rapport_zhp.txt

Document joint : DBlurBjPCpg_rapport_zhp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþScript ZHPFix
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited - OfferBox.) -- C:\Program Files\OfferBox\OfferBoxBHO.dll =>PUP.OfferBox
O4 - GS\Program [Public]: Navigateur OfferBox.lnk . (...) -- C:\Program Files\OfferBox\OfferBoxLauncher.exe (.not file.) =>PUP.OfferBox
O42 - Logiciel: Plants Vs. Zombies - (.PopCap.) [HKLM] -- {B5790265-B654-4377-9EF0-085A6AB6FA8E} =>Adware.PopCap
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\Spointer] => Adware.SPointer*
[HKLM\Software\CrazyLoader] =>Adware.SPointer
[HKLM\Software\OfferBox] =>PUP.OfferBox
O43 - CFD: 03/10/2011 - 20:56:56 - [0,268] ----D C:\Program Files\OfferBox =>PUP.OfferBox
O43 - CFD: 01/11/2013 - 13:42:34 - [29,833] ----D C:\Program Files\PopCap =>Adware.PopCap
O43 - CFD: 01/11/2013 - 13:48:14 - [0] ----D C:\ProgramData\PopCap Games =>Adware.PopCap
O43 - CFD: 21/11/2010 - 21:08:05 - [0,010] ----D C:\Users\Hive\AppData\Roaming\CrazyLoader =>Adware.SPointer
O43 - CFD: 03/10/2011 - 20:56:14 - [0,274] ----D C:\Users\Hive\AppData\Roaming\OfferBox =>PUP.OfferBox
O43 - CFD: 22/11/2010 - 15:34:15 - [0,146] ----D C:\Users\Hive\AppData\Local\crazyloader Air =>Adware.SPointer
O53 - SMSR:HKLM\...\startupreg\Babylon Client [Key] . (...) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (.not file.) =>PUP.Babylon
O87 - FAEL: "TCP Query User{CFD3F81D-904A-4FC2-8908-02C3A069EA14}C:\program files\java\jre6\launch4j-tmp\crazyloader.exe" | In - Private - P6 - TRUE | .(.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\program files\java\jre6\launch4j-tmp\crazyloader.exe =>Adware.SPointer
O87 - FAEL: "UDP Query User{A8C97AB8-E1CF-4256-AE2F-4A9ECB7C3B13}C:\program files\java\jre6\launch4j-tmp\crazyloader.exe" | In - Private - P17 - TRUE | .(.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\program files\java\jre6\launch4j-tmp\crazyloader.exe =>Adware.SPointer
[MD5.0F429E5C07F5ABCA4D7334D7627FB1C1] [WIS][01/11/2013] (.PopCap - Plants Vs. Zombies.) -- C:\Windows\Installer\3bfa97.msi [234496] =>Adware.PopCap
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>PUP.OfferBox^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B5790265-B654-4377-9EF0-085A6AB6FA8E}] =>Adware.PopCap^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client] =>PUP.Babylon^
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =>Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =>Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =>Adware.RecordNRip
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}] =>Hijacker.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OfferBox] =>PUP.OfferBox
[HKLM\Software\Classes\OfferBox.OfferBoxServer] =>PUP.OfferBox
[HKLM\Software\Classes\OfferBox.OfferBoxServer.1] =>PUP.OfferBox
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] =>PUP.OfferBox
[HKLM\Software\CrazyLoader] =>Adware.SPointer
[HKCU\Software\OfferBox] =>PUP.OfferBox
[HKLM\Software\OfferBox] =>PUP.OfferBox
[HKCU\Software\Spointer] =>Adware.SPointer
[HKCU\Software\JavaSoft\Prefs\crazyloader] =>Adware.SPointer
[HKLM\Software\Classes\Prod.cap] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLM\Software\Mozilla\Firefox\Extensions]:offerboxffx@offerbox.com =>PUP.OfferBox
C:\Program Files\OfferBox =>PUP.OfferBox^
C:\Program Files\PopCap =>Adware.PopCap^
C:\ProgramData\PopCap Games =>Adware.PopCap^
C:\Users\Hive\AppData\Roaming\CrazyLoader =>Adware.SPointer^
C:\Users\Hive\AppData\Roaming\OfferBox =>PUP.OfferBox^
C:\Users\Hive\AppData\Local\crazyloader Air =>Adware.SPointer^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow ^
C:\Windows\Installer\3bfa97.msi =>Adware.PopCap^
O3 - Toolbar: (no name) - [HKLM]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline => Toolbar.AVGSearch
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Clé orpheline => Toolbar.AVGSearch
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\YahooPartnerToolbar] => Toolbar.Yahoo
[HKLM\Software\ASKInstaller] => Toolbar.Ask
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CT2405727.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CT2405727.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_T[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CT2405727.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE[...] =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/?aid=800210&fid=796029", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405727", "\"0\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/toolbar/", "\"634231103359500000\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634207581820000000"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2405727&octid=CT2405727", "\"1285580322\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"634168576518470000\""); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2405727"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.FirstServerDate", "10/24/2010 16"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.FirstTime", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.FirstTimeFF3", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.HasUserGlobalKeys", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.Initialize", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.InitializeCommonPrefs", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.InstalledDate", "Sun Oct 24 2010 15:40:09 GMT+0200"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.IsMulticommunity", false); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.IsOpenThankYouPage", false); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.IsOpenUninstallPage", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Oct 24 2010 15:40:09 GMT+0200"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.LastLogin_3.2.2.0", "Sun Oct 24 2010 15:40:10 GMT+0200"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.PublisherContainerWidth", 0); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Oct 24 2010 15:40:09 GMT+0200"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.UserID", "UN80743640833488900"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.engineLocale", "fr"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Oct 24 2010 15:40:09 GMT+0200"); =>Toolbar.Conduit
O69 - SBI: prefs.js [Hive - 9ve2gndw.default] user_pref("ConduitEngine.initDone", true); =>Toolbar.Conduit
O69 - SBI: SearchScopes [HKCU] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} [DefaultScope] - (Yahoo! Search) - http://us.yhs.search.yahoo.com => Toolbar.AVGSearch
[HKLM\Software\ASKInstaller] =>Toolbar.AskBarDis
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
C:\Users\Hive\AppData\Roaming\Mozilla\Firefox\Profiles\9ve2gndw.default\Conduit =>Toolbar.Conduit
C:\Users\Hive\AppData\Roaming\Mozilla\Firefox\Profiles\9ve2gndw.default\ConduitEngine =>Toolbar.Conduit
Spybot - Search & Destroy v1.6.2
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2692]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
O43 - CFD: 17/01/2014 - 01:02:27 - [70,985] ----D C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 08/02/2014 - 23:18:15 - [190,008] ----D C:\ProgramData\Spybot - Search & Destroy
O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

ShortcutFix
FirewallRaz
Emptytemp
SysRestore

Signaler le contenu de ce document