télécharges ZHPFIX Si tu ne l'as pas http://www.nicolascoolman.fr/telecharger/ Sélectionne et copie les lignes suivantes ************************************************ Script ZHPFix G2 - GCE: Preference [User Data\Default] [omagekpnikimobacjldnmlkklmiilpgo] [{"background":{"scripts":["background.js"]},"conte] {background:{scripts:[background.js]}content_scrip =>Hijacker.Browser G2 - GCE: Preference [User Data\Default] [paoponfhfdfnjgddpnpjkambkcgdaaib] P2 - EXT FILE: (.High Stairs - .) -- C:\Users\TAMBWE2\AppData\Roaming\Mozilla\Firefox\Profiles\86fx9b4j.default\extensions\{be28873a-c2d6-4b44-983b-199d6f4d5225}.xpi =>PUP.Optional.HighStairs O3 - Toolbar: 0x1AB9EE05F7AE8A4F978FFB83E7B03F8E - [HKCU]{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} . (...) -- C:\Program Files\uTorrentBar_FR\prxtbuTo0.dll (.not file.) =>PUP.Optional.uTorrentBar O42 - Logiciel: High Stairs - (.High Stairs.) [HKLM] -- High Stairs =>PUP.Optional.HighStairs HKLM\SOFTWARE\HighStairs HKCU\SOFTWARE\ICSW1.14 =>Adware.InstallCore HKCU\SOFTWARE\ProductSetup =>Adware.InstallCore HKCU\SOFTWARE\AppDataLow\Software\PriceGong =>PUP.Optional.PriceGong HKCU\SOFTWARE\AppDataLow\Software\Smartbar =>PUP.Optional.QuickShare O43 - CFD: 09/09/2016 - [] D -- C:\Program Files\High Stairs O43 - CFD: 28/07/2014 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhoneSuite_Installer_3.11.40.0 O43 - CFD: 23/09/2014 - [] D -- C:\ProgramData\TopApp soft =>PUP.Optional.TopAppSoft O43 - CFD: 01/08/2014 - [] D -- C:\Users\TAMBWE2\AppData\Roaming\OpenCandy =>PUP.Optional.OpenCandy O43 - CFD: 11/07/2014 - [] D -- C:\Users\TAMBWE2\AppData\Local\TB O43 - CFD: 28/11/2016 - [] D -- C:\Windows\System32\Config\systemprofile\AppData\Local\LavasoftTcpService =>PUP.Optional.LavasoftWebCompanion O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("smartbar.machineId", "CV9AKUQEBNJTDKSNYQVONHORRW6W8EPAOXQSXGE2WM/LJF6VFLAGFL8/PIUVBTNFROT/PR2HRGWHMFWJBJ7WOA"); =>PUP.Optional.SmartBar O69 - SBI: SearchScopes [HKCU] {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} - (Search The Web) - http://www.mystart.com/ =>PUP.Optional.StartSearch C:\Users\TAMBWE2\AppData\Local\Google\Chrome\User Data\Default\Extensions\omagekpnikimobacjldnmlkklmiilpgo =>Hijacker.Browser C:\Users\TAMBWE2\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omagekpnikimobacjldnmlkklmiilpgo =>Hijacker.Browser C:\Users\TAMBWE2\AppData\Roaming\Mozilla\Firefox\Profiles\86fx9b4j.default\extensions\{be28873a-c2d6-4b44-983b-199d6f4d5225}.xpi =>PUP.Optional.HighStairs [HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} =>PUP.Optional.uTorrentBar HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\High Stairs =>PUP.Optional.HighStairs HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\High Stairs =>PUP.Optional.HighStairs C:\ProgramData\TopApp soft =>PUP.Optional.TopAppSoft C:\Users\TAMBWE2\AppData\Roaming\OpenCandy =>PUP.Optional.OpenCandy C:\Windows\System32\Config\systemprofile\AppData\Local\LavasoftTcpService =>PUP.Optional.LavasoftWebCompanion HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} =>PUP.Optional.StartSearch C:\Users\TAMBWE2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage =>PUP.Optional.Multiplug C:\Users\TAMBWE2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal =>PUP.Optional.Multiplug O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) . (.Reimage® - Reimage Real Time Protection.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>.Superfluous.ReimageRepair =>.Superfluous.ReimageRepair SR - Auto [06/11/2016] [ 6542704] Reimage Real Time Protector (ReimageRealTimeProtector) . (.Reimage®.) - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>.Superfluous.ReimageRepair =>.Superfluous.ReimageRepair O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\Reimage Reminder [3444] =>.Superfluous.ReimageRepair O39 - APT: Unknown - (...) -- C:\Windows\System32\Tasks\ReimageUpdater [4280] =>.Superfluous.ReimageRepair O4 - HKCU\..\Run: [Windows-SecureOS] C:\Win32System\Windows-Security.exe (.not file.) O4 - HKCU\..\Run: [AdobeBridge] (.Orphan.) =>.Superfluous.Orphan O4 - HKUS\S-1-5-21-2485271753-2310002785-363397595-1004\..\Run: [Windows-SecureOS] C:\Win32System\Windows-Security.exe (.not file.) O4 - HKUS\S-1-5-21-2485271753-2310002785-363397595-1004\..\Run: [AdobeBridge] (.Orphan.) =>.Superfluous.Orphan [MD5.524FE9FD9114205862403E83A1CE27AE] - (.Reimage® - Reimage Real Time Protection.) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6542704] [PID.3156] =>.Superfluous.ReimageRepair [MD5.1780699C8BBAB4DCB254D0AD494134D8] - (.Reimage® - Reimage System Protection.) -- C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe [6568304] [PID.3216] =>.Superfluous.ReimageRepair P2 - EXT: (.ClientConnect Ltd. - uTorrentBar_FR .) -- C:\Users\TAMBWE2\AppData\Roaming\Mozilla\Firefox\Profiles\86fx9b4j.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>.Superfluous.ClientConnect P2 - EXT: (.Conduit Ltd. - Mario Forever Toolbar.) -- C:\Users\TAMBWE2\AppData\Roaming\Mozilla\Firefox\Profiles\86fx9b4j.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} =>.Superfluous.Conduit R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchinterneat-a.akamaihd.net/ =>.Superfluous.AkamaiHD R3 - URLSearchHook: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} Orphan =>.Superfluous.Orphan R3 - URLSearchHook: (no name) - {707db484-2428-402d-afb5-d85b387544c7} Orphan =>.Superfluous.Orphan O2 - BHO: uTorrentBar_FR - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.ClientConnect Ltd. - Toolbar.) -- C:\Users\TAMBWE2\AppData\LocalLow\uTorrentBar_FR\prxtbuTo2.dll =>.Superfluous.Conduit O3 - Toolbar: uTorrentBar_FR Toolbar - [HKLM]{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (...) -- C:\Program Files\uTorrentBar_FR\prxtbuTo0.dll (.not file.) =>.Superfluous.Conduit O4 - GS\CommonDesktop [Public]: PC Scan & Repair by Reimage.lnk . (.Reimage® - Reimage Downloader.) C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe =>.Superfluous.ReimageRepair O42 - Logiciel: Buzzdock - (.Alactro LLC.) [HKLM] -- {cfd32d46-7d3f-483f-bace-7172aec5592d} =>.Superfluous.BuzzDock O42 - Logiciel: Reimage Repair - (.Reimage.) [HKLM] -- Reimage Repair =>.Superfluous.ReimageRepair HKLM\SOFTWARE\Conduit =>.Superfluous.Conduit HKLM\SOFTWARE\Reimage =>.Superfluous.ReimageRepair HKLM\SOFTWARE\uTorrentBar_FR =>.Superfluous.Conduit HKCU\SOFTWARE\BackgroundContainer =>.Superfluous.Conduit HKCU\SOFTWARE\Conduit =>.Superfluous.Conduit HKCU\SOFTWARE\Reimage =>.Superfluous.ReimageRepair HKCU\SOFTWARE\Tbccint_HKLM =>.Superfluous.Conduit HKCU\SOFTWARE\AppDataLow\Software\BackgroundContainerV3 =>.Superfluous.Conduit HKCU\SOFTWARE\AppDataLow\Software\Conduit =>.Superfluous.Conduit HKCU\SOFTWARE\AppDataLow\Software\ConduitSearchScopes =>.Superfluous.Conduit HKCU\SOFTWARE\AppDataLow\Software\uTorrentBar_FR =>.Superfluous.Conduit O43 - CFD: 27/09/2015 - [] D -- C:\Program Files\Reimage =>.Superfluous.ReimageRepair O43 - CFD: 07/01/2017 - [0] D -- C:\Program Files\Tbccint =>.Superfluous.Conduit O43 - CFD: 27/09/2015 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>.Superfluous.ReimageRepair O43 - CFD: 24/09/2014 - [] D -- C:\ProgramData\InstallMate =>.Superfluous.Tarma O43 - CFD: 09/09/2016 - [] D -- C:\ProgramData\Reimage Protector =>.Superfluous.ReimageRepair O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.FF19Solved", "true"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.UserID", "UN36741344721705116"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.fullUserID", "UN36741344721705116.IN.20131004003058"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.installDate", "04/10/2013 00:31:05"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.installSessionId", "-1"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.installSp", "FALSE"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.installerVersion", "1.7.0.9"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.searchRevert", "FALSE"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.searchUserMode", "1"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.versionFromInstaller", "10.20.0.13"); =>.Superfluous.Conduit O69 - SBI: prefs.js [TAMBWE2 - 86fx9b4j.default] user_pref("CT2851639.xpeMode", "0"); =>.Superfluous.Conduit O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Default) - http://searchinterneat-a.akamaihd.net/ =>.Superfluous.AkamaiHD O69 - SBI: SearchScopes [HKCU] {6C106D83-F7AF-41ED-A6C4-92E20C0AACFB} - (uTorrentBar_FR Customized Web Search) - http://search.conduit.com/ =>.Superfluous.Conduit O69 - SBI: SearchScopes [HKLM] OldSearch - (Mario Forever Customized Web Search) - http://search.conduit.com/ =>.Superfluous.Conduit O69 - SBI: SearchScopes [HKLM] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] - (Default) - http://searchinterneat-a.akamaihd.net/ =>.Superfluous.AkamaiHD HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 =>.Superfluous.Conduit HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS =>.Superfluous.Conduit HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector =>.Superfluous.ReimageRepair C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe =>.Superfluous.ReimageRepair C:\Windows\System32\Tasks\Reimage Reminder =>.Superfluous.ReimageRepair C:\Windows\System32\Tasks\ReimageUpdater =>.Superfluous.ReimageRepair C:\Users\TAMBWE2\AppData\Roaming\Mozilla\Firefox\Profiles\86fx9b4j.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>.Superfluous.ClientConnect C:\Users\TAMBWE2\AppData\Roaming\Mozilla\Firefox\Profiles\86fx9b4j.default\extensions\{707db484-2428-402d-afb5-d85b387544c7} =>.Superfluous.Conduit [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]:{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} =>.Superfluous.Conduit HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d} =>.Superfluous.BuzzDock HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cfd32d46-7d3f-483f-bace-7172aec5592d} =>.Superfluous.BuzzDock C:\Program Files\Tbccint =>.Superfluous.Conduit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>.Superfluous.ReimageRepair C:\ProgramData\InstallMate =>.Superfluous.Tarma C:\ProgramData\Reimage Protector =>.Superfluous.ReimageRepair HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} =>.Superfluous.AkamaiHD HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6C106D83-F7AF-41ED-A6C4-92E20C0AACFB} =>.Superfluous.Conduit HKLM\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch =>.Superfluous.Conduit HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} =>.Superfluous.AkamaiHD HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 =>.Superfluous.Conduit HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS =>.Superfluous.Conduit C:\Users\TAMBWE2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_highstairs-a.akamaihd.net_0.localstorage =>.Superfluous.AkamaiHD C:\Users\TAMBWE2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_highstairs-a.akamaihd.net_0.localstorage-journal =>.Superfluous.AkamaiHD O2 - BHO: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} . (...) -- C:\Program Files\Mario_Forever\tbMari.dll (.not file.) O3 - Toolbar: Mario Forever Toolbar - [HKLM]{707db484-2428-402d-afb5-d85b387544c7} . (...) -- C:\Program Files\Mario_Forever\tbMari.dll (.not file.) HKCU\SOFTWARE\AppDataLow\Toolbar O43 - CFD: 03/10/2013 - [] D -- C:\Program Files\Conduit O43 - CFD: 27/09/2015 - [] D -- C:\Users\TAMBWE2\AppData\Local\Conduit O43 - CFD: 08/11/2015 - [0] D -- C:\Users\TAMBWE2\AppData\Local\CRE [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified SysRestore FirewallRaz EmptyPrefetch EmptyCLSID EmptyFlash Emptytemp ShortcutFix ********************************************** Lance ZHPFIX colles les lignes dans le cadre blanc si elles n'y sont pas tu supprimes avec le bouton GO copies colles C:\Users\....\AppData\Roaming\ZHP\ZHPFix[R1].txt