Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPFix 2013.6.4.1 par Nicolas Coolman, Update du 04/06/2013
Fichier d'export Registre :
Run by Nicolas at 10/06/2013 19:54:18
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Corbeille vid�e
========== Logiciel(s) ==========
ABSENT Software Key: O42 - Logiciel: Extensions FrameFox 1.0.2.0 - (.. �quipe de QwertyBox) [HKLM] [64Bits] - {A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}
========== Cl�(s) du Registre ==========
ABSENT Key: \Software\Classes\Installer\Products\\CC26D1A35415424C9E69E8EFEB026C0. (Extensions FrameFox 1.0.2.0..) - C:\Windows\Installer\{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}\FrameFox.ico
SUPPRIME Key: HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}
SUPPRIME Key: HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}
SUPPRIME Key: HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}
SUPPRIME Key: HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
SUPPRIME Key: HKLM\Software\Classes\AppID\{D97A8234-F2A2-4ad4-91D5-FECDB2C553AF}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4ad4-91D5-FECDB2C553AF}
SUPPRIME Key: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib
SUPPRIME Key*: HKLM\Software\Boxore
ABSENT Key: HKLM\Software\Wow6432Node\Boxore
SUPPRIME Key: HKLM\Software\Wow6432Node\Duuqu
SUPPRIME Key*: HKCU\Software\DataMngr
SUPPRIME Key*: HKLM\Software\Wow6432Node\DataMngr
SUPPRIME Key*: HKCU\Software\DataMngr_Toolbar
SUPPRIME Key: HKCU\Software\Duuqu
========== Valeur(s) du Registre ==========
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
========== Dossier(s) ==========
SUPPRIME Reboot Folder**: C:\Program Files (x86)\FrameFox
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows
========== Fichier(s) ==========
ABSENT File: c:\users\nicolas\desktop\hijackthis.lnk. (...) - c:\program files (x86)\trend micro\hijackthis\hijackthis.exe (. pas le fichier.)
ABSENT File: c:\windows\tasks\duuquupdatetaskmachinecore.job
ABSENT File: c:\windows\tasks\duuquupdatetaskmachineua.job
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows
========== Tache planifi�e ==========
ABSENT Task: DuuquUpdateTaskMachineCore
ABSENT Task: DuuquUpdateTaskMachineUA
ABSENT Task: F0DE4FEF8201E306F9938B0905AC96A] [APT]
========== Autre ==========
NON TRAITE [MD5.B5ADEB3FCFFAE8094611DD04D09D2450] - (Duuqu Group - Extensions FrameFox..) - C:\Program Files (x86)\FrameFox\Extensions\InternetExplorer\framefox.exe [224240] [PID.2912]
NON TRAITE [MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineCore] (...) - C: (.. Pas fichier)\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [0]
NON TRAITE [MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineUA] (...) - C: (.. Pas fichier)\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [0]
NON TRAITE [MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT]
NON TRAITE [MD5.ED612C3BF49DDE8E731CFD814FF6769A] [SPRF] [27/06/2012] (...) - C:\Users\Nicolas\AppData\Local\d3d9caps.dat [680]
NON TRAITE [MD5.72A51C6832040CDDFD40D747154A0129] [SPRF] [04/08/2011] (...) - C:\Users\Nicolas\AppData\Local\d3d9caps64.dat [732]
========== R�capitulatif ==========
18 : Cl�(s) du Registre
2 : Valeur(s) du Registre
3 : Dossier(s)
5 : Fichier(s)
1 : Logiciel(s)
3 : Tache planifi�e
6 : Autre
End of clean in 00mn 13s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 10/06/2013 15:04:11 [4596]
C:\ZHP\ZHPFix[R2].txt - 10/06/2013 19:54:18 [3875]
Fichier d'export Registre :
Run by Nicolas at 10/06/2013 19:54:18
High Elevated Privileges : OK
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Corbeille vid�e
========== Logiciel(s) ==========
ABSENT Software Key: O42 - Logiciel: Extensions FrameFox 1.0.2.0 - (.. �quipe de QwertyBox) [HKLM] [64Bits] - {A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}
========== Cl�(s) du Registre ==========
ABSENT Key: \Software\Classes\Installer\Products\\CC26D1A35415424C9E69E8EFEB026C0. (Extensions FrameFox 1.0.2.0..) - C:\Windows\Installer\{A1D62CC4-1453-4245-9C6E-E9E8EF0B620C}\FrameFox.ico
SUPPRIME Key: HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}
SUPPRIME Key: HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}
SUPPRIME Key: HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}
SUPPRIME Key: HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
SUPPRIME Key: HKLM\Software\Classes\AppID\{D97A8234-F2A2-4ad4-91D5-FECDB2C553AF}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4ad4-91D5-FECDB2C553AF}
SUPPRIME Key: HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib
SUPPRIME Key*: HKLM\Software\Boxore
ABSENT Key: HKLM\Software\Wow6432Node\Boxore
SUPPRIME Key: HKLM\Software\Wow6432Node\Duuqu
SUPPRIME Key*: HKCU\Software\DataMngr
SUPPRIME Key*: HKLM\Software\Wow6432Node\DataMngr
SUPPRIME Key*: HKCU\Software\DataMngr_Toolbar
SUPPRIME Key: HKCU\Software\Duuqu
========== Valeur(s) du Registre ==========
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
========== Dossier(s) ==========
SUPPRIME Reboot Folder**: C:\Program Files (x86)\FrameFox
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows
========== Fichier(s) ==========
ABSENT File: c:\users\nicolas\desktop\hijackthis.lnk. (...) - c:\program files (x86)\trend micro\hijackthis\hijackthis.exe (. pas le fichier.)
ABSENT File: c:\windows\tasks\duuquupdatetaskmachinecore.job
ABSENT File: c:\windows\tasks\duuquupdatetaskmachineua.job
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows
========== Tache planifi�e ==========
ABSENT Task: DuuquUpdateTaskMachineCore
ABSENT Task: DuuquUpdateTaskMachineUA
ABSENT Task: F0DE4FEF8201E306F9938B0905AC96A] [APT]
========== Autre ==========
NON TRAITE [MD5.B5ADEB3FCFFAE8094611DD04D09D2450] - (Duuqu Group - Extensions FrameFox..) - C:\Program Files (x86)\FrameFox\Extensions\InternetExplorer\framefox.exe [224240] [PID.2912]
NON TRAITE [MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineCore] (...) - C: (.. Pas fichier)\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [0]
NON TRAITE [MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineUA] (...) - C: (.. Pas fichier)\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe [0]
NON TRAITE [MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT]
NON TRAITE [MD5.ED612C3BF49DDE8E731CFD814FF6769A] [SPRF] [27/06/2012] (...) - C:\Users\Nicolas\AppData\Local\d3d9caps.dat [680]
NON TRAITE [MD5.72A51C6832040CDDFD40D747154A0129] [SPRF] [04/08/2011] (...) - C:\Users\Nicolas\AppData\Local\d3d9caps64.dat [732]
========== R�capitulatif ==========
18 : Cl�(s) du Registre
2 : Valeur(s) du Registre
3 : Dossier(s)
5 : Fichier(s)
1 : Logiciel(s)
3 : Tache planifi�e
6 : Autre
End of clean in 00mn 13s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 10/06/2013 15:04:11 [4596]
C:\ZHP\ZHPFix[R2].txt - 10/06/2013 19:54:18 [3875]