Bonjour à tous, je viens de m'inscrire afin d'avoir un peu d'aide pour un ami infecté. J'ai fait un ZHPdiag, j'ai donc un diag.Serait il possible d'avoir un sript à appliquer sur ZHPfix en fonction ?Voici le lien du diag :http://pjjoint.malekal.com/files.php?id ... 14y14Merci beaucoup par avance.(Ci dessous le diag en cas de bug du lien)~ Rapport de ZHPDiag v2014.8.28.125 - Nicolas Coolman (28/08/2014)~ Lancé par 0 (24/09/2014 21:27:13)~ Adresse du Site Web http://nicolascoolman.fr~ Adresse du Forum http://forum.nicolascoolman.fr~ Traduit par Nicolas Coolman~ Etat de la version : Nouvelle version disponible~ Liste blanche : Activée par le programme~ Elévation des Privilèges : OK~ User Account Control (UAC): Deactivate by user---\\ Navigateurs InternetMSIE: Internet Explorer v11.0.9600.17280MFIE: Mozilla Firefox 32.0.2 (Defaut)---\\ Informations sur les produits Windows~ Langage: Franà§aisWindows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)Windows Server License Manager Script : OK~ Windows Operating System - Windows(R) 7, OEM_SLP channelSystem Locked Preinstallation (OEM_SLP) : OKWindows ID Activation : OK~ Windows Partial Key : 3Q6C9Windows License : OK~ Windows Remaining Initializations Number : 3Software Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ Logiciels de protection du systèmeMalwarebytes Anti-Malware version 2.0.2.1012Microsoft Security Client FR-FR Language Pack v2.1.1116.0Spybot - Search & Destroy v1.6.2Windows Defender W7 (Deactivate)---\\ Logiciels d'optimisation du système---\\ Logiciels de partage PeerToPeer---\\ Surveillance de LogicielsAdobe Flash Player 15 PluginAdobe Reader XI---\\ Informations sur le système~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel~ Operating System: 64 BitsBoot mode: Normal (Normal boot)Total RAM: 6143 MB (65% free)System Restore: Activé (Enable)System drive C: has 750 GB (81%) free of 918 GB---\\ Mode de connexion au système~ Computer Name: AWXCVBNUGJKL§¨°~ User Name: 0~ All Users Names: UpdatusUser, HomeGroupUser$, Administrateur, 0, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89Logged in as Administrator---\\ Variables d'environnement~ System Unit : C:\~ %AppZHP% : C:\Users\0\AppData\Roaming\ZHP\~ %AppData% : C:\Users\0\AppData\Roaming\~ %Desktop% : C:\Users\0\Desktop\~ %Favorites% : C:\Users\0\Favorites\~ %LocalAppData% : C:\Users\0\AppData\Local\~ %StartMenu% : C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ Enumération des unités disquesC: Hard drive, Flash drive, Thumb drive (Free 750 Go of 918 Go)D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)E: CD-ROM drive (Not Inserted)F: Floppy drive, Flash card reader, USB Key (Not Inserted)G: Floppy drive, Flash card reader, USB Key (Not Inserted)H: Floppy drive, Flash card reader, USB Key (Not Inserted)I: Floppy drive, Flash card reader, USB Key (Not Inserted)K: Floppy drive, Flash card reader, USB Key (Not Inserted)---\\ Etat du Centre de Sécurité Windows[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified~ Security Center: 49 Legitimates Filtered in 00mn 00s---\\ Recherche particulière de fichiers génériques[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808][MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024][MD5.39EBB9708453036A74C30C9A294023FF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.18/08/2014 - 22:15:13.) -- C:\Windows\System32\wininet.dll [2310656][MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.04/03/2014 - 10:43:50.) -- C:\Windows\System32\Winlogon.exe [455168][MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448][MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 07:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152][MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128][MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160][MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456][MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400][MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368][MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472][MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224][MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208][MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\DriversetBT.sys [261632][MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Driverstfs.sys [1684928][MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280][MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536][MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184][MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296][MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]~ Generic Processes: Scanned in 00mn 00s---\\ Etat des fichiers cachés (Caché/Total)~ Mes images (My Pictures) : 1/9760~ Mes musiques (My Musics) : 60/139~ Mes Favoris (My Favorites) : 1/89~ Mes Documents (My Documents) : 1/1805~ Mon Bureau (My Desktop) : 1/394~ Menu demarrer (Programs) : 1/38~ Hidden Files: Scanned in 00mn 02s---\\ Processus lancés[MD5.F6987FF6C6D683F79FDCE707B071A997] - (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [955392] [PID.3824][MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.3848][MD5.1EAEAFAF61F7DB321A005F8FF64FA8CC] - (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\0\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040] [PID.3884][MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.3904][MD5.7116A34D32D1FA28C6E144BCEA8AD2A2] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [21647976] [PID.3920][MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3980][MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [275768] [PID.3988][MD5.013F05784A4BD193C9CD1817ACC31B6B] - (.Pas de propriétaire - HP Remote Solution.) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896] [PID.4004][MD5.C65B115A03DB0260895DE96681E88221] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.4064][MD5.EF06E2DEDA4BEBF1848FE395D078FFC1] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [206120] [PID.4076][MD5.B2D33DA7B07009E6B1A195D674F57D41] - (.Interactive Brands - Pas de description.) -- C:\Users\0\PDF Suite\PDFServerEngine.exe [392288] [PID.2784][MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [49208] [PID.2052][MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424] [PID.1348][MD5.F400694D7D2785F60133C20F7F2F4F7A] - (.ArcSoft Inc. - ArcSoft Connect Notifier.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac [309824] [PID.4024][MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.4668][MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.4740][MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.4908][MD5.4A8FF545462E2B397259CEA70D19222B] - (.Hewlett-Packard Co. - HP Message Manager.) -- C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [413496] [PID.4932][MD5.A4F9B383F2774DD3004A38A2BEC24C59] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5140][MD5.1E9B6DAF2BCA1F2408DB49140F840D69] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.5732][MD5.91A82CA963E945C81AE8B31F2180D28F] - (.Adobe Systems, Inc. - Adobe Flash Player 15.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe [1870000] [PID.6052][MD5.33BF80A2291C54DC7D7601CDEF63138E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8099328] [PID.2440][MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.1576][MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1688][MD5.1F79342D9EB530A48742F651E570983A] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176] [PID.1712][MD5.E4938E0A376CF0B9D989EE5C0A146891] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520] [PID.1744][MD5.108333981C841EB0FF198AA5DFCF3D3B] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2156][MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2760]~ Processes Running: Scanned in 00mn 00s---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)C:\Users\0\AppData\Local\Google\Chrome\User Data\Default\Preferences---\\ Liste des dossiers d'extension Google Chrome~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)C:\Users\0\AppData\Roaming\Mozilla\Firefox\Profiles\ihnzjy4q.default\prefs.jsM3 - MFPP: Plugins - [0] -- C:\Users\0\AppData\Roaming\Mozilla\Firefox\Profiles\ihnzjy4q.default\searchplugins\avg-secure-search.xml =>Toolbar.AVGSearchM2 - MFEP: RegExtension {EE5F501E-1D14-DE09-2A00-42BD556B5585} . (...) -- C:\Program Files (x86)\ver2BlockAndSurf\178.xpi (.not file.) =>PUP.BlockAndSurfM0 - MFSP: prefs.js [0 - ihnzjy4q.default] http://www.default-search.net? =>Hijacker.BrowsersM2 - MFEP: prefs.js [0 - ihnzjy4q.default\avg@toolbar] [] AVG Web TuneUp v3.2.0.15 (..)~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearchesR1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com =>Hijacker.WebsSearches~ IE Browser: 23 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Proxy Management (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no keyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management: Scanned in 00mn 00s---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programsF2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys: Scanned in 00mn 00s---\\ Hosts file redirection (O1)~ Le fichier hôte est sain (The hosts file is clean) (15354)~ Hosts File: Scanned in 00mn 09s---\\ Internet Explorer Toolbars (O3)O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllO3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline~ Toolbar: Scanned in 00mn 00s---\\ Autres liens utilisateurs (O4)O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://istart.webssearches.com =>Hijacker.WebsSearchesO4 - GS\QuickLaunch [0]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearchesO4 - GS\QuickLaunch [0]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\0\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrentO4 - GS\TaskBar [0]: µTorrent (2).lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\0\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrentO4 - GS\Program [0]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearchesO4 - GS\SystemTools [0]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com =>Hijacker.WebsSearches~ Global Startup: 7 Legitimates Filtered in 00mn 00s---\\ Applications lancées au démarrage du système (O4)O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (.not file.) O4 - HKCU\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft CorporationO4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\0\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google IncO4 - HKCU\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\0\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard CoO4 - HKLM\..\Wow6432Node\Run: [HP Remote Solution] . (.Pas de propriétaire - HP Remote Solution.) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [PDFServerEngine] . (.Interactive Brands - Pas de description.) -- C:\Users\0\PDF Suite\PDFServerEngine.exe O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard CoO4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems IncorporatedO4 - HKLM\..\Wow6432Node\Run: [ConvertAd] C:\Users\0\AppData\Local\ConvertAd\ConvertAd.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (.not file.) O4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\0\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google IncO4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [SkyDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\0\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-3334001579-2110456555-4168030822-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.~ Application: Scanned in 00mn 00s---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.icoO9 - Extra button: Skype Click to Call settings [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico~ IE Extra Buttons: Scanned in 00mn 00s---\\ Objets ActiveX (Downloaded Program Files)(O16)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/s ... wflash.cab~ Objets ActiveX: Scanned in 00mn 00s---\\ Modification Domaine/Adresses DNS (O17)O17 - HKLM\System\CCS\Services\Tcpip\..\{94B4C903-DD90-46FB-A115-814176662E2B}: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CS1\Services\Tcpip\..\{94B4C903-DD90-46FB-A115-814176662E2B}: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CS2\Services\Tcpip\..\{94B4C903-DD90-46FB-A115-814176662E2B}: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254~ Domain: Scanned in 00mn 00s---\\ Protocole additionnel (O18)O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation~ Protocole Additionnel: Scanned in 00mn 00s---\\ Tà¢ches planifiées en automatique (O39)[MD5.00000000000000000000000000000000] [APT] [{2DA7F6FE-1340-4B0B-97E6-2CB267310FDF}] (...) -- C:\Users\0\AppData\Local\Temp\Temp1_Librairies_VB6.zip\Setup_LibrairiesVB.exe (.not file.) [0]O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1054]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1058]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3334001579-2110456555-4168030822-1000Core [1010]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3334001579-2110456555-4168030822-1000UA [1062]O39 - APT: - (..) -- C:\Windows\System32\Tasks\PCDRScheduledMaintenance [552]O39 - APT: {2DA7F6FE-1340-4B0B-97E6-2CB267310FDF} - (...) -- C:\Windows\Tasks\PT.job [1314]O39 - APT: - (..) -- C:\Windows\Tasks\WJCMQNFI.job [1670]~ Scheduled Task: 26 Legitimates Filtered in 00mn 01s---\\ Logiciels installés (O42)O42 - Logiciel: AnyProtect - (.CMI Limited.) [HKLM][64Bits] -- AnyProtect =>PUP.AnyProtect~ Logic: 24 Legitimates Filtered in 00mn 00s---\\ HKCU & HKLM Software Keys[HKCU\Software\AnyProtect] =>PUP.AnyProtect[HKCU\Software\Conduit] =>Toolbar.Conduit[HKCU\Software\Genesis] =>PUP.Genesis[HKCU\Software\HD_Quality_FR][HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKCU\Software\Tutorials] =>PUP.AgenceExclusive[HKCU\Software\mybestofferstoday] =>PUP.MyBestOffersToday[HKCU\Software\test][HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\Wow6432Node\Tutorials] =>PUP.AgenceExclusive[HKLM\Software\Wow6432Node\f751649b-0226-429e-81d4-a1343922e7cb]~ Key Software: 271 Legitimates Filtered in 00mn 00s---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)O43 - CFD: 25/09/2014 - 06:00:36 - [] ----D C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtectO43 - CFD: 12/12/2011 - 18:33:58 - [] ----D C:\Program Files (x86)\Bulletin de SalaireO43 - CFD: 18/12/2013 - 09:38:38 - [] ----D C:\Program Files (x86)\GUM75DA.tmpO43 - CFD: 24/09/2014 - 21:07:46 - [] ----D C:\Program Files (x86)\LPT =>Adware.IncredibarO43 - CFD: 24/09/2014 - 21:07:47 - [0] ----D C:\Program Files (x86)\Settings Manager =>PUP.SystemKO43 - CFD: 24/09/2009 - 02:39:44 - [] --H-D C:\ProgramData\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309}O43 - CFD: 24/09/2014 - 21:07:47 - [0] ----D C:\Users\0\AppData\Roaming\FirefoxToolbarO43 - CFD: 21/09/2014 - 00:29:22 - [] ----D C:\Users\0\AppData\Local\comO43 - CFD: 21/09/2014 - 00:34:51 - [0] ----D C:\Users\0\AppData\Local\GGEmpireO43 - CFD: 25/09/2014 - 06:00:49 - [] ----D C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect~ 636 Dossier CLSID vide (CLSID Empty Folder)~ Program Folder: 871 Legitimates Filtered in 00mn 09s---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)O44 - LFC:[MD5.BD7EA9AECC6E518F26AEC7B3DA2CEB50] - 20/09/2014 - 18:32:17 ---A- . (.MyOSCompany - Pas de description.) -- C:\Windows\System32\MyOSProtect64.dll [350768]O44 - LFC:[MD5.5B3ABF9C1AA7556C3A36FEA4E695C5D2] - 20/09/2014 - 18:34:43 ---A- . (...) -- C:\end [4]O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/09/2014 - 09:22:45 ---A- . (...) -- C:\autoexec.bat [0]O44 - LFC:[MD5.F51623E6B18C69BCCCA73CF3F6CA44E5] - 24/09/2014 - 20:02:19 ---A- . (...) -- C:\Windows\win.ini [615]~ Files: 60 Legitimates Filtered in 00mn 01s---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0~ MWPS: 20 Legitimates Filtered in 00mn 00s---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s---\\ Liste des pilotes du système (SDL) (O58)O58 - SDL:29/05/2012 - 15:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]~ Drivers: 50 Legitimates Filtered in 00mn 00s---\\ Liste des outils de désinfection (LATC) (O63)O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas CoolmanO63 - Logiciel: ZHPFix 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 =>.Nicolas Coolman~ ADS: Scanned in 00mn 00s---\\ Menu de démarrage Internet (SMI) (O68)O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (...) -- firefox.exe (.not file.)O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe~ Keys: Scanned in 00mn 00s---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)O69 - SBI: prefs.js [0 - ihnzjy4q.default] user_pref("CT3242339.http___pricegong_conduitapps_com_v4.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZWxvY2F0aW9uPTAsb3BlbnBvc2l0a[...] =>Adware.PriceGongO69 - SBI: prefs.js [0 - ihnzjy4q.default] user_pref("extensions.crossrider.bic", "1489426134a162544904223fb78bd102"); =>PUP.CrossRiderO69 - SBI: prefs.js [0 - ihnzjy4q.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);O69 - SBI: SearchScopes [HKCU] {1D574C47-2969-402E-BBB1-B51EBEFBB0C4} [DefaultScope] - (Google) - http://www.google.comO69 - SBI: SearchScopes [HKCU] {24F1C15E-5FA2-4D6B-8DA5-1DD28684947C} - (Yahoo!) - http://fr.search.yahoo.comO69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.comO69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - http://www.bing.comO69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} - (default-search.net) - http://www.default-search.net =>Hijacker.BrowsersO69 - SBI: SearchScopes [HKCU] {AF612114-56B5-4E04-AB44-3EF644810CC5} - (WiseConvert Customized Web Search) - http://search.conduit.com =>Toolbar.ConduitO69 - SBI: SearchScopes [HKCU] {B9F151CF-4168-4FFC-B2B3-C0B38C96EAA3} - (AOL Recherche) - http://slirsredirect.search.aol.comO69 - SBI: SearchScopes [HKCU] {E3F3BCEA-2C4D-40AD-88FA-1A2593155F4A} - (Kelkoo) - http://fr.kelkoopartners.net~ Keys: Scanned in 00mn 00s---\\ Recherche particulière à la racine du système (SPRF) (O84)[MD5.ACA363FD8D3EF7D499C7F334B0974B54] [SPRF][03/05/2010] (...) -- C:\Users\0\AppData\Roaming\wklnhst.dat [192]~ Files: 1 Legitimates Filtered in 00mn 00s---\\ Liste des exceptions du parefeu (FirewallRules) (O87)O87 - FAEL: "{122059B6-1879-4BD9-8530-2090919205A4}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrentO87 - FAEL: "{CFA5A205-63DA-4E17-89FC-E958E95A15E6}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrentO87 - FAEL: "{29C98B5D-62C1-4960-9220-EEBC83205580}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\0\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrentO87 - FAEL: "{CD62B45E-AE28-433B-B527-E098CE2B319C}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\0\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent~ Firewall: 4 Legitimates Filtered in 00mn 01s---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)[MD5.E891DE918A54A615DF677DDA5AC93AD5] [WIS][27/08/2014] (.LPT - LPT System Updater Service.) -- C:\Windows\Installer\40fa4.msi [2138112] =>Adware.IncrediBar~ WIS: 1 Legitimates Filtered in 00mn 00s---\\ Recherche de clés de registre Tracing (O100)HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eorezo_RASAPI32 =>PUP.EorezoHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\eorezo_RASMANCS =>PUP.EorezoHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrentHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrentHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASAPI32 =>Toolbar.ConduitHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_1_RASMANCS =>Toolbar.ConduitHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_RASAPI32 =>Toolbar.ConduitHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WiseConvert_RASMANCS =>Toolbar.Conduit~ BTK: 328 Legitimates Filtered in 00mn 00s---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)SS - | Demand 24/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeSS - | Auto 12/06/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 12/06/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 14/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeSS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeSS - | Demand 19/09/2014 114288 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSS - | Auto 28/09/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeSS - | Demand 11/06/2009 23536 | (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) . (.PC-Doctor, Inc..) - c:\program files\pc-doctor for windows\pcdsrvc_x64.pkmsSS - | Demand 30/04/2014 1716264 | (PDF Architect 2) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\ws.exeSS - | Demand 30/04/2014 861736 | (pdfforge CrashHandler) . (.pdfforge GmbH.) - C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exeSS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exeSS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeSR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exeSR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard CoSR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exeSR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exeSR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exeSR - | Auto 18/05/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeSR - | Auto 22/08/2014 23784 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exeSR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exeSR - | Auto 18/08/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32vvsvc.exeSR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exeSR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeSR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft CorporationSR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe~ Services: Scanned in 00mn 07s---\\ Scan Additionnel (O88)Database Version : 13026 - (28/08/2014)Clés trouvées (Keys found) : 34Valeurs trouvées (Values found) : 6Dossiers trouvés (Folders found) : 12Fichiers trouvés (Files found) : 5[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect] =>PUP.AnyProtect^[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector[HKLM\Software\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}] =>Toolbar.Agent[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive[HKLM\Software\Wow6432Node\InstallCore] =>Adware.InstallCore[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo[HKLM\Software\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}] =>Toolbar.Conduit[HKLM\Software\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}] =>Toolbar.Conduit[HKLM\Software\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}] =>Toolbar.Conduit[HKLM\Software\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}] =>Toolbar.Conduit[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}] =>Toolbar.AOL[HKLM\Software\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}] =>Toolbar.AOL[HKLM\Software\Wow6432Node\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}] =>Toolbar.AOL[HKLM\Software\Classes\dnUpdater.DownloadUIBrowser] =>Toolbar.AOL[HKLM\Software\Classes\dnUpdate] =>Toolbar.AOL[HKLM\Software\Classes\dnUpdater.DownloadUIBrowser.1] =>Toolbar.AOL[HKLM\Software\Classes\dnUpdater.DownloadUpdController] =>Toolbar.AOL[HKLM\Software\Classes\dnUpdater.DownloadUpdController.1] =>Toolbar.AOL[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro[HKLM\Software\Classes\Toolbar.CT3196716] =>Toolbar.Conduit[HKLM\Software\Wow6432Node\Classes\Toolbar.CT3196716] =>Toolbar.Conduit[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171162}] =>PUP.CrossRider[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}] =>Adware.Bandoo^[HKLM\Software\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}] =>Toolbar.Conduit^C:\Users\0\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {EE5F501E-1D14-DE09-2A00-42BD556B5585} . (...) -- C:\extensions\Program Files (x86)\ver2BlockAndSurf\178.xpi (.not file.) =>PUP.BlockAndSurf^C:\Program Files (x86)\AnyProtectEx =>PUP.AnyProtect^C:\Program Files (x86)\LPT =>Adware.Incredibar^C:\Program Files (x86)\Settings Manager =>PUP.SystemK^C:\Users\0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup =>PUP.AnyProtect^C:\Program Files (x86)\Software =>Adware.BoxoreC:\Program Files (x86)\Optimizer Pro =>PUP.OptimizerProC:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearchC:\Program Files (x86)\Common Files\Software Update Utility =>Toolbar.AOLC:\Users\0\AppData\LocalLow\Conduit =>Toolbar.ConduitC:\Users\0\AppData\Roaming\Mozilla\Firefox\Profiles\ihnzjy4q.default\Smartbar =>Hijacker.SmartBarC:\Users\0\AppData\Roaming\Mozilla\Firefox\Profiles\ihnzjy4q.default\Extensions\avg@toolbar =>Toolbar.AVGSearch[HKCU\Software\AnyProtect] =>PUP.AnyProtect^[HKCU\Software\Conduit] =>Toolbar.Conduit^[HKCU\Software\Genesis] =>PUP.Genesis^[HKCU\Software\mybestofferstoday] =>PUP.MyBestOffersToday^C:\Windows\Installer\40fa4.msi =>Adware.IncrediBar^~ Additionnel Scan: 341915 Items scanned in 00mn 24s---\\ Informations complémentaires sur les modules~ http://nicolascoolman.fr/r5-internet-ex ... ment-iepm/ =>.Internet Explorer, Proxy Management (R5)~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Internet Explorer Toolbars (O3)~ http://nicolascoolman.fr/o4-application ... -registre/ =>.Applications lancées au démarrage du système (O4)~ AMI: 3 Legitimates Filtered in 00mn 00s---\\ Récapitulatif des détections trouvées sur votre stationhttp://nicolascoolman.fr/pup-blockandsurf =>PUP.BlockAndSurfhttp://nicolascoolman.fr/hijacker-browsers =>Hijacker.Browsershttp://nicolascoolman.fr/hijacker-webssearches =>Hijacker.WebsSearcheshttp://nicolascoolman.fr/pup-anyprotect =>PUP.AnyProtecthttp://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduithttp://nicolascoolman.fr/pup-genesis =>PUP.Genesishttp://nicolascoolman.fr/adware-vidsaver =>Adware.VidSaverhttp://nicolascoolman.fr/spyware-agenceexclusive =>PUP.AgenceExclusivehttp://nicolascoolman.fr/adware-installcore =>Adware.InstallCorehttp://nicolascoolman.fr/adware-incredibar =>Adware.Incredibarhttp://nicolascoolman.fr/pup-systemk =>PUP.SystemKhttp://nicolascoolman.fr/adware-pricegong =>Adware.PriceGonghttp://nicolascoolman.fr/pup-crossrider =>PUP.CrossRiderhttp://nicolascoolman.fr/pup-eorezo =>PUP.Eorezohttp://nicolascoolman.fr/pup-bprotector =>PUP.BProtectorhttp://nicolascoolman.fr/pup-optimizerpro =>PUP.OptimizerProhttp://nicolascoolman.fr/adware-bandoo =>Adware.Bandoohttp://nicolascoolman.fr/adware-boxore =>Adware.Boxorehttp://nicolascoolman.fr/hijacker-smartbar =>Hijacker.SmartBar~ MSI: 19 link(s) detected in 00mn 00s~ 1502 Legitimates filtered by white listEnd of the scan (572 lines in 01mn 18s)(0)
- Ne suis pas plusieurs procédures de désinfection sur différents forums, au risque d'endommager ton système d'exploitation.
- Ne fais rien de ta propre initiative.
- Marque cette page, afin que tu puisses répondre et voir mes réponses plus facilement,
- Les outils que je te demanderai de télécharger devront être enregistrés sur ton bureau : aide en images(merci à H.A.W.X).
- Post tout les rapports en utilisant SOS-Upload Voir ici => Comment héberger un fichier sur SOSUpload ?Note: Clique sur "Comment héberger un fichier sur SOSUpload ?"
- Clique sur le menu Démarrer
- Clique sur Panneau de configuration
- Clique sur l'icône Programmes et fonctionnalités (Si le Panneau de configuration s'affiche par icônes) ou clique sur "Désinstaller un programme "
- Désinstalle les programmes suivants si présent :
- Spybot Search and destroy
- Toolbar Conduit
- OptimizerPro
- Boxore
- Eorezo
- BProtector
- PriceGong
- Incredibar Toolbar
- Clique sur Désinstaller pour chacun des programmes.
- Désactive ton antivirus le temps du téléchargement et de l'utilisation.
- Télécharge ZHPCleaner de Nicolas Coolman sur ton bureau.
- Ferme ton navigateur
- Fais un double clique sur l'icône pour le lancerNote: Clique droit sur l'icône puis Exécuter en tant qu'administrateur sous Windows Vista, Seven et Windows 8
- Accepte "les conditions d'utilisation"
- Clique sur Reparer
- Héberge le rapport ZHPCleaner.txt présent sur ton bureau sur SosUpload puis copie/colle le lien fourni dans ta prochaine réponse.