Script ZHPFIX
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
G2 - GCE: Preference [User Data\Default] [kkkeikdkpjenmoiicggnnodbkebafgpc] Browser Helper Object v.1.2 (Désactivé)    
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll =>Trojan.FindFDSearch
[MD5.F498F9A6044DE57744BD465662E6AD77] [APT] [BHO updater] (...) -- C:\Program Files (x86)\Internet Explorer\Updater.exe   [117760]    
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
O45 - LFCP:[MD5.19A52B9CAB83C208FB867E205E14BE7E] - 08/01/2014 - 13:15:50 ---A- - C:\Windows\Prefetch\SPEEDUPMYPC.EXE-A230608D.pf  =>Rogue.SpeedUpMyPC
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\background.html   [357]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\icons\128.png   [21485]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\icons\48.png   [4576]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\js\aes.js   [6265]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\js\background.js   [4376]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\js\crypto.js   [267]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\js\injected.js   [100]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\js\md5.js   [6360]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\js\prefs.js   [1616]    
O61 - LFC: 08/01/2014 - 22:19:32 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkeikdkpjenmoiicggnnodbkebafgpc\1.2_1\manifest.json   [817]    
O90 - PUC: "2BA20034396B0EB65C304F6A65364DED" . (.Catalyst Control Center Graphics Previews Vista.) -- C:\Windows\Installer\{43002AB2-B693-6BE0-C503-F4A61-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified   =>PUA.StartShow ^
C:\Windows\Installer\22d22f6.msi   =>Adware.Boxore^
C:\Windows\Installer\75e526.msi   =>Adware.IMBooster^
C:\Program Files (x86)\Internet Explorer\cr_addon.crx   =>PUP.Babylon
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (...) -- C:\Users\Audrey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (.not file.)
O4 - GS\Desktop [Public]: Free Video Cutter Joiner.lnk . (...)  -- C:\Program Files (x86)\DVDVideoMedia\Free Video Cutter Joiner\Free Video Cutter Joiner.exe (.not file.)
O4 - GS\Accessories [Audrey]: Run.lnk - Clé orpheline
O4 - GS\Desktop [Audrey]: QC_Image.exe.lnk . (...)  -- C:\Program Files (x86)\Softitler\QC Image\QC_Image.exe (.not file.)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2814882169-1805950281-2739600590-1000Core.job   [1078]
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2814882169-1805950281-2739600590-1000UA.job   [1100]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-2814882169-1805950281-2739600590-1000Core] (.Facebook Inc..) -- C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe   [138096]
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-2814882169-1805950281-2739600590-1000UA] (.Facebook Inc..) -- C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe   [138096]
[MD5.00000000000000000000000000000000] [APT] [{7ADDB8B0-D12C-44B9-8AB5-1F685288063A}] (...) -- C:\Software\trados\Setup.exe (.not file.)   [0]
O45 - LFCP:[MD5.5334917B0080CEEE95B8D0A769404077] - 07/01/2014 - 16:48:29 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.18A3E3291B71F85171C498B5C3184713] - 07/01/2014 - 23:52:23 ---A- - C:\Windows\Prefetch\JRT.EXE-1503AEDA.pf
O45 - LFCP:[MD5.217D9135EDFBE37B679769BD57329491] - 08/01/2014 - 00:03:33 ---A- - C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-D37241ED.pf
O45 - LFCP:[MD5.DFBF41DAAA7EB3DD0396E26CB5BDBCE5] - 08/01/2014 - 00:39:24 ---A- - C:\Windows\Prefetch\ASWOFFERTOOL.EXE-2B11F8D7.pf
O45 - LFCP:[MD5.95E80A599D3A0C53477C8A9F806F0D8F] - 08/01/2014 - 08:35:39 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2814882169-1805950281-2739600590-1000.db
O45 - LFCP:[MD5.EF55AECF4E55E72C5149A1FBB25AA6C9] - 08/01/2014 - 08:35:39 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2814882169-1805950281-2739600590-1000.db
O45 - LFCP:[MD5.92CF769CDD6B0D6C9BBB6DA859088100] - 08/01/2014 - 09:33:37 ---A- - C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_9_900_17-E71EA5C1.pf
O45 - LFCP:[MD5.47DCE6BFFBD1FA90F41DF517A988FB1D] - 08/01/2014 - 10:07:20 ---A- - C:\Windows\Prefetch\DDS.COM-67233E7A.pf
O45 - LFCP:[MD5.5C624E029E25CACC290DA3CD90D4AB47] - 08/01/2014 - 19:50:05 ---A- - C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-66B0A0B0.pf
O45 - LFCP:[MD5.A4B27B14F92303D3873F5FD24CF2CFDD] - 08/01/2014 - 21:37:54 ---A- - C:\Windows\Prefetch\PLFSETI.EXE-D9D6FD5A.pf
O45 - LFCP:[MD5.6E6124BC0757DBD81F0608512AAD862D] - 08/01/2014 - 22:04:45 ---A- - C:\Windows\Prefetch\FDM.EXE-CD44682A.pf
O45 - LFCP:[MD5.E40C22C96CCE7C1112FC963198F74B57] - 08/01/2014 - 22:04:50 ---A- - C:\Windows\Prefetch\INSTUP.EXE-A21AC9E7.pf
O45 - LFCP:[MD5.8F854F49708E1EDB486BC8D2CF0BBB43] - 08/01/2014 - 22:05:33 ---A- - C:\Windows\Prefetch\WGET.DAT-F5EDC26A.pf
O45 - LFCP:[MD5.E8D2B24C0D397FD74F7ED4AC2311E684] - 08/01/2014 - 22:13:44 ---A- - C:\Windows\Prefetch\CUT.DAT-B7EB703B.pf
O45 - LFCP:[MD5.839274500B1A7287FCA149570A3E0A9F] - 08/01/2014 - 22:14:22 ---A- - C:\Windows\Prefetch\FIND.EXE-66A35B26.pf
O45 - LFCP:[MD5.71B8034F6E718DED9816CAE5C343EFB4] - 08/01/2014 - 22:15:50 ---A- - C:\Windows\Prefetch\SHORTCUT.DAT-CA6C77CB.pf
O45 - LFCP:[MD5.A943C1276DC8A5BE47DDA6A6353FD481] - 08/01/2014 - 22:16:19 ---A- - C:\Windows\Prefetch\FC.EXE-CE11E8DE.pf
O45 - LFCP:[MD5.12D2E56315310F50BA2970C59FCF1FE4] - 08/01/2014 - 22:16:19 ---A- - C:\Windows\Prefetch\NIRCMD.DAT-87866970.pf
O61 - LFC: 05/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\D94CB95F.TMP   [179]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\1132_7502\crl-set   [1062]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\1132_7502\manifest.fingerprint   [12]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\1132_7502\manifest.json   [34]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\1392_7262\crl-set   [1059]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\1392_7262\manifest.fingerprint   [12]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\1392_7262\manifest.json   [34]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\206950.od   [134]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\4280_23215\crl-set   [756]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\4280_23215\manifest.fingerprint   [12]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\4280_23215\manifest.json   [34]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\CVR2866.tmp.cvr   [0]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\JRT.txt   [626]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\JRT.bat   [10261]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\PRODUCTS.dat   [141]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\REGhkcu_and_hklm_software.cfg   [3372]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\REGhkcu_software_microsoft.cfg   [1664]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\S1518COMPONENTS.dat   [1732]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\TRACING.dat   [7685]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\UNINSTALL.dat   [14243]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\WOW6432NODE.dat   [511]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\currentmd5.txt   [13]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\get.bat   [16063]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\newmd5.txt   [13]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\jrt\temp\null.txt   [0]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\msohtmlclip1\01\clip_colorschememapping.xml   [314]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\msohtmlclip1\01\clip_themedata.thmx   [3086]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\scoped_dir3528_19341\Cookies   [6144]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\scoped_dir3528_19341\Cookies-journal   [1544]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\scoped_dir3528_19341\data_0   [45056]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\scoped_dir3528_19341\data_1   [270336]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\scoped_dir3528_19341\data_2   [1056768]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\scoped_dir3528_19341\data_3   [8192]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\scoped_dir3528_19341\index   [524656]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\~DF1B17CFF6E0AAE421.TMP   [32768]
O61 - LFC: 08/01/2014 - 22:19:35 ---A- . (...) -- C:\Users\Audrey\AppData\Local\Temp\~DF93EFC4B52D87317C.TMP   [376832]
C:\Program Files\ADOBE.ACROBAT.X.PROFESSIONAL.V10.0.EN-FR-DE.ESD.WIN-CORE.byGlad31\KeyGen(CLAVE=KEY).rar    
C:\Software\Adobe Acrobat Professional 8.10 Pdf Writer&Keygen\Acrobat Pro 8.1.exe    
C:\Software\Adobe Acrobat Professional 8.10 Pdf Writer&Keygen\PDF_Writer.exe    
C:\Software\Adobe Acrobat Reader 9.0 Professional Multilanguage + Keygenerator.rar    
C:\Software\WinRAR.v3.93.Fr.Incl-Keygen-(64bits).[emule-island.com]\Bienvenue sur eMule-Island !.url    
C:\Software\WinRAR.v3.93.Fr.Incl-Keygen-(64bits).[emule-island.com]\Version 64bits\winrar-x64-393fr.exe    
C:\Software\Zone Alarm\Zone Alarm Pro (antiguo)\Zone Alarm 4 Keygen\ZoneAlarm.exe    
C:\Users\Audrey\Documents\Travail\Alpha\Soft\Déjà Vu\DejaVu-keygen.exe    
[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][23/12/2013] (...) -- C:\Users\Audrey\AppData\Local\Temp\Quarantine.exe   [360051]
O87 - FAEL: "TCP Query User{D8F5C1FC-04BA-42FB-B1C7-19F70A71B430}C:\users\audrey\appdata\local\akamai\netsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\audrey\appdata\local\akamai\netsession_win.exe (.not file.)    
O87 - FAEL: "UDP Query User{607D13ED-1B7E-4673-BCB7-38B516ACA309}C:\users\audrey\appdata\local\akamai\netsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\audrey\appdata\local\akamai\netsession_win.exe (.not file.)    
shortcutfix
hostfix
proxyfix
sysrestore
emptyflash
emptytemp