cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp


O3 - Toolbar: Movies Toolbar (Dist. by Bandoo Media, Inc.) - [HKLM]{2977d8cc-8902-4340-be88-2c676bf96b8d} . (...) -- (.not file.) =>PUP.Optional.MoviesToolbar
HKLM\SOFTWARE\Wow6432Node\Datamngr =>PUP.Optional.Datamngr
HKLM\SOFTWARE\Wow6432Node\SweetIM =>PUP.Optional.SweetIM
HKLM\SOFTWARE\Wow6432Node\Vittalia =>PUP.Optional.Vittalia
O43 - CFD: 02/03/2014 - [0] D -- C:\Users\Bouchra\AppData\Local\genienext =>PUP.Optional.NextLive
O43 - CFD: 27/02/2016 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\LavasoftTcpService =>PUP.Optional.LavasoftWebCompanion
[MD5.] [WIS][2013/12/29 22:54:57] (.SweetIM Technologies Ltd. - InstallShield® 2008 - Professional Edition.) -- C:\Windows\Installer\ad3064.msi [2732544] =>PUP.Optional.SweetIM
HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32 =>PUP.Optional.PutLocker
HKLM\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS =>PUP.Optional.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32 =>PUP.Optional.SecretSauce
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASMANCS =>PUP.Optional.SecretSauce
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{2977d8cc-8902-4340-be88-2c676bf96b8d} =>PUP.Optional.MoviesToolbar
C:\Users\Bouchra\AppData\Local\genienext =>PUP.Optional.NextLive
C:\Windows\Installer\ad3064.msi =>PUP.Optional.SweetIM
HKLM64\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASAPI32 =>PUP.Optional.PutLocker
HKLM64\SOFTWARE\Microsoft\Tracing\PutLockerDownloader_RASMANCS =>PUP.Optional.PutLocker
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32 =>PUP.Optional.SecretSauce
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASMANCS =>PUP.Optional.SecretSauce
O23 - Service: ByteFence Anti-Malware Service (ByteFenceService) . (.Byte Technologies LLC - ByteFence Anti-Malware.) - C:\Program Files\ByteFence\ByteFenceService.exe =>.Superfluous.ByteFence =>.Superfluous.ByteFence
O23 - Service: ByteFence Security Real-time Protection (rtop) . (.Copyright Byte Technologies LLC. - ByteFence Real-time Protection.) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe =>.Superfluous.ByteFence =>.Superfluous.ByteFence
LLC.) - C:\Program Files\ByteFence\ByteFenceService.exe =>.Superfluous.ByteFence =>.Superfluous.ByteFence
SR - Auto [30/03/2017] [ 304456] ByteFence Security Real-time Protection (rtop) . (.Copyright Byte Technologies LLC..) - C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe =>.Superfluous.ByteFence =>.Superfluous.ByteFence
[MD5.9941706081CA1445DD8E2B441AB6BB0A] [APT] [ByteFence] (.Byte Technologies LLC.) -- C:\Program Files\ByteFence\ByteFence.exe [3534816] (.Activate.) =>.Superfluous.ByteFence
[MD5.9941706081CA1445DD8E2B441AB6BB0A] [APT] [ByteFence Scan] (.Byte Technologies LLC.) -- C:\Program Files\ByteFence\ByteFence.exe [3534816] (.Activate.) =>.Superfluous.ByteFence
[MD5.00000000000000000000000000000000] [APT] [{486742D8-8B0F-4E4D-85E9-4D1B03D791D2}] (...) -- D:\ClicknConnect.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
[MD5.00000000000000000000000000000000] [APT] [{8AE06FD7-EDE8-4294-9B2A-8F6B09FC31B4}] (...) -- E:\sp57965.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty
O39 - APT: ByteFence - (.Byte Technologies LLC.) -- C:\Windows\System32\Tasks\ByteFence [3388] =>.Superfluous.ByteFence
O39 - APT: ByteFence Scan - (.Byte Technologies LLC.) -- C:\Windows\System32\Tasks\ByteFence Scan [3484] =>.Superfluous.ByteFence
O39 - APT: {486742D8-8B0F-4E4D-85E9-4D1B03D791D2} - (...) -- C:\Windows\System32\Tasks\{486742D8-8B0F-4E4D-85E9-4D1B03D791D2} [3056] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: {8AE06FD7-EDE8-4294-9B2A-8F6B09FC31B4} - (...) -- C:\Windows\System32\Tasks\{8AE06FD7-EDE8-4294-9B2A-8F6B09FC31B4} [3044] (.Orphan.) =>.Superfluous.Orphan
O4 - HKLM\..\Run: [VEFLSQM] . (...) -- C:\Users\Bouchra\AppData\Local\Temp\VEFLSQM
O4 - HKCU\..\Run: [SysinfY2X] C/c start wscript
O4 - HKCU\..\Run: [VEFLSQM] . (...) -- C:\Users\Bouchra\AppData\Local\Temp\VEFLSQM
O4 - HKUS\S-1-5-21-4162035530-3655062904-1175661507-1000\..\Run: [SysinfY2X] C/c start wscript
O4 - HKUS\S-1-5-21-4162035530-3655062904-1175661507-1000\..\Run: [VEFLSQM] . (...) -- C:\Users\Bouchra\AppData\Local\Temp\VEFLSQM
[MD5.0AE8007FB978B50F094E7DDA9EBA6459] - (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFenceService.exe [144864] [PID.2176] =>.Superfluous.ByteFence
[MD5.A8FBDF79F7BFF18AC1E55D41EE6A5030] - (.Copyright Byte Technologies LLC. - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456] [PID.3296] =>.Superfluous.ByteFence
[MD5.A0270CE04D72C81E9D719D495604D4C9] - (.Copyright Byte Technologies LLC. - ByteFence Real-time Protection.) -- C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe [619848] [PID.3416] =>.Superfluous.ByteFence
[MD5.9941706081CA1445DD8E2B441AB6BB0A] - (.Byte Technologies LLC - ByteFence Anti-Malware.) -- C:\Program Files\ByteFence\ByteFence.exe [3534816] [PID.7848] =>.Superfluous.ByteFence
M0 - MFSP: prefs.js [Bouchra - nahd6ha2.default] http://en-maktoob.yahoo.com/ =>.Yahoo! Inc.
P2 - EXT FILE: (.\u0421\u043E\u0432\u0435\u0442\u043D\u - \u041d\u0435 \u0442\u0440\u0430\u0442\.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\sovetnik@metabar.ru.xpi
P2 - EXT FILE: (.?????????? ???????? - ?????????? ???????? – ??? ????????, ??.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\vb@yandex.ru.xpi
P2 - EXT FILE: (.????????? ???????? ??????? - ????? ?????? ?? ???? ??????????? ?????.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\yasearch@yandex.ru.xpi
P2 - EXT FILE: (.Yahoo® - Yahoo Search.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yahoo-lavasoft.xml =>.Yahoo®
P2 - EXT: (.http://www.cacaoweb.org/ - cacaoweb.) -- C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\cacaoweb@cacaoweb.org =>.Superfluous.CacaoWeb
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en-maktoob.yahoo.com/ =>.Yahoo! Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/ =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
O3 - Toolbar: Movies Toolbar (Dist. by Bandoo Media, Inc.) - [HKLM]{2977d8cc-8902-4340-be88-2c676bf96b8d} . (...) -- (.not file.) =>PUP.Optional.MoviesToolbar
HKLM\SOFTWARE\Wow6432Node\ByteFence =>.Superfluous.ByteFence
HKLM\SOFTWARE\Wow6432Node\Torch =>.Superfluous.Torch
HKCU\SOFTWARE\ByteFence =>.Superfluous.ByteFence
HKCU\SOFTWARE\cacaoweb =>.Superfluous.CacaoWeb
HKCU\SOFTWARE\Magicbit =>.Superfluous.Magicbit
HKCU\SOFTWARE\Torch =>.Superfluous.Torch
HKCU\SOFTWARE\???????????????
O43 - CFD: 08/04/2017 - [] D -- C:\Program Files\ByteFence =>.Superfluous.ByteFence
O43 - CFD: 30/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware =>.Superfluous.ByteFence
O43 - CFD: 30/03/2017 - [] D -- C:\ProgramData\ByteFence =>.Superfluous.ByteFence
O43 - CFD: 23/03/2017 - [] D -- C:\ProgramData\Goodgame Empire =>.Superfluous.GoodGameEmpire
O43 - CFD: 13/07/2016 - [] D -- C:\Users\Bouchra\AppData\Roaming\cacaoweb =>.Superfluous.CacaoWeb
O43 - CFD: 03/07/2014 - [] D -- C:\Users\Bouchra\AppData\Local\Torch =>.Superfluous.Torch
O43 - CFD: 15/10/2016 - [0] D -- C:\Users\Bouchra\AppData\Local\{0F376500-DFBE-47DE-A1F0-B86761A82BF2} =>.Superfluous.Empty
O43 - CFD: 15/10/2016 - [0] D -- C:\Users\Bouchra\AppData\Local\{C1C46F64-CDA0-44F3-B198-D652F918E413} =>.Superfluous.Empty
O69 - SBI: prefs.js [Bouchra - nahd6ha2.default] user_pref("extensions.xpiState", "{\"app-profile\":{\"cacaoweb@cacaoweb.org\":{\"d\":\"C:\\\\Users\\\\Bouchra\\\\AppData\\\\Roamin[...] =>.Superfluous.CacaoWeb
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 =>.Superfluous.ByteFence
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS =>.Superfluous.ByteFence
HKLM\SYSTEM\CurrentControlSet\Services\ByteFenceService =>.Superfluous.ByteFence
C:\Program Files\ByteFence\ByteFenceService.exe =>.Superfluous.ByteFence
HKLM\SYSTEM\CurrentControlSet\Services\rtop =>.Superfluous.ByteFence
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe =>.Superfluous.ByteFence
C:\Users\Bouchra\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\cacaoweb@cacaoweb.org =>.Superfluous.CacaoWeb
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware =>.Superfluous.ByteFence
C:\ProgramData\ByteFence =>.Superfluous.ByteFence
C:\ProgramData\Goodgame Empire =>.Superfluous.GoodGameEmpire
C:\Users\Bouchra\AppData\Roaming\cacaoweb =>.Superfluous.CacaoWeb
C:\Users\Bouchra\AppData\Local\Torch =>.Superfluous.Torch
HKLM64\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 =>.Superfluous.ByteFence
HKLM64\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS =>.Superfluous.ByteFence
O4 - GS\Quicklaunch [Administrateur]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) C:\Users\Bouchra\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Programs [Administrateur]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) C:\Users\Bouchra\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Quicklaunch [Bouchra]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) C:\Users\Bouchra\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Programs [Bouchra]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) C:\Users\Bouchra\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O4 - GS\Programs [Public]: iLivid.lnk . (.Bandoo Media Inc. - iLivid Download Manager.) C:\Users\Bouchra\AppData\Local\iLivid\iLivid.exe =>Adware.Bandoo
O42 - Logiciel: iLivid - (.Bandoo Media Inc.) [HKCU][64Bits] -- iLivid {74B45E4BF603EDCA78C252159948CF7A} =>Adware.Bandoo
HKCU\SOFTWARE\csastats =>Adware.InstallCore
HKCU\SOFTWARE\ilivid =>Adware.Bandoo
HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore
HKCU\SOFTWARE\pdfforge =>.pdfforge
O43 - CFD: 27/02/2016 - [] D -- C:\Users\Bouchra\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 20/05/2014 - [] D -- C:\Users\Bouchra\AppData\Local\iLivid =>Adware.Bandoo
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (??????) - http://yandex.ru/
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com/ =>Adware.Bandoo
O69 - SBI: SearchScopes [HKCU] {C0C3A6C6-03BC-4195-8FCB-AEA091301353} - (Yahoo!) - http://search.yahoo.com/ =>.Yahoo! Inc.
O69 - SBI: SearchScopes [HKLM] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} - (Ask.com) - http://dts.search.ask.com/ =>Adware.Bandoo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid =>Adware.Bandoo
C:\Users\Bouchra\AppData\Roaming\OpenCandy =>Adware.OpenCandy
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} =>Adware.Bandoo
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} =>Adware.Bandoo
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>Heuristic.Suspect
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (.not file.)


Publicité


Signaler le contenu de ce document

Publicité