Format du document : text/plain
Prévisualisation
Script ZHPFix
C:\Program Files (x86)\Enigma Software Group =>PUP.EnigmaSoftware^
C:\ProgramData\Microsoft Toolkit =>Trojan.AutoKMS^
C:\Users\ahmed\AppData\Local\Installer =>Adware.InstallPedia
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application^
[HKCU\Software\Linkey] =>PUP.LinkeySearch^
[HKLM\Software\Wow6432Node\EnigmaSoftwareGroup] =>PUP.EnigmaSoftware^
C:\Users\ahmed\Desktop\VidPlayaSetup_v2.exe =>PUP.VidPlaya^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified =>Hijacker.Application
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [__MSG_appName__]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [__MSG_appName__]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [__MSG_appName__]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [__MSG_appName__]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [__MSG_appName__]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [__MSG_appName__]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm [IDM Integration]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [Chrome Hotword Shared Module]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [Skype Click to Call]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [__MSG_APP_NAME__]
G2 - EXT: C:\Users\ahmed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [__MSG_appName__]
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (11.00.9600.17496 (winblue_r5.141121-1500)) -- C:\Windows\SysWOW64\ieframe.dll
O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Microsoft Corporation - Skype Click to Call IE Add-on.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKCU\..\Run: [SplitCam] C:\Program Files (x86)\SplitCam\SplitCam.exe (.not file.)
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKLM\..\Wow6432Node\Run: [Raptr] . (.Raptr, Inc - Raptr Desktop App.) -- C:\Program Files (x86)\Raptr\raptrstub.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.PowerISO Computing, Inc. - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [EaseUS EPM Tray Agent] . (...) -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\TrayTipAgentE.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BavTray.exe
O4 - HKUS\S-1-5-21-144458510-1271467923-3913286148-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-144458510-1271467923-3913286148-1001\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKUS\S-1-5-21-144458510-1271467923-3913286148-1001\..\Run: [SplitCam] C:\Program Files (x86)\SplitCam\SplitCam.exe (.not file.)
O4 - HKUS\S-1-5-21-144458510-1271467923-3913286148-1001\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-144458510-1271467923-3913286148-1001\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKUS\S-1-5-21-144458510-1271467923-3913286148-1001\..\Run: [Adguard] . (.Performix LLC - Adguard for Windows.) -- C:\Program Files (x86)\Adguard\Adguard.exe
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{061D10B0-08C1-4466-B74B-4686E896A7F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{061D10B0-08C1-4466-B74B-4686E896A7F9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) . (...) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (.not file.)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) . (...) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (.not file.)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) . (...) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (.not file.)
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-144458510-1271467923-3913286148-1001UA1d03fff664d5b9] (.Google Inc..) -- C:\Users\ahmed\AppData\Local\Google\Update\GoogleUpdate.exe [116648]
[MD5.00000000000000000000000000000000] [APT] [Installer_shopperproDA] (...) -- C:\Users\ahmed\AppData\Local\Installer\InstallshopperproDA_12676\DC1PlJATVNQ51.exe (.not file.) [0] =>PUP.ShopperPro
[MD5.00000000000000000000000000000000] [APT] [UNELEVATE_198] (...) -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1388\jsdrv.exe (.not file.) [0] =>PUP.ShopperPro
[MD5.00000000000000000000000000000000] [APT] [{8ED79A4D-CA2B-442C-8C5D-78E454AA018D}] (...) -- F:\New folder\DW1901_W7_A00_Setup-1NNRY_ZPE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F3612F18-8154-438E-904B-6D5141CAB276}] (...) -- F:\New folder\DW1703_W7_A00_Setup-TWCTX_ZPE.exe (.not file.) [0]
[HKCU\Software\Baidu Security]
[HKCU\Software\Linkey] =>PUP.LinkeySearch
[HKLM\Software\ESET]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\EnigmaSoftwareGroup] =>PUP.EnigmaSoftware
O43 - CFD: 29-Dec-14 - 2:04:40 PM - [] ----D C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804
O43 - CFD: 16-Dec-14 - 4:00:45 AM - [] ----D C:\Program Files (x86)\Enigma Software Group =>PUP.EnigmaSoftware
O43 - CFD: 06-Apr-15 - 1:20:08 AM - [] ----D C:\ProgramData\Baidu
O43 - CFD: 29-Dec-14 - 2:04:49 PM - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 29-Oct-14 - 1:09:30 AM - [] ----D C:\ProgramData\Microsoft Toolkit =>Trojan.AutoKMS
O43 - CFD: 05-Apr-15 - 2:11:32 AM - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
O43 - CFD: 07-Mar-15 - 1:41:25 AM - [] ----D C:\Users\ahmed\AppData\Local\ESET
O45 - LFCP:[MD5.45557CC311963889BCDB6FBF2FA1038D] - 09-Dec-14 - 1:51:03 AM ---A- - C:\Windows\Prefetch\SNIPSMART.BOAS.EXE-04FDE64B.pf =>PUP.SnipSmart
O45 - LFCP:[MD5.5B108C3AF92D4A87B8AF7DB17F50B3BF] - 09-Dec-14 - 1:51:03 AM ---A- - C:\Windows\Prefetch\SNIPSMART.BOASPRT.EXE-8A675921.pf =>PUP.SnipSmart
O45 - LFCP:[MD5.288D592584CC6B9A312F6F3725B4F72B] - 22-Jan-15 - 12:33:25 AM ---A- - C:\Windows\Prefetch\SNIPSMART.PURBROWSE64.EXE-FE40B4D1.pf =>PUP.SnipSmart
O45 - LFCP:[MD5.A517B6156DC9D2848C544C56214B4AFD] - 05-Apr-15 - 2:10:24 AM ---A- - C:\Windows\Prefetch\WPC_MYSTARTSEARCH.EXE-43CE90A0.pf =>PUP.StartSearch
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.)
O51 - MPSK:{88d1f17b-5c0e-11e4-8250-806e6f6e6963}\AutoRun\command. (...) -- F:\setup.exe (.not file.)
O61 - LFC: 03-Apr-15 - 3:30:56 AM ---A- . (.Web Solution Mart.) -- C:\Users\ahmed\AppData\Local\Temp\FHB3F1.tmp.exe [8093776]
O61 - LFC: 03-Apr-15 - 3:30:56 AM ---A- . (.Web Solution Mart.) -- C:\Users\ahmed\AppData\Local\Temp\FHE4A9.tmp.exe [8093776]
O61 - LFC: 04-Apr-15 - 3:30:56 AM ---A- . (.Microsoft Corporation.) -- C:\Users\ahmed\AppData\Local\Temp\is-2OTGK.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 04-Apr-15 - 3:30:56 AM ---A- . (.Microsoft Corporation.) -- C:\Users\ahmed\AppData\Local\Temp\is-TMUE9.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 04-Apr-15 - 3:30:56 AM ---A- . (.OperaChecker.) -- C:\Users\ahmed\AppData\Local\Temp\81428112019\SUxATVNQ10700.exe [50225]
O61 - LFC: 04-Apr-15 - 3:30:56 AM ---A- . (.OperaChecker.) -- C:\Users\ahmed\AppData\Local\Temp\81428112031\SUxATVNQ10700.exe [50225]
O61 - LFC: 04-Apr-15 - 3:30:56 AM ---A- . (.OperaChecker.) -- C:\Users\ahmed\AppData\Local\Temp\81428112050\SUxATVNQ10700.exe [50225]
O61 - LFC: 04-Apr-15 - 3:30:56 AM ---A- . (.davehope.co.uk.) -- C:\Users\ahmed\AppData\Local\Temp\814281120190\Setup_product_12726.exe [1729111]
O61 - LFC: 04-Apr-15 - 3:30:56 AM ---A- . (.davehope.co.uk.) -- C:\Users\ahmed\AppData\Local\Temp\814281120500\Setup_product_12726.exe [1729111]
O61 - LFC: 05-Apr-15 - 3:30:56 AM ---A- . (.Insoft LLC.) -- C:\Users\ahmed\AppData\Local\Temp\adguard\setup.exe [12573088]
C:\Users\ahmed\Downloads\Compressed\AV Voice Changer Software Diamond 6.0.34\ViRiLiTY\Keygen.exe =>.Crack,Keygen
C:\Users\ahmed\Downloads\Compressed\PdfGrabber.Pro.v7.0.0.8\Cracked\PdfGrabber.exe =>.Crack,Keygen
C:\Users\ahmed\Downloads\Compressed\Win 8 active\Keygen_v22.rar =>.Crack,Keygen
C:\Users\ahmed\Downloads\Compressed\AV Voice Changer Software Diamond 6.0.34\ViRiLiTY\Keygen.exe =>.Crack,Keygen
C:\Users\ahmed\Downloads\Compressed\PdfGrabber.Pro.v7.0.0.8\Cracked\PdfGrabber.exe =>.Crack,Keygen
C:\Users\ahmed\Downloads\Compressed\Win 8 active\Keygen_v22.rar =>.Crack,Keygen
[MD5.0D5F3E3FF517F1DF693CA90659287DC9] [SPRF][29-Dec-14] (.Playswell, Inc. - VidPlaya Setup.) -- C:\Users\ahmed\Desktop\VidPlayaSetup_v2.exe [32845784] =>PUP.VidPlaya
SS - | Demand 08-Jan-15 264736 | (BdSandboxSrv) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BdSandboxSrv64.exe
SR - | Auto 14-Jan-15 2309304 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BAVSvc.exe
SR - | Auto 14-Jan-15 427856 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804\Baidu Antivirus\BHipsSvc.exe
FirewallRaz
EmptyTemp
EmptyFlash
Proxyfix
Sysrestore