Format du document : text/plain
Prévisualisation
Script ZHPFix
Lignes indésirables :
[MD5.00000000000000000000000000000000] [APT] [{D4BE60B0-54C0-461D-AE4E-62CDA2423B27}] (...) -- E:\install\Install.exe (.not file.) [327296] (.Activate.) => Infection USB (Trojan.USB)
P2 - EXT: (...) -- C:\Users\Roselyne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} =>PUP.Optional.Wajam
O4 - GS\CommonDesktop [Public]: QuickTime Player.lnk . (...) C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe => Riskware.QuickTime
O4 - GS\ProgramsCommon [Public]: OfferBox Browser.lnk . (...) C:\Program Files (x86)\OfferBox\OfferBoxLauncher.exe -open: =>PUP.Optional.OfferBox
O42 - Logiciel: Internet Updater - (.Parallel Lines Development, LLC.) [HKLM][64Bits] -- InternetUpdater => PUP.InternetUpdater
O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} =>Riskware.QuickTime
HKLM\SOFTWARE\Wow6432Node\IACSearchAndMedia => PUP.IACSearchAndMedia
HKCU\SOFTWARE\IM =>Adware.InstallCore
O43 - CFD: 16/02/2017 - [] HDC -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318} => Adware.Bandoo
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Roselyne\AppData\Local\Beamrise\Application\beamrise.exe http://aartemis.com/ => Hijacker.Beamrise
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Users\Roselyne\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>PUP.Optional.Beamrise
O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Users\Roselyne\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>PUP.Optional.Beamrise
O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Users\Roselyne\AppData\Local\Beamrise\Application\beamrise.exe (.not file.) =>PUP.Optional.Beamrise
O69 - SBI: prefs.js [Roselyne - 2ge1oi0t.default] user_pref("om.pingUrl", "http://api.offermosquito.com/ping.php?ch=35"); =>PUP.Optional.OfferMosquito
[MD5.] [WIS][2012/07/17 10:19:20] (.Boxore OU. - Windows Installer XML (3.5.2519.0).) -- C:\Windows\Installer\273441.msi [327296] =>PUP.Optional.Boxore
[MD5.] [WIS][2010/12/12 12:53:46] (.Secure Digital Services - InstallShield® 2010 - Professional Edition.) -- C:\Windows\Installer\486c93.msi [327296] =>PUP.Optional.SPointer
[MD5.] [WIS][2012/04/12 20:09:59] (.Kreapixel - Windows Installer.) -- C:\Windows\Installer\989866.msi [327296] =>PUP.Optional.SocialSkinz
[MD5.] [WIS][2016/11/09 23:23:42] (.APN, LLC - Ask.com ® - Install Builder.) -- C:\Windows\Installer\a0c8c.msi [327296] =>PUP.Optional.Bandoo
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.Optional.MyPCBackup
C:\Users\Roselyne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} =>PUP.Optional.Wajam
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} =>Riskware.QuickTime
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} =>Riskware.QuickTime
C:\Windows\Installer\273441.msi =>PUP.Optional.Boxore
C:\Windows\Installer\486c93.msi =>PUP.Optional.SPointer
C:\Windows\Installer\989866.msi =>PUP.Optional.SocialSkinz
C:\Windows\Installer\a0c8c.msi =>PUP.Optional.Bandoo
HKLM64\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.Optional.MyPCBackup
O39 - APT: Unknown - (...) -- C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job [327296]
O39 - APT: Unknown - (...) -- C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [327296]
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv [327296]
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv [327296]
O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (.Orphan.)
O42 - Logiciel: MixiDJ chrome Toolbar - (.MixiDJ.) [HKLM][64Bits] -- MixiDJ chrome Toolbar
HKCU\SOFTWARE\Mixi.DJ
Lignes superflues ou inutiles :
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [327296]
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\{3B0FF6C3-B895-4542-9495-E96F4947E60A} [327296]
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\{6B60E930-4464-457A-A40D-3BFFCA0CC086} [327296]
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\{754A1BFE-AC6D-4AB8-8E28-BDD10C597C0B} [327296]
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\{934A5839-07D0-4525-A094-E328DCB8C4A9} [327296]
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\{ED6C2E34-EDC4-4E4F-A624-B4A2DA57C4BC} [327296]
[MD5.00000000000000000000000000000000] [APT] [{379D4F46-03F2-40DF-A976-79B6EE661A7E}] (...) -- C:\Users\Roselyne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZD74W8ZQ\Install_Phonetik_V2.exe (.not file.) [327296] (.Activate.) => Fichier absent
O39 - APT: {379D4F46-03F2-40DF-A976-79B6EE661A7E} - (...) -- C:\Windows\System32\Tasks\{379D4F46-03F2-40DF-A976-79B6EE661A7E} [327296] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: {3A44A60F-74CB-430A-8F24-AD092921B434} - (...) -- C:\Windows\System32\Tasks\{3A44A60F-74CB-430A-8F24-AD092921B434} [327296] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: {D4BE60B0-54C0-461D-AE4E-62CDA2423B27} - (...) -- C:\Windows\System32\Tasks\{D4BE60B0-54C0-461D-AE4E-62CDA2423B27} [327296] (.Orphan.) =>.Superfluous.Orphan
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe (.not file.) => Fichier absent
C:\Users\Roselyne\AppData\Roaming\Mozilla\Firefox\Profiles\2ge1oi0t.default\imeshtoolbar2 =>.Superfluous.iMesh
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (...) -- (.not file.) => Fichier absent
O87 - FAEL: "TCP Query User{53B2CBBA-4B09-475F-8221-58398D4124D6}E:\fscommand\updater.exe" [In-None-P6-TRUE] .(...) -- E:\fscommand\updater.exe (.not file.) => Fichier absent
O87 - FAEL: "UDP Query User{5E06E2D5-45CB-4DA3-B670-B833CF2766C7}E:\fscommand\updater.exe" [In-None-P17-TRUE] .(...) -- E:\fscommand\updater.exe (.not file.) => Fichier absent
O87 - FAEL: "{D35851ED-93C1-4BE9-BC8E-F03ADE795F0C}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (.not file.) => Fichier absent
O87 - FAEL: "{16F2C6A3-13D5-4D92-AC92-05491C70A8AA}" [In-None-P17-TRUE] .(...) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (.not file.) => Fichier absent
[MD5.] [WIS][2014/09/30 21:09:40] (.SlimWare Utilities, Inc. - Windows Installer XML (3.7.1224.0).) -- C:\Windows\Installer\1beae.msi [327296] =>.Superfluous.SlimWareUtilities
[MD5.] [WIS][2012/10/16 15:14:59] (.iMesh Inc. - InstallAware.) -- C:\Windows\Installer\4c4405.msi [327296] =>.Superfluous.iMesh
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} =>.Superfluous.Orphan
C:\Windows\Installer\1beae.msi =>.Superfluous.SlimWareUtilities
C:\Windows\Installer\4c4405.msi =>.Superfluous.iMesh
O4 - HKCU\..\Run: [Hoolapp Android] C:\Users\Roselyne\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.) => %Hoolapp Android
O4 - HKLM\..\Wow6432Node\Run: [MMTray] . (.MUSICMATCH, Inc. - mm_tray.) -- C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKUS\S-1-5-21-1549931698-3258750144-2854931323-1001\..\Run: [Hoolapp Android] C:\Users\Roselyne\AppData\Roaming\HOOLAP~1\Hoolapp.exe (.not file.)
O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) [327296]
O43 - CFD: 16/02/2013 - [] D -- C:\Users\Roselyne\AppData\Roaming\Ad-Aware Antivirus =>.Lavasoft
O43 - CFD: 23/11/2013 - [] D -- C:\Users\Roselyne\AppData\Roaming\AVAST Software =>.AVAST Software
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (...) -- (.not file.)
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
O43 - CFD: 28/10/2010 - [] D -- C:\Program Files\Alwil Software =>.AVAST Software a.s.®
O43 - CFD: 23/11/2013 - [] D -- C:\ProgramData\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\mcafeeupdater =>.McAfee Inc.
HKCU\SOFTWARE\MCAFEE =>.McAfee Inc.
O43 - CFD: 05/08/2011 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 09/08/2011 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Roaming\McAfee =>.McAfee
HKLM\SOFTWARE\Wow6432Node\Symantec =>.Symantec
HKCU\SOFTWARE\Norton =>.Symantec Corporation
O43 - CFD: 02/11/2014 - [] D -- C:\ProgramData\Norton =>.Symantec Corporation
O43 - CFD: 02/11/2011 - [] D -- C:\ProgramData\NortonInstaller =>.Symantec
O43 - CFD: 17/10/2011 - [] D -- C:\ProgramData\Symantec =>.Symantec
O43 - CFD: 22/09/2013 - [0] D -- C:\Program Files (x86)\Common Files\Symantec Shared =>.Symantec Corporation
HKLM\SOFTWARE\Wow6432Node\SECURITOO =>.Orange SA
Lignes d'optimisation du démarrage :
EmptyClsid
Proxyfix
FirewallRaz
ShortcutFix
emptytemp
emptyflash