Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script ZHPFix
Lignes indésirables :
G2 - GCE: Preference [User Data\Default] [DUMMYimkiojpjcoiiipekfjaopchhjga] Simple New Tab v.1.0.0 (Désactivé) => PUP.SimpleNewTab
M2 - MFEP: RegExtension {437cc291-6bf0-4b1c-982c-9a49b610b9e2} . (...) -- C:\Program Files (x86)\LyricsContainer\131.xpi (.not file.) =>Adware.AddLyrics
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
O4 - HKLM\..\Wow6432Node\Run: [startertv_fr_10] Clé orpheline =>Adware.StarterTV
O23 - Service: Performance Optimizer (892cc6a3) . (...) - c:\progra~3\perfor~1\PerformanceOptimizerSvc.dll (.not file.) =>PUP.PerformanceOptimizer
[MD5.00000000000000000000000000000000] [APT] [{126C21E6-3369-49DE-8FD3-0709ADFA31F7}] (...) -- C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe (.not file.) [0] =>Hijacker.SaveByclick
[MD5.00000000000000000000000000000000] [APT] [{3E7D7CA9-DBD3-4098-95B0-D8B729446A6B}] (...) -- C:\Users\Steeve\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
O42 - Logiciel: RandomDealApp - (.RandomDealApp.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1 => DealsFactor
O42 - Logiciel: SaveByClick - (.SaveByClick.) [HKLM][64Bits] -- {CF9B5944-2147-40BC-A257-696514787BB2} =>Hijacker.SaveByclick
[HKCU\Software\SimpleNewTab] =>PUP.SimpleNewTab
[HKCU\Software\Snoozer] =>PUP.LuaRT
O43 - CFD: 06/08/2014 - 14:47:42 - [] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => PUP.Agent
[MD5.25A0F1AD26B3084607BC2B30D913412C] [SPRF][18/08/2014] (.Software Installer - Software Installer.) -- C:\Users\Steeve\AppData\Roaming\setup.exe [146432] => Infection Diverse (Trojan.Agent)
[MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\151b9d8.msi [343040] =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\srvBrowserProtect_RASAPI32 =>Hijacker.Eazel
HKLM\SOFTWARE\Microsoft\Tracing\srvBrowserProtect_RASMANCS =>Hijacker.Eazel
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32 =>Adware.BrowseFox
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS =>Adware.BrowseFox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32 =>PUP.BrowserSafeguard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS =>PUP.BrowserSafeguard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricepeep_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricepeep_RASMANCS =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASAPI32 =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASMANCS =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-05C4_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-05C4_RASMANCS =>Adware.Yontoo
SS - | Auto 10/07/1658 0 | (892cc6a3) . (...) - c:\progra~3\perfor~1\PerformanceOptimizerSvc.dll => PUP.PerformanceOptimizer
[HKLM\SYSTEM\CurrentControlSet\Services\892cc6a3] =>PUP.PerformanceOptimizer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF9B5944-2147-40BC-A257-696514787BB2}] =>Hijacker.SaveByclick^
[HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASMANCS] =>Adware.BrowseFox
[HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASAPI32] =>Adware.BrowseFox
[HKLM\Software\Wow6432Node\Phyxion.net\OpenCandy] =>Adware.OpenCandy
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:startertv_fr_10 =>Adware.StarterTV^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:GM4IE =>PUP.Facemoi
C:\Users\Steeve\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {437cc291-6bf0-4b1c-982c-9a49b610b9e2} . (...) -- C:\extensions\Program Files (x86)\LyricsContainer\131.xpi (.not file.) =>Adware.AddLyrics^
[HKCU\Software\SimpleNewTab] =>PUP.SimpleNewTab^
[HKCU\Software\Snoozer] =>PUP.LuaRT^
C:\Windows\Installer\151b9d8.msi =>PUP.Babylon^
C:\Users\Steeve\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
C:\Users\Steeve\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\BabylonMngr.xpi =>PUP.SweetIM
C:\Users\Steeve\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\ToolbarInstaller.exe =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\blabbers-ff-le.xpi =>PUP.Blabbers
C:\Users\Steeve\AppData\Local\Temp\ins7993.tmp.exe_t.exe =>Spyware.AgenceExclusive
G2 - GCE: Preference [User Data\Default] [kmhkepipobnjllejbafajoemahjejdcm] iGraal v.1.6.2 (Activé) => Toolbar.iGraal*
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline => Toolbar.Google
[HKCU\Software\Condut] => Toolbar.Conduit
[HKLM\Software\Wow6432Node\mamverifier] => Toolbar.Mamverifier
O43 - CFD: 29/08/2013 - 14:20:30 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} => Toolbar.TuneUp
C:\Users\Steeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm =>Toolbar.iGraal
C:\Users\Steeve\AppData\Local\Temp\01NET.com.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\conduitinstaller.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nse8292.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsjEA7.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nso1491.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nso8689.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsoC6A4.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsqD918.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsuDF7C.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsv6EF.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsvC6C.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsvDF50.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\tb01NE.dll =>Toolbar.Conduit
Lignes superflues ou inutiles :
[MD5.F884ADE2532330098DD3076CB46D0F2E] - (.Pas de propriétaire - DFService.) -- C:\ProgramData\Promo-détective\DFService.exe [141312] [PID.2528]
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline => Orphean Key not necessary
O4 - HKUS\S-1-5-21-3557539193-1062163848-3560784203-1000\..\Run: [AdobeBridge] Clé orpheline => Orphean Key not necessary
O23 - Service: DiscountfinderService (DiscountfinderService) . (.Pas de propriétaire - DFService.) - C:\ProgramData\Promo-détective\DFService.exe
[MD5.00000000000000000000000000000000] [APT] [4801] (...) -- C:\Users\Steeve\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{4675EBE7-FEC4-4BC6-B3ED-A3103391ED18}] (...) -- C:\Program Files (x86)\Adesign\unins000.exe (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{97A253E2-C0C3-4424-B92D-B2674295E075}] (...) -- C:\Users\Steeve\Desktop\OutlookConnector.exe (.not file.) [0] => Fichier absent
[HKCU\Software\MoneyMillionnaire] => MoneyMillionnaire
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Boutique-JOA\boutique-joa.exe (.not file.) => Fichier absent
SR - | Auto 22/11/2013 141312 | (DiscountfinderService) . (...) - C:\ProgramData\Promo-détective\DFService.exe => Promo-détective%Discount Finder Service
Lignes d'optimisation du démarrage :
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
OPT:O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
OPT:SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
EmptyClsid
Ifeofix
Proxyfix
FirewallRaz
ShortcutFix
emptytemp
emptyflash
Lignes indésirables :
G2 - GCE: Preference [User Data\Default] [DUMMYimkiojpjcoiiipekfjaopchhjga] Simple New Tab v.1.0.0 (Désactivé) => PUP.SimpleNewTab
M2 - MFEP: RegExtension {437cc291-6bf0-4b1c-982c-9a49b610b9e2} . (...) -- C:\Program Files (x86)\LyricsContainer\131.xpi (.not file.) =>Adware.AddLyrics
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
O4 - HKLM\..\Wow6432Node\Run: [startertv_fr_10] Clé orpheline =>Adware.StarterTV
O23 - Service: Performance Optimizer (892cc6a3) . (...) - c:\progra~3\perfor~1\PerformanceOptimizerSvc.dll (.not file.) =>PUP.PerformanceOptimizer
[MD5.00000000000000000000000000000000] [APT] [{126C21E6-3369-49DE-8FD3-0709ADFA31F7}] (...) -- C:\ProgramData\BetterSoft\SaveByClick\SaveByClick.exe (.not file.) [0] =>Hijacker.SaveByclick
[MD5.00000000000000000000000000000000] [APT] [{3E7D7CA9-DBD3-4098-95B0-D8B729446A6B}] (...) -- C:\Users\Steeve\AppData\Roaming\webssearches\UninstallManager.exe (.not file.) [0] =>Hijacker.WebsSearches
O42 - Logiciel: RandomDealApp - (.RandomDealApp.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1 => DealsFactor
O42 - Logiciel: SaveByClick - (.SaveByClick.) [HKLM][64Bits] -- {CF9B5944-2147-40BC-A257-696514787BB2} =>Hijacker.SaveByclick
[HKCU\Software\SimpleNewTab] =>PUP.SimpleNewTab
[HKCU\Software\Snoozer] =>PUP.LuaRT
O43 - CFD: 06/08/2014 - 14:47:42 - [] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => PUP.Agent
[MD5.25A0F1AD26B3084607BC2B30D913412C] [SPRF][18/08/2014] (.Software Installer - Software Installer.) -- C:\Users\Steeve\AppData\Roaming\setup.exe [146432] => Infection Diverse (Trojan.Agent)
[MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\151b9d8.msi [343040] =>PUP.Babylon
HKLM\SOFTWARE\Microsoft\Tracing\srvBrowserProtect_RASAPI32 =>Hijacker.Eazel
HKLM\SOFTWARE\Microsoft\Tracing\srvBrowserProtect_RASMANCS =>Hijacker.Eazel
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASAPI32 =>Adware.BrowseFox
HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseFox_RASMANCS =>Adware.BrowseFox
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32 =>PUP.BrowserSafeguard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS =>PUP.BrowserSafeguard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\LollipopInstaller_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricepeep_RASAPI32 =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pricepeep_RASMANCS =>Adware.PricePeep
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASAPI32 =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SecondOffer1_RASMANCS =>PUP.Linkular
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-05C4_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\yontoo-C4-05C4_RASMANCS =>Adware.Yontoo
SS - | Auto 10/07/1658 0 | (892cc6a3) . (...) - c:\progra~3\perfor~1\PerformanceOptimizerSvc.dll => PUP.PerformanceOptimizer
[HKLM\SYSTEM\CurrentControlSet\Services\892cc6a3] =>PUP.PerformanceOptimizer^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF9B5944-2147-40BC-A257-696514787BB2}] =>Hijacker.SaveByclick^
[HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASMANCS] =>Adware.BrowseFox
[HKLM\Software\Microsoft\Tracing\updateBrowseFox_RASAPI32] =>Adware.BrowseFox
[HKLM\Software\Wow6432Node\Phyxion.net\OpenCandy] =>Adware.OpenCandy
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:startertv_fr_10 =>Adware.StarterTV^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:GM4IE =>PUP.Facemoi
C:\Users\Steeve\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {437cc291-6bf0-4b1c-982c-9a49b610b9e2} . (...) -- C:\extensions\Program Files (x86)\LyricsContainer\131.xpi (.not file.) =>Adware.AddLyrics^
[HKCU\Software\SimpleNewTab] =>PUP.SimpleNewTab^
[HKCU\Software\Snoozer] =>PUP.LuaRT^
C:\Windows\Installer\151b9d8.msi =>PUP.Babylon^
C:\Users\Steeve\AppData\Local\Temp\instloffer.exe =>PUP.OfferBox
C:\Users\Steeve\AppData\Local\Temp\uninst1.exe =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\BabylonMngr.xpi =>PUP.SweetIM
C:\Users\Steeve\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\ToolbarInstaller.exe =>PUP.Babylon
C:\Users\Steeve\AppData\Local\Temp\blabbers-ff-le.xpi =>PUP.Blabbers
C:\Users\Steeve\AppData\Local\Temp\ins7993.tmp.exe_t.exe =>Spyware.AgenceExclusive
G2 - GCE: Preference [User Data\Default] [kmhkepipobnjllejbafajoemahjejdcm] iGraal v.1.6.2 (Activé) => Toolbar.iGraal*
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline => Toolbar.Google
[HKCU\Software\Condut] => Toolbar.Conduit
[HKLM\Software\Wow6432Node\mamverifier] => Toolbar.Mamverifier
O43 - CFD: 29/08/2013 - 14:20:30 - [] -SH-D C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} => Toolbar.TuneUp
C:\Users\Steeve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm =>Toolbar.iGraal
C:\Users\Steeve\AppData\Local\Temp\01NET.com.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\conduitinstaller.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\dlLogic.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nse8292.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsjEA7.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nso1491.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nso8689.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsoC6A4.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsqD918.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsuDF7C.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsv6EF.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsvC6C.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\nsvDF50.exe =>Toolbar.Conduit
C:\Users\Steeve\AppData\Local\Temp\tb01NE.dll =>Toolbar.Conduit
Lignes superflues ou inutiles :
[MD5.F884ADE2532330098DD3076CB46D0F2E] - (.Pas de propriétaire - DFService.) -- C:\ProgramData\Promo-détective\DFService.exe [141312] [PID.2528]
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline => Orphean Key not necessary
O4 - HKUS\S-1-5-21-3557539193-1062163848-3560784203-1000\..\Run: [AdobeBridge] Clé orpheline => Orphean Key not necessary
O23 - Service: DiscountfinderService (DiscountfinderService) . (.Pas de propriétaire - DFService.) - C:\ProgramData\Promo-détective\DFService.exe
[MD5.00000000000000000000000000000000] [APT] [4801] (...) -- C:\Users\Steeve\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{4675EBE7-FEC4-4BC6-B3ED-A3103391ED18}] (...) -- C:\Program Files (x86)\Adesign\unins000.exe (.not file.) [0] => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{97A253E2-C0C3-4424-B92D-B2674295E075}] (...) -- C:\Users\Steeve\Desktop\OutlookConnector.exe (.not file.) [0] => Fichier absent
[HKCU\Software\MoneyMillionnaire] => MoneyMillionnaire
O68 - StartMenuInternet:
SR - | Auto 22/11/2013 141312 | (DiscountfinderService) . (...) - C:\ProgramData\Promo-détective\DFService.exe => Promo-détective%Discount Finder Service
Lignes d'optimisation du démarrage :
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
OPT:O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
OPT:SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
EmptyClsid
Ifeofix
Proxyfix
FirewallRaz
ShortcutFix
emptytemp
emptyflash