~ ZHPCleaner v2014.11.21.234 by Nicolas Coolman (21/11/2014) ~ Run by Jean-Luc (Administrator) (22/11/2014 14:27:25) ~ Forum : http://forum.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Réparer ~ Report : C:\Users\Jean-Luc\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Jean-Luc\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Service. (0) ~ Aucun élément malicieux trouvé. ---\\ Navigateur internet. (31) REMPLACÉ Desktop: C:\Users\Jean-Luc\Desktop\Internet Explorer.lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ Quicklaunch: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ Quicklaunch: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ TaskBar: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ Desktop: C:\Users\Public\Desktop\Google Chrome.lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ Desktop: C:\Users\Public\Desktop\Mozilla Firefox.lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ SystemTools: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ Programs: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ Programs: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (http://www.sweet-page.com/?type=sc&ts=1402594529&f[...]) REMPLACÉ Firefox: [880xzpa6.default] URL HomePage : hxxp://www.sweet-page.com/?type=hppp&ts=1415969922&from=adks&uid=WDCXWD10EARS-00MVWB0[...] TROUVÉ FF: C:\Users\Jean-Luc\AppData\Roaming\Mozilla\Firefox\Profiles\880xzpa6.default\prefs.js REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.JC7FviMxdg57WMzb.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.M5RDOozUzjeHOLcM.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.Mxqe.scode", "try{(function(){try{var url=(window.self.location.href + documen[...] (Toolbar.Conduit) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.Oh1PI.scode", "try{(function(){try{var url=(window.self.location.href + docume[...] (PUP.Babylon) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.QZ_q.scode", "try{(function(){try{var url=(window.self.location.href + documen[...] (Toolbar.Conduit) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.Rd3vLV0UyN4YtOum.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.VyPzAUwiWvZxwk1G.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.YSXzSmvVV.scode", "try{(function(){try{var url=(window.self.location.href + do[...] (Toolbar.Conduit) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions._tmmI8_u.scode", "try{(function(){try{var url=(window.self.location.href + doc[...] (Toolbar.Conduit) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.az8tZ.scode", "try{(function(){try{var url=(window.self.location.href + docume[...] (PUP.Babylon) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.na6um727DwIR7jik.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.pQUrSDPeeZRkBPLi.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.quick_start.enable_search1", false); (PUP.QuickStart) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); (PUP.QuickStart) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.quick_start@gmail.com.install-event-fired", true); (PUP.QuickStart) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.rWOTqIr4.scode", "try{(function(){try{var url=(window.self.location.href + doc[...] (Toolbar.Conduit) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.tHfDcYc.scode", "try{(function(){try{var url=(window.self.location.href + docu[...] (PUP.Babylon) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.wrc@avast.com.install-event-fired", true); (Toolbar.Ask) REMPLACÉ FF: [880xzpa6.default] - user_pref("extensions.yK5PV6.scode", "try{(function(){try{var url=(window.self.location.href + docum[...] (Toolbar.Conduit) SUPPRIMÉ: HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs [C:\Program Files (x86)\SupTab\SEARCH~2.DLL] (PUP.SupTab) ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (50) ---\\ Tâche planifiée. (0) ~ Aucun élément malicieux trouvé. ---\\ Explorateur ( Dossiers, Fichiers ). (13) DEPLACÉ: C:\Program Files (x86)\save ono (PUP.SaveOn) DEPLACÉ: C:\Program Files (x86)\save ono\31YdiA.tlb [ - ] (PUP.SaveOn) DEPLACÉ: C:\ProgramData\InstallMate (PUP.Tarma) DEPLACÉ: C:\ProgramData\InstallMate\18574854 [ - ] (PUP.Tarma) DEPLACÉ: C:\ProgramData\InstallMate\C157170D [ - ] (PUP.Tarma) DEPLACÉ: C:\ProgramData\InstallMate\C45E37DB [ - ] (PUP.Tarma) DEPLACÉ: C:\ProgramData\InstallMate\{13CCA0BE-7F19-4BCD-A926-373BC82F8248} [ - ] (PUP.Tarma) DEPLACÉ: C:\ProgramData\InstallMate\{2B6BC7BE-CB6F-4D17-AFFC-834DF088E548} [ - ] (PUP.Tarma) DEPLACÉ: C:\ProgramData\InstallMate\{78DD1BC7-683A-4B52-A9B9-2018A33E3931} [ - ] (PUP.Tarma) DEPLACÉ: C:\ProgramData\RoyalCoupon (PUP.RoyalCoupon) DEPLACÉ: C:\ProgramData\RoyalCoupon\skPQ5TxliXz7WN.tlb [ - ] (PUP.RoyalCoupon) DEPLACÉ: C:\ProgramData\save ono (PUP.SaveOn) DEPLACÉ: C:\Users\Jean-Luc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.01net.com_0.localstorage-journal[] (Toolbar.Conduit) ---\\ Base de Registres ( Clés, Valeurs, Données ). (24) SUPPRIMÉ: HKCR\CLSID\{B52079A0-FF82-489C-9AE2-5299709B9E8F} [SectionViewpointCmd Object] (Adware.MetaStream) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport) SUPPRIMÉ: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update sizlsearch (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_RASAPI32 (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Tracing\sizlsearch_RASMANCS (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuuquUpdate.exe (PUP.FrameFox) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftwareUpdate.exe (Adware.Boxore) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_ad_RASAPI32 (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_ad_RASMANCS (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_RASAPI32 (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_RASMANCS (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_Setup_RASAPI32 (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\sizlsearch_Setup_RASMANCS (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_Setup302_RASAPI32 (PUP.SupTab) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_Setup302_RASMANCS (PUP.SupTab) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASAPI32 (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatesizlsearch_RASMANCS (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsizlsearch_RASAPI32 (PUP.SizlSearch) SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsizlsearch_RASMANCS (PUP.SizlSearch) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) End of clean at 14:33:21