee, Inc
O43 - CFD: 20/10/2013 - 12:44:24 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus => McAfee, Inc
SS - | Demand 06/09/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe => McAfee, Inc

Lignes d'optimisation du démarrage :
OPT:O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
OPT:O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
OPT:O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
OPT:O4 - HKCU\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
OPT:O4 - HKUS\S-1-5-21-4836775-1081772654-2752331463-1000\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
OPT:O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
OPT:SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

EmptyClsid
Proxyfix
FirewallRaz
ShortcutFix
emptytemp
emptyflash


Publicité


Signaler le contenu de ce document

Publicité