Publicité
Publicité
Format du document : text/plain
Prévisualisation
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
O69 - SBI: prefs.js [YaSs - b4kfvpni.default] user_pref("extensions.enabledAddons", "deskCutv2%40gmail.com:0.1.13,%7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.9.7,%7B972ce4c6-7[...] =>PUP.Optional.DeskCut
O4 - HKCU\..\Run: [C] C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\WINDOWS\system32\GroupPolicy\Machine\R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe (.not file.)
O4 - HKUS\S-1-5-21-2973495360-1647675497-93279711-1001\..\Run: [C] C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\WINDOWS\system32\GroupPolicy\Machine\R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe (.not file.)
O17 - HKLM\System\CCS\Services\Tcpip\..\{81a1fc6e-7310-46b9-a7e5-e05597dc6a5c}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = domain.name
O87 - FAEL: "{59004FE0-736D-4431-B191-1C5A90EF2392}" [Out-None-P6-TRUE] .(...) -- C:\Program Files\GSA Proxy Scraper\Proxy_Scraper.exe (.not file.)
O87 - FAEL: "{B7374FC6-491B-4C11-993E-D496448722E5}" [In-None-P17-TRUE] .(...) -- C:\Program Files\GSA Proxy Scraper\Proxy_Scraper.exe (.not file.)
O87 - FAEL: "{275BCD91-DD8F-4442-B53D-826FC81CE14D}" [In-None-P6-TRUE] .(...) -- C:\Program Files\GSA Proxy Scraper\Proxy_Scraper.exe (.not file.)
O87 - FAEL: "UDP Query User{92B08C31-1F2B-464A-90B2-D900BBA2DD0E}C:\program files\multiproxy\mproxy.exe" [In-None-P17-TRUE] .(...) -- C:\program files\multiproxy\mproxy.exe (.not file.)
O87 - FAEL: "TCP Query User{3B1914D7-C579-4D26-9C16-A05BE7197452}C:\program files\multiproxy\mproxy.exe" [In-None-P6-TRUE] .(...) -- C:\program files\multiproxy\mproxy.exe (.not file.)
O87 - FAEL: "UDP Query User{7EC4ABF4-80DC-447C-959C-7DE8CB4EB848}C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe" [In-None-P17-TRUE] .(...) -- C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe (.not file.)
O87 - FAEL: "TCP Query User{4C12D626-492E-4111-96EA-CE77F02B61C3}C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe" [In-None-P6-TRUE] .(...) -- C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe (.not file.)
O87 - FAEL: "{BABA4AEA-403B-419E-83B5-F71BD837736A}" [Out-None-P6-TRUE] .(...) -- C:\Program Files\Artisteer 4\bin\Artisteer.exe (.not file.)
O87 - FAEL: "{819111B1-E4F0-45E4-BCE3-097D8CF96A71}" [Out-None-P6-TRUE] .(...) -- C:\Program Files\Phase Five Systems\Jump Desktop Connect\4.9.8.0\JumpConnect.exe (.not file.)
O87 - FAEL: "{2E141DE1-6719-4DAF-8E48-C90ECCFBAA47}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Phase Five Systems\Jump Desktop Connect\4.9.8.0\JumpConnect.exe (.not file.)
G0 - GCSP: Preferences [User Data\Default][HomePage] http://b2.ijquery11.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://hnwl2nmrbjfqjwe.ru
G0 - GCSP: Preferences [User Data\Default][HomePage] http://latest-423154.aptexof.ru
G0 - GCSP: Preferences [User Data\Default][HomePage] http://puklisi.ru
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ui.ff.avast.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.google-analytics.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://uib.ff.avast.com
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 0
O69 - SBI: prefs.js [YaSs - b4kfvpni.default] user_pref("extensions.enabledAddons", "deskCutv2%40gmail.com:0.1.13,%7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.9.7,%7B972ce4c6-7[...] =>PUP.Optional.DeskCut
O4 - HKCU\..\Run: [C] C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\WINDOWS\system32\GroupPolicy\Machine\R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe (.not file.)
O4 - HKUS\S-1-5-21-2973495360-1647675497-93279711-1001\..\Run: [C] C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\WINDOWS\system32\GroupPolicy\Machine\R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\WINDOWS\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe (.not file.)
O17 - HKLM\System\CCS\Services\Tcpip\..\{81a1fc6e-7310-46b9-a7e5-e05597dc6a5c}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = domain.name
O87 - FAEL: "{59004FE0-736D-4431-B191-1C5A90EF2392}" [Out-None-P6-TRUE] .(...) -- C:\Program Files\GSA Proxy Scraper\Proxy_Scraper.exe (.not file.)
O87 - FAEL: "{B7374FC6-491B-4C11-993E-D496448722E5}" [In-None-P17-TRUE] .(...) -- C:\Program Files\GSA Proxy Scraper\Proxy_Scraper.exe (.not file.)
O87 - FAEL: "{275BCD91-DD8F-4442-B53D-826FC81CE14D}" [In-None-P6-TRUE] .(...) -- C:\Program Files\GSA Proxy Scraper\Proxy_Scraper.exe (.not file.)
O87 - FAEL: "UDP Query User{92B08C31-1F2B-464A-90B2-D900BBA2DD0E}C:\program files\multiproxy\mproxy.exe" [In-None-P17-TRUE] .(...) -- C:\program files\multiproxy\mproxy.exe (.not file.)
O87 - FAEL: "TCP Query User{3B1914D7-C579-4D26-9C16-A05BE7197452}C:\program files\multiproxy\mproxy.exe" [In-None-P6-TRUE] .(...) -- C:\program files\multiproxy\mproxy.exe (.not file.)
O87 - FAEL: "UDP Query User{7EC4ABF4-80DC-447C-959C-7DE8CB4EB848}C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe" [In-None-P17-TRUE] .(...) -- C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe (.not file.)
O87 - FAEL: "TCP Query User{4C12D626-492E-4111-96EA-CE77F02B61C3}C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe" [In-None-P6-TRUE] .(...) -- C:\users\yass\desktop\embratoriag2_v2.1_stable\embratoriag2_v2.1_stable\es.exe (.not file.)
O87 - FAEL: "{BABA4AEA-403B-419E-83B5-F71BD837736A}" [Out-None-P6-TRUE] .(...) -- C:\Program Files\Artisteer 4\bin\Artisteer.exe (.not file.)
O87 - FAEL: "{819111B1-E4F0-45E4-BCE3-097D8CF96A71}" [Out-None-P6-TRUE] .(...) -- C:\Program Files\Phase Five Systems\Jump Desktop Connect\4.9.8.0\JumpConnect.exe (.not file.)
O87 - FAEL: "{2E141DE1-6719-4DAF-8E48-C90ECCFBAA47}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Phase Five Systems\Jump Desktop Connect\4.9.8.0\JumpConnect.exe (.not file.)
G0 - GCSP: Preferences [User Data\Default][HomePage] http://b2.ijquery11.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://hnwl2nmrbjfqjwe.ru
G0 - GCSP: Preferences [User Data\Default][HomePage] http://latest-423154.aptexof.ru
G0 - GCSP: Preferences [User Data\Default][HomePage] http://puklisi.ru
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ui.ff.avast.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.google-analytics.com
G0 - GCSP: Preferences [User Data\Default][HomePage] http://uib.ff.avast.com