Format du document : text/plain
Prévisualisation
Script ZHPFix
EmptyClsid
Ifeofix
Proxyfix
FirewallRaz
ShortcutFix
emptytemp
emptyflash
Lignes indésirables :
G2 - GCE: Preference [User Data\Default] [hhepndnhfbdjmegechokkbabcphcihdi] Vgrabber1 v.10.20.101.5, (Désactivé) =>PUP.vGrabber
O4 - GS\Desktop [user]: SpyHunter.lnk . (...) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (.not file.) =>Crapware.SpyHunter
O4 - HKLM\..\Wow6432Node\Run: [BlockAndSurf] C:\Program Files (x86)\di9BlockAndSurf\BlockAndSurf.exe (.not file.) =>PUP.BlockAndSurf
[MD5.00000000000000000000000000000000] [APT] [Optimizer Pro Schedule] (...) -- C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) [0] =>PUP.OptimizerPro
[MD5.00000000000000000000000000000000] [APT] [RegistryDr_Popup] (...) -- C:\Program Files (x86)\Registry Dr\Splash.exe (.not file.) [0] =>Adware.RegistryDr
[MD5.00000000000000000000000000000000] [APT] [RegistryDr_Start] (...) -- C:\Program Files (x86)\Registry Dr\RegistryDr.exe (.not file.) [0] =>Adware.RegistryDr
[HKCU\Software\DM] => Infection PUP (PUP.BearShare)
[HKCU\Software\RegistryDrLanguage] =>Adware.RegistryDr
O43 - CFD: 7/23/2014 - 12:28:45 AM - [] ----D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\RegistryDr_RASAPI32 =>Adware.RegistryDr
HKLM\SOFTWARE\Microsoft\Tracing\RegistryDr_RASMANCS =>Adware.RegistryDr
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32 =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS =>Adware.Incredibar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASAPI32 =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASMANCS =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_fr_Setup_RASAPI32 =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_fr_Setup_RASMANCS =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledge_RASMANCS =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iMesh_RASAPI32 =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iMesh_RASMANCS =>PUP.iMesh
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz6_RASAPI32 =>PUP.Duuqu
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz6_RASMANCS =>PUP.Duuqu
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASAPI32 =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\VisualBeeSilent_RASMANCS =>Adware.VisualBeeToolbar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1020_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-1020_RASMANCS =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-16A4_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-16A4_RASMANCS =>Adware.Yontoo
[HKCR\CLSID\{520300C7-E0D3-9BF3-52CA-563316A98167}] (SaveClicker) =>PUP.SaveClicker
[HKLM\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi] =>PUP.vGrabber^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule] =>PUP.OptimizerPro^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup] =>Adware.RegistryDr^
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start] =>Adware.RegistryDr^
[HKCU\Software\DM] =>PUP.BearShare
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate] =>PUP.DealPly
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BlockAndSurf =>PUP.BlockAndSurf^
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi =>PUP.vGrabber^
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
[HKCU\Software\RegistryDrLanguage] =>Adware.RegistryDr^
[HKCR\CLSID\{520300C7-E0D3-9BF3-52CA-563316A98167}] (SaveClicker) =>PUP.SaveClicker^
C:\Users\user\Desktop\SpyHunter.lnk =>Crapware.SpyHunter
G2 - GCE: Preference [User Data\Default] [cgiaikfpllchefojlnehlmpekeogihnm] WiseConvert v.10.31.4.510, (Désactivé) =>Toolbar.Conduit
G2 - GCE: Preference [User Data\Default] [hbmjobkngigjffiogjphfkogpaplbpom] WiseConvert G1 v.10.20.101.5, (Désactivé) =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_RASMANCS =>Toolbar.Conduit
[HKLM\Software\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm] =>Toolbar.Conduit^
[HKLM\Software\Google\Chrome\Extensions\hbmjobkngigjffiogjphfkogpaplbpom] =>Toolbar.Conduit^
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm] =>Toolbar.Conduit
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm =>Toolbar.Conduit^
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmjobkngigjffiogjphfkogpaplbpom =>Toolbar.Conduit^
G2 - GCE: Preference [User Data\Default] [hcpnlbbdnfopkdkfiopdiodlbcnjagfg] Radio Masha 2.1 v.10.20.101.5, (Désactivé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
Lignes superflues ou inutiles :
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-562543321-3793572102-2743502246-1000Core [902] => Facebook Update Task User
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-562543321-3793572102-2743502246-1000UA [924] => Facebook Update Task User
[HKCU\Software\IncrediMail] => Messaging.Incredimail
[HKLM\Software\Wow6432Node\IncrediMail] => Messaging.Incredimail
O43 - CFD: 12/14/2012 - 4:03:42 PM - [] ----D C:\ProgramData\boost_interprocess => boost.org
Lignes d'optimisation du démarrage :
OPT:O4 - HKCU\..\Run: [ISUSPM] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
OPT:O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
OPT:O4 - HKUS\S-1-5-21-562543321-3793572102-2743502246-1000\..\Run: [ISUSPM] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
OPT:SR - | Auto 8/30/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe