~ ZHPCleaner v2014.11.24.236 by Nicolas Coolman (24/11/2014)
~ Run by ooOoo (Administrator)  (25/11/2014 14:02:16)
~ Forum : http://forum.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Réparer
~ Report : C:\Users\ooOoo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ooOoo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\  Service. (0)
~ Aucun élément malicieux trouvé.


---\\  Navigateur internet. (77)
REMPLACÉ IE Params: Tabs  ( about:newtab )
REMPLACÉ Firefox: [vrk17f22.default] URL HomePage : hxxps://www.google.fr/ 
TROUVÉ FF: C:\Users\ooOoo\AppData\Roaming\Mozilla\Firefox\Profiles\vrk17f22.default\prefs.js
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.RulesVersion", ""); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules./v1/update/rule/foo.bar.style", "some style"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules./v1/update/rule/foo.bar.url", "testik.bb"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.atlas.cz.style", ".WRCN {display:none} .result .WRCN {display:[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.atlas.cz.url", "^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+"[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.atlas.sk.style", ".WRCN {display:none} .katalogSponsorItem .WR[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.atlas.sk.url", "^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {disp[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.bing.com.style", ".WRCN {display:none} .sb_tlst .WRCN, .sp_pss[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.bing.com.url", "^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.centrum.cz.style", ".WRCN {display:none} .results-list h3 > .W[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.centrum.cz.url", "^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.centrum.sk.style", ".WRCN {display:none} .katalogSponsorItem .[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.centrum.sk.url", "^http\\:\\/\\/search\\.centrum\\.sk\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.delicious.com.style", ".WRCN {display:none} .taggedlink + .WRC[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.delicious.com.url", "^http\\:\\/\\/www\\.delicious\\.com\\/(.)[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.dmoz.org.style", ".WRCN {display:none} ol.site li .WRCN{displa[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.dmoz.org.url", "^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/excite\[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.facebook.com.style", ".WRCN {display:none} .WRCN {display:none[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.facebook.com.url", "^http\\:\\/\\/www\\.facebook\\.com\\/.*"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.fastweb.it.style", ".WRCN {display:none} .gs-title .WRCN {disp[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.fastweb.it.url", "^http\\:\\/\\/www\\.fastweb\\.it\\/portale\\[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.gazeta.pl.style", ".WRCN {display:none} .res_body .res_entry .[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.gazeta.pl.url", "^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN,[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((www
encrypted)\\.)?googl[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.interia.pl.style", ".WRCN {display:none} .row .WRCN {display:i[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.interia.pl.url", "^http\\:\\/\\/(www\\.)?google\\.interia\\.pl[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.lycos.com.style", ".WRCN {display:none} .results .WRCN {displa[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.lycos.com.url", "^http\\:\\/\\/search\\.lycos\\.(com?\\.[a-z]{[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.onet.pl.style", ".WRCN {display:none} #main .link .WRCN {displ[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.onet.pl.url", "^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.paginegialle.it.style", ".WRCN {display:none} .lnkwww + .WRCN [...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.paginegialle.it.url", "^http\\:\\/\\/www\\.paginegialle\\.it\\[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: u[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.rambler.ru.url", "^http\\:\\/\\/nova\\.rambler\\.ru\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.scroogle.org.style", "a + .WRCN {display:inline !important; ba[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.scroogle.org.url", "^http\\:\\/\\/www\\.scroogle\\.org\\/.*"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .text .WRCN, [...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.sky.com.style", ".WRCN {display:none} #results h3 .WRCN, #spon[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.sky.com.url", "^http\\:\\/\\/search\\.sky\\.com/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.slashdot.org.style", ".WRCN {display:none} .body i .WRCN {disp[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.slashdot.org.url", "^http\\:\\/\\/slashdot\\.org\\/.*"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.terra.com.br.style", ".WRCN {display:none} .col-left-full .lis[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.terra.com.br.url", "^http\\:\\/\\/buscador\\.terra\\.com\\.br\[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.tiscali.it.style", ".WRCN {display:none} .item .WRCN {display:[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.tiscali.it.url", "^http\\:\\/\\/search\\.tiscali\\.it\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.twitter.com.style", ".WRCN {display:none} .entry-content .web [...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.twitter.com.url", "^http://twitter\\.com\\/.*"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.uol.com.br.style", ".WRCN {display:none} #results dt .WRCN, #r[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.uol.com.br.url", "^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.virgilio.it.style", ".WRCN {display:none} .risultati .record .[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.virgilio.it.url", "^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+"[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.virginmedia.com.style", ".WRCN {display:none} .result-title .W[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.virginmedia.com.url", "^http\\:\\/\\/search\\.virginmedia\\.co[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.whereis.com.style", ".WRCN {display:none} .priority_url .WRCN [...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.whereis.com.url", "^http\\:\\/\\/www\\.whereis\\.com\\/.*"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.wp.pl.style", ".WRCN {display:none} .rek big .WRCN {display:in[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.wp.pl.url", "^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-link[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.yandex.ru.style", ".WRCN {display:none} .b-serp-item__title-li[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.yandex.ru.url", "^http\\:\\/\\/yandex\\.ru\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.yell.com.style", ".WRCN {display:none} .advert-content .WRCN, [...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.yell.com.url", "^http\\:\\/\\/www\\.yell\\.com\\/.+"); (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.zoznam.sk.style", ".WRCN {display:none} .box_content .link_rig[...] (Toolbar.Ask)
REMPLACÉ FF: [vrk17f22.default] - user_pref("extensions.wrc.SearchRules.zoznam.sk.url", "^http\\:\\/\\/www\\.zoznam\\.sk\\/.+"); (Toolbar.Ask)
REMPLACÉ Opera URL: Home URL=hxxp://www.searchqu.com/406


---\\  Fichier hôte. (0)
~ Aucun élément malicieux trouvé.


---\\  Tâche planifiée. (0)
~ Aucun élément malicieux trouvé.


---\\  Explorateur  ( Dossiers, Fichiers ). (3)
DEPLACÉ: C:\windows\Installer\{33ECC890-C480-4124-B95B-BA36E025B120}\FrameFox.ico [FrameFox Extensions 1.0.7.0] (PUP.FrameFox)
DEPLACÉ: C:\windows\Prefetch\DUUQUUPDATE.EXE-66D15550.pf[] (PUP.Duuqu)
DEPLACÉ: C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe [Bandoo Media Inc.                                                                                                                                                                                                                                                                                           ] (Adware.Bandoo)


---\\  Base de Registres ( Clés, Valeurs, Données ). (24)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR (PUP.Datamngr)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FrameFox Extensions (PUP.FrameFox)
SUPPRIMÉ: HKCR\Installer\Products\098CCE33084C42149BB5AB630E521B02 [FrameFox Extensions 1.0.7.0] (PUP.FrameFox)
SUPPRIMÉ: HKCR\Installer\Features\098CCE33084C42149BB5AB630E521B02 [FrameFox Extensions 1.0.7.0] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{024BA55C-DA05-4FA5-AD24-5EA6D3C7C153} [DuuquUpdate Update3Web] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{486E4A9A-50F4-4DA4-9F50-363FC9F72939} [Duuqu Update Core Class] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{7D79AC47-48F6-40F8-BA34-17677EAEA37C} [Duuqu.OneClickProcessLauncher] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{9EBB6A38-FB41-458F-AC93-B5B4AEEE2C41} [Duuqu Update Broker Class Factory] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{B03E3833-2BAE-439D-A3E6-1AC654BECEDB} [DuuquUpdate Update3Web] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{B6E89C52-A6C8-4839-A5D1-28A7A5EA46D9} [Duuqu Update Core Class] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{B8669E7E-2C40-42DC-8BA0-314D860F5200} [Duuqu Update Legacy On Demand] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{D4B7651E-076D-4BB2-A021-26F6E7A59A48} [DuuquUpdate CredentialDialog] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{D7BEC320-B746-4A47-B289-509214980E2B} [Duuqu Update Legacy On Demand] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{E555444B-4EA6-4B30-A314-49C2D1BE413D} [Duuqu Update Process Launcher Class] (PUP.FrameFox)
SUPPRIMÉ: HKCR\CLSID\{EF0AC81C-F34C-4B2E-B85D-91E4DB1E3E9D} [Duuqu Update Broker Class Factory] (PUP.FrameFox)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DuuquUpdate.exe (PUP.FrameFox)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Duuqu (PUP.FrameFox)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Duuqu Update Helper] (PUP.FrameFox)



---\\ Bilan de la réparation
~ Réparation réalisée avec succès.
~ Ce navigateur est absent  (Google Chrome)
~ Réparation annulée par l'utilisateur  (Mozilla Firefox)


End of clean at 14:04:21