Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script ZHPFix
R3 - URLSearchHook: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Cl� orpheline
O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (...) - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe (.not file.) =>PUP.Duuqu
[MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineCore] (...) -- C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe (.not file.) [0] =>PUP.Duuqu
[MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineUA] (...) -- C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe (.not file.) [0] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineCore - (...) -- C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [906] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineCore - (...) -- C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore [906] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineUA - (...) -- C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [910] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineUA - (...) -- C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA [910] =>PUP.Duuqu
O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Duuqu
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\Duuqu] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\suprasavings] =>PUP.SupraSavings
O43 - CFD: 21/05/2014 - 09:29:58 - [] ----D C:\Users\Jean-Claude\AppData\Local\Duuqu =>PUP.Duuqu
O45 - LFCP:[MD5.C7C6DDDDAB316F0337EC3B1153FCD8D2] - 21/05/2014 - 08:34:00 ---A- - C:\Windows\Prefetch\DUUQUCRASHHANDLER.EXE-5EF95F6D.pf =>PUP.Duuqu
O45 - LFCP:[MD5.10B8E98EAFF916AD53CD920553AEAA8F] - 21/05/2014 - 08:34:00 ---A- - C:\Windows\Prefetch\DUUQUUPDATE.EXE-23028BAD.pf =>PUP.Duuqu
O45 - LFCP:[MD5.A28F44F15D88BE3A50F4284136D9AA38] - 21/05/2014 - 08:30:08 ---A- - C:\Windows\Prefetch\DUUQUUPDATE.EXE-FBDCC84E.pf =>PUP.Duuqu
O45 - LFCP:[MD5.D2C812195265F8710D230D4B2AC2678F] - 21/05/2014 - 08:29:56 ---A- - C:\Windows\Prefetch\IMINENT4FFX.EXE-12939050.pf =>Adware.IMBooster
O45 - LFCP:[MD5.CF94D7450DB166BAFBE62F77D105D60A] - 21/05/2014 - 08:29:56 ---A- - C:\Windows\Prefetch\IMINENT4IE.EXE-DDE8AE0A.pf =>Adware.IMBooster
O45 - LFCP:[MD5.D6B3F0E87A1CB362AA357442F038BA0C] - 21/05/2014 - 08:29:56 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-03D2DAA0.pf =>PUP.Minibar
O45 - LFCP:[MD5.40506EA1A0F4D0A854D9EB40366777AF] - 21/05/2014 - 08:32:25 ---A- - C:\Windows\Prefetch\IMINENTSRV.EXE-9ECA5E9D.pf =>Adware.IMBooster
O45 - LFCP:[MD5.0EBF1ABBC6480D57C1DAAF5BEEC16C7C] - 21/05/2014 - 08:30:00 ---A- - C:\Windows\Prefetch\IMINENTTOOLBAR.EXE-0324CE6F.pf =>Adware.IMBooster
O45 - LFCP:[MD5.348E29E440DC22C6ABA979E2B496259A] - 21/05/2014 - 08:32:26 ---A- - C:\Windows\Prefetch\IMINENTUNINSTALL.EXE-9087B9EC.pf =>Adware.IMBooster
O45 - LFCP:[MD5.92F990C90215A7ABA511DE1CF82363B6] - 21/05/2014 - 08:29:57 ---A- - C:\Windows\Prefetch\IMINENT_1712-B2FCAD5E.EXE-37DA19AD.pf =>Adware.IMBooster
O45 - LFCP:[MD5.E41282579E18EBE84A5170BD362288BA] - 21/05/2014 - 08:29:55 ---A- - C:\Windows\Prefetch\MINIBARCHROME.EXE-9293069C.pf =>PUP.Minibar
O45 - LFCP:[MD5.8F417A057A5F7BF04E36A42C0FFCAF92] - 21/05/2014 - 08:29:54 ---A- - C:\Windows\Prefetch\MINIBARFIREFOX.EXE-257A527D.pf =>PUP.Minibar
O45 - LFCP:[MD5.DB1FC35BC5B7CE7F7DDC0FE141B073AB] - 21/05/2014 - 08:29:52 ---A- - C:\Windows\Prefetch\SUPRASAVINGS_2703-E3E04064.EX-7787E94F.pf =>PUP.SupraSavings
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O61 - LFC: 21/05/2014 - 12:16:28 ---A- . (.Duuqu Group.) -- C:\Users\Jean-Claude\AppData\Local\Temp\n3597\FrameFox_1909-357c9206.exe [492232] =>PUP.Duuqu
O61 - LFC: 21/05/2014 - 12:16:28 ---A- . (.Sien SA.) -- C:\Users\Jean-Claude\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjl5cea50\minibarchrome.exe [869184] =>PUP.Minibar
O61 - LFC: 21/05/2014 - 12:16:29 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Local\Temp\n3597\suprasavings_2703-e3e04064.exe [1391718] =>PUP.SupraSavings
O61 - LFC: 21/05/2014 - 12:16:29 ---A- . (.SIEN.) -- C:\Users\Jean-Claude\AppData\Local\Temp\n3597\Iminent_1712-b2fcad5e.exe [2167160] =>Adware.IMBooster
[MD5.C13388A1D0EB8A495C7014805AE236EF] [WIS][21/05/2014] (.Duuqu Group - Duuqu Update Helper.) -- C:\Windows\Installer\4f4375.msi [45056] =>PUP.Duuqu
SS - | Auto 10/07/1658 0 | (dqupdate) . (...) - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe =>PUP.Duuqu
SS - | Demand 10/07/1658 0 | (dqupdatem) . (...) - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe =>PUP.Duuqu
[HKLM\SYSTEM\CurrentControlSet\Services\dqupdate) (dqupdate] =>PUP.Duuqu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>PUP.Duuqu^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\Jean-Claude\AppData\Local\Duuqu =>PUP.Duuqu^
C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job =>PUP.Duuqu^
C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore =>PUP.Duuqu^
C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job =>PUP.Duuqu^
C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA =>PUP.Duuqu^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\Duuqu] =>PUP.Duuqu^
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\4f4375.msi =>PUP.Duuqu^
EmptyPrefetch
FirewallRaz
PROXYFix
EmptyTemp
EmptyFlash
EmptyClsid
SysRestore
R3 - URLSearchHook: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.)
O2 - BHO: (no name) [64Bits] - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Cl� orpheline
O23 - Service: Duuqu Update Service (dqupdate) (dqupdate) . (...) - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe (.not file.) =>PUP.Duuqu
[MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineCore] (...) -- C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe (.not file.) [0] =>PUP.Duuqu
[MD5.00000000000000000000000000000000] [APT] [DuuquUpdateTaskMachineUA] (...) -- C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe (.not file.) [0] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineCore - (...) -- C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job [906] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineCore - (...) -- C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore [906] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineUA - (...) -- C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job [910] =>PUP.Duuqu
O39 - APT: DuuquUpdateTaskMachineUA - (...) -- C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA [910] =>PUP.Duuqu
O42 - Logiciel: Duuqu Update Helper - (.Duuqu Group.) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Duuqu
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings
[HKCU\Software\Duuqu] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKLM\Software\suprasavings] =>PUP.SupraSavings
O43 - CFD: 21/05/2014 - 09:29:58 - [] ----D C:\Users\Jean-Claude\AppData\Local\Duuqu =>PUP.Duuqu
O45 - LFCP:[MD5.C7C6DDDDAB316F0337EC3B1153FCD8D2] - 21/05/2014 - 08:34:00 ---A- - C:\Windows\Prefetch\DUUQUCRASHHANDLER.EXE-5EF95F6D.pf =>PUP.Duuqu
O45 - LFCP:[MD5.10B8E98EAFF916AD53CD920553AEAA8F] - 21/05/2014 - 08:34:00 ---A- - C:\Windows\Prefetch\DUUQUUPDATE.EXE-23028BAD.pf =>PUP.Duuqu
O45 - LFCP:[MD5.A28F44F15D88BE3A50F4284136D9AA38] - 21/05/2014 - 08:30:08 ---A- - C:\Windows\Prefetch\DUUQUUPDATE.EXE-FBDCC84E.pf =>PUP.Duuqu
O45 - LFCP:[MD5.D2C812195265F8710D230D4B2AC2678F] - 21/05/2014 - 08:29:56 ---A- - C:\Windows\Prefetch\IMINENT4FFX.EXE-12939050.pf =>Adware.IMBooster
O45 - LFCP:[MD5.CF94D7450DB166BAFBE62F77D105D60A] - 21/05/2014 - 08:29:56 ---A- - C:\Windows\Prefetch\IMINENT4IE.EXE-DDE8AE0A.pf =>Adware.IMBooster
O45 - LFCP:[MD5.D6B3F0E87A1CB362AA357442F038BA0C] - 21/05/2014 - 08:29:56 ---A- - C:\Windows\Prefetch\IMINENTMINIBARIE.EXE-03D2DAA0.pf =>PUP.Minibar
O45 - LFCP:[MD5.40506EA1A0F4D0A854D9EB40366777AF] - 21/05/2014 - 08:32:25 ---A- - C:\Windows\Prefetch\IMINENTSRV.EXE-9ECA5E9D.pf =>Adware.IMBooster
O45 - LFCP:[MD5.0EBF1ABBC6480D57C1DAAF5BEEC16C7C] - 21/05/2014 - 08:30:00 ---A- - C:\Windows\Prefetch\IMINENTTOOLBAR.EXE-0324CE6F.pf =>Adware.IMBooster
O45 - LFCP:[MD5.348E29E440DC22C6ABA979E2B496259A] - 21/05/2014 - 08:32:26 ---A- - C:\Windows\Prefetch\IMINENTUNINSTALL.EXE-9087B9EC.pf =>Adware.IMBooster
O45 - LFCP:[MD5.92F990C90215A7ABA511DE1CF82363B6] - 21/05/2014 - 08:29:57 ---A- - C:\Windows\Prefetch\IMINENT_1712-B2FCAD5E.EXE-37DA19AD.pf =>Adware.IMBooster
O45 - LFCP:[MD5.E41282579E18EBE84A5170BD362288BA] - 21/05/2014 - 08:29:55 ---A- - C:\Windows\Prefetch\MINIBARCHROME.EXE-9293069C.pf =>PUP.Minibar
O45 - LFCP:[MD5.8F417A057A5F7BF04E36A42C0FFCAF92] - 21/05/2014 - 08:29:54 ---A- - C:\Windows\Prefetch\MINIBARFIREFOX.EXE-257A527D.pf =>PUP.Minibar
O45 - LFCP:[MD5.DB1FC35BC5B7CE7F7DDC0FE141B073AB] - 21/05/2014 - 08:29:52 ---A- - C:\Windows\Prefetch\SUPRASAVINGS_2703-E3E04064.EX-7787E94F.pf =>PUP.SupraSavings
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O61 - LFC: 21/05/2014 - 12:16:28 ---A- . (.Duuqu Group.) -- C:\Users\Jean-Claude\AppData\Local\Temp\n3597\FrameFox_1909-357c9206.exe [492232] =>PUP.Duuqu
O61 - LFC: 21/05/2014 - 12:16:28 ---A- . (.Sien SA.) -- C:\Users\Jean-Claude\AppData\Local\Temp\igdhbblpcellaljokkpfhcjlagemhgjl5cea50\minibarchrome.exe [869184] =>PUP.Minibar
O61 - LFC: 21/05/2014 - 12:16:29 ---A- . (...) -- C:\Users\Jean-Claude\AppData\Local\Temp\n3597\suprasavings_2703-e3e04064.exe [1391718] =>PUP.SupraSavings
O61 - LFC: 21/05/2014 - 12:16:29 ---A- . (.SIEN.) -- C:\Users\Jean-Claude\AppData\Local\Temp\n3597\Iminent_1712-b2fcad5e.exe [2167160] =>Adware.IMBooster
[MD5.C13388A1D0EB8A495C7014805AE236EF] [WIS][21/05/2014] (.Duuqu Group - Duuqu Update Helper.) -- C:\Windows\Installer\4f4375.msi [45056] =>PUP.Duuqu
SS - | Auto 10/07/1658 0 | (dqupdate) . (...) - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe =>PUP.Duuqu
SS - | Demand 10/07/1658 0 | (dqupdatem) . (...) - C:\Program Files (x86)\Duuqu\Update\DuuquUpdate.exe =>PUP.Duuqu
[HKLM\SYSTEM\CurrentControlSet\Services\dqupdate) (dqupdate] =>PUP.Duuqu^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] =>PUP.Duuqu^
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster
[HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F-46F8-9130-01B2696B36CB} =>Adware.IMBooster
C:\Users\Jean-Claude\AppData\Local\Duuqu =>PUP.Duuqu^
C:\Windows\Tasks\DuuquUpdateTaskMachineCore.job =>PUP.Duuqu^
C:\Windows\System32\Tasks\DuuquUpdateTaskMachineCore =>PUP.Duuqu^
C:\Windows\Tasks\DuuquUpdateTaskMachineUA.job =>PUP.Duuqu^
C:\Windows\System32\Tasks\DuuquUpdateTaskMachineUA =>PUP.Duuqu^
[HKCU\Software\AppDataLow\Software\suprasavings] =>PUP.SupraSavings^
[HKCU\Software\Duuqu] =>PUP.Duuqu^
[HKLM\Software\Wow6432Node\Duuqu] =>PUP.Duuqu^
[HKLM\Software\suprasavings] =>PUP.SupraSavings^
C:\Windows\Installer\4f4375.msi =>PUP.Duuqu^
EmptyPrefetch
FirewallRaz
PROXYFix
EmptyTemp
EmptyFlash
EmptyClsid
SysRestore