Bonjour,
ton ordinateur est bien infesté
Attention ne plus allez sur le site Softonic, car ils imposent d'installer leur programme du site en plus du logiciel que tu veux installé est sont la cause de ton infection
Quant tu installe un logiel décoher les toolbart ask, babylon ou navigateur ou antivirus etc ..... qu'ils sont souvent la cause des infection
Attention aux télécharchargement en PeerToPeer est souvent la cause de infection
ZHPFix ne sert pas à scanner, mais à supprimé les infections
tu suis bien mais instruction ci-dessous et surtout n'essai pas les autres fonctions
télécharge ZHPFix 1.12.32
Voici le lien : http://telechargement.zebulon.fr/zhpfix.html
une fois installer tu clique droit sur l'icone de ZHPFix puis executer en tant administarteur > une fenêtre vas s'ouvrir > tu sélectionne les ligne en rouge ci-dessous puis copier et clic sur l'icône coller presse papier a coter de l’icône appareil photo (1) et tu clic sur GO (2) > un fois finit, tu refait un scanne avec ZHPdiag et tu le met le rapport ici
Si il te demande de redémarrer, tu le feras après avoir tous supprimer
voici les infections ci-dessous :
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ROC_REG_JAN_DELETE.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\schedule!3036567561.job
O42 - Logiciel: BrowseToSave 1.74 - (.Pas de propriétaire.) [HKLM][64Bits] -- SP_f2a323db
[HKCU\Software\delta LTD]
[HKCU\Software\f0dcdeb13fe910]
[HKLM\Software\Wow6432Node\SP Global]
[HKLM\Software\Wow6432Node\f0dcdeb13fe910]
O43 - CFD: 18/02/2013 - 18:20:56 - [1,473] ----D C:\Program Files (x86)\BrowseToSave
O43 - CFD: 18/02/2013 - 18:23:20 - [0,332] ----D C:\ProgramData\BetterSoft
O43 - CFD: 13/11/2012 - 12:30:26 - [0,601] ----D C:\ProgramData\Windows
[HKCU\Software\delta LTD]
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco]
[HKLM\Software\Wow6432Node\SP Global]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]
[HKLM\Software\Classes\RewardsArcade.BHO]
[HKLM\Software\Classes\RewardsArcade.Sandbox]
[HKLM\Software\Classes\RewardsArcade.Sandbox.1]
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.BHO]
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.Sandbox]
[HKLM\Software\Wow6432Node\Classes\RewardsArcade.Sandbox.1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]
C:\Program Files (x86)\BrowseToSave
[HKLM\Software\Wow6432Node\f0dcdeb13fe910]
[MD5.2960400094498DAE47B36173286D76A0] - (.Pas de propriétaire - Updater.) -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [348160] [PID.3668] => Infection LOP
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com
O2 - BHO: (no name) [64Bits] - {0FB6A909-6086-458F-BD92-1F8EE10042A0} Clé orpheline => Infection BT (Adware.PredictAd)
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) => Infection PUP (PUP.OptimizerPro)
O4 - HKUS\S-1-5-21-3590423902-1677948136-3647505146-1000\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (.not file.) => Infection PUP (PUP.OptimizerPro)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job => Infection Diverse (Trojan.Keygen)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) => Infection Diverse (Trojan.Keygen)
[MD5.2960400094498DAE47B36173286D76A0] [APT] [schedule!3036567561] (...) -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe => Infection LOP
O42 - Logiciel: OptimizerPro - (.BetterSoft.) [HKLM][64Bits] -- OptimizerPro => Infection PUP (PUP.OptimizerPro)
[HKCU\Software\AppDataLow\SProtector] => Infection Diverse (Trojan.Agent)
[HKCU\Software\DataMngr_Toolbar]
[HKCU\Software\InstallCore] => Infection PUP (Adware.InstallCore)
[HKCU\Software\Optimizer Pro] => Infection PUP (PUP.OptimizerPro)
[HKCU\Software\SweetIM] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Babylon] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Wow6432Node\SProtector] => Infection Diverse (Trojan.Agent)
[HKLM\Software\Wow6432Node\SweetIM] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\babylontoolbar] => Infection BT (Toolbar.Babylon)
O43 - CFD: 09/01/2013 - 20:28:45 - [0,016] ----D C:\Users\user\AppData\Roaming\Babylon => Infection BT (Toolbar.Babylon)
O43 - CFD: 09/10/2012 - 12:06:43 - [0] ----D C:\Users\user\AppData\Local\Software => Infection PUP (Adware.Boxore)
O53 - SMSR:HKLM\...\startupreg\DATAMNGR [Key] . (...) -- C:\Program Files (x86)\WIA6EB~1\Datamngr\DATAMN~1.exe (.not file.) => Infection BT (Adware.Bandoo)
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.yhs.delta-search.com => Infection PUP (PUP.ClaroSearch)
[MD5.854BA8341B0468B6B68BE1FD40A6361D] [SPRF][03/01/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\user\AppData\Local\Temp\uninst1.exe [378368] => Infection BT (Toolbar.Babylon)
O87 - FAEL: "{4F7EAFCC-11C9-4A4E-BCE5-8D47581F77A8}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)
O87 - FAEL: "{E819A973-0FE1-4A3C-B9E9-95A0DADAFFB1}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Infection PUP (PUP.SweetIM)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (PUP.ClaroSearch)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}] => Infection BT (Adware.PredictAd)
[HKLM\Software\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}] => Infection PUP (Adware.Bandoo)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Wow6432Node\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Wow6432Node\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}] => Infection PUP (Adware.Bandoo)
[HKLM\Software\Classes\AppID\BrowserConnection.dll]
[HKLM\Software\Classes\AppID\DNSBHO.dll]
[HKLM\Software\Classes\BrowserConnection.Loader]
[HKLM\Software\Classes\BrowserConnection.Loader.1]
[HKLM\Software\Classes\DnsBHO.BHO]
[HKLM\Software\Classes\DnsBHO.BHO.1]
[HKLM\Software\Wow6432Node\BabylonToolbar] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\DataMngr]
[HKCU\Software\AppDataLow\SProtector] => Infection Diverse (Trojan.Agent)
[HKLM\Software\Wow6432Node\SProtector] => Infection Diverse (Trojan.Agent)
[HKCU\Software\SweetIM] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\SweetIM] => Infection PUP (PUP.SweetIM)
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKLM\Software\Classes\Prod.cap]
[HKCU\Software\InstallCore] => Infection PUP (Adware.InstallCore)
[HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] => Infection Diverse (Adware.Dropper)
C:\Users\user\AppData\Roaming\Babylon => Infection BT (Toolbar.Babylon)
C:\Users\user\AppData\Local\Software => Infection PUP (Adware.Boxore)
C:\Users\user\AppData\Local\Temp\uninst1.exe => Infection BT (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1040.25]:dllName="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1040.25]:exeName="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1040.25]:folderName="BrowserProtect" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1040.25]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1040.25]:serviceName="BrowserProtect" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1040.25]:version="2.6.1040.25" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:dllName="BrowserProtect.dll" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:exeName="BrowserProtect.exe" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:folderName="BrowserProtect" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:serviceName="BrowserProtect" => Infection PUP (Toolbar.Babylon)
[HKCU\Software\f0dcdeb13fe910\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" => Infection PUP (Toolbar.Babylon)
O87 - FAEL: "{1AE35E6F-4EFA-4BFC-9712-D64CC15DE825}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{245F472E-08B5-4EE3-B59A-CAECFA6E5A17}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{68EBDFFC-3D25-40AA-843E-E317CBADE772}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O87 - FAEL: "{0F19307E-ADF5-4B0B-9AF2-6D54E3A34E28}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Safer Net Working%Spybot S&D
O4 - HKUS\S-1-5-21-3590423902-1677948136-3647505146-1000\..\Run: [SpybotSD TeaTimer] . (.Safer Networking Limited - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe => Safer Net Working%Spybot S&D
O4 - Global Startup: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe => Safer Net Working%Spybot S&D
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe => Spybot%Search & Destroy
O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM][64Bits] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Limited Spybot - S&D
O43 - CFD: 12/11/2012 - 12:33:38 - [2,751] ----D C:\Program Files (x86)\Spybot - Search & Destroy => Spybot - Search & Destroy
O43 - CFD: 19/02/2013 - 10:19:08 - [5,382] ----D C:\ProgramData\Spybot - Search & Destroy => Spybot - Search & Destroy
O44 - LFC:[MD5.0A10B9DAB8240E2F3F963D02EACABBFC] - 19/02/2013 - 17:11:21 ---A- . (...) -- C:\AdwCleaner[S5].txt [1027]
O44 - LFC:[MD5.1BCD8067C081A6C92DE066FFCF709A02] - 19/02/2013 - 17:07:18 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [5926]
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe => Spybot%Search & Destroy
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) => Peer2Peer.GoforFiles
O42 - Logiciel: Ares 2.1.8 - (.Ares Development Group.) [HKLM][64Bits] -- Ares => Ares Galaxy PeerToPeer
[HKCU\Software\Ares Galaxy Turbo Booster] => Ares Galaxy PeerToPeer
[HKCU\Software\Ares] => Ares Galaxy PeerToPeer
[HKCU\Software\GoforFiles] => Peer2Peer.GoforFiles
[HKLM\Software\Wow6432Node\Ares Galaxy Turbo Booster] => Ares Galaxy PeerToPeer
[HKLM\Software\Wow6432Node\GoforFiles] => Peer2Peer.GoforFiles
O43 - CFD: 06/08/2012 - 20:36:08 - [6,885] ----D C:\Program Files (x86)\Ares => Ares Galaxy PeerToPeer
O43 - CFD: 26/01/2013 - 08:06:02 - [4,444] ----D C:\Program Files (x86)\GoforFiles => Peer2Peer.GoforFiles
O43 - CFD: 04/01/2013 - 23:54:04 - [0] ----D C:\ProgramData\eMule => eMule PeerToPeer
O43 - CFD: 22/08/2012 - 00:21:51 - [3,669] ----D C:\Users\user\AppData\Roaming\Azureus => Azureus PeerToPeer
O43 - CFD: 05/01/2013 - 13:13:06 - [0,005] ----D C:\Users\user\AppData\Roaming\GoforFiles => Peer2Peer.GoforFiles
O43 - CFD: 23/01/2013 - 12:26:57 - [0,428] ----D C:\Users\user\AppData\Local\Ares => Ares Galaxy PeerToPeer
O43 - CFD: 04/01/2013 - 23:58:46 - [0] ----D C:\Users\user\AppData\Local\eMule => eMule PeerToPeer
O87 - FAEL: "{6839AE50-7479-4AFA-BA5F-90228DD66C6C}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) => Peer2Peer.GoforFiles
O87 - FAEL: "{554BD913-5A24-4DD8-A372-58E8BD1477BA}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\GoforFiles\goforfilesdl.exe (.not file.) => Peer2Peer.GoforFiles
R3 - URLSearchHook: (no name) [64Bits] - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) => Toolbar.Conduit
R3 - URLSearchHook: (no name) [64Bits] - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) => Toolbar.Conduit
[MD5.F0876747D83C1067BD71DAAF9F59325F] [APT] [ROC_REG_JAN_DELETE] (...) -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe
[HKCU\Software\AppDataLow\Software\SmartBar] => Toolbar.SmartBar
[HKCU\Software\Softonic] => Toolbar.Conduit
[HKLM\Software\Wow6432Node\AVG Secure Search] => Toolbar.AVGSearch
O43 - CFD: 20/01/2013 - 18:32:01 - [8,430] ----D C:\ProgramData\AVG January 2013 Campaign => Toolbar.AVGSearch
O43 - CFD: 12/11/2012 - 12:56:10 - [0,054] ----D C:\Users\user\AppData\Local\Wajam => Toolbar.Wajam
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] => Toolbar.Wajam
[HKLM\Software\Wow6432Node\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] => Toolbar.Wajam
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] => Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS]
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] => Toolbar.Wajam
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] => Toolbar.uTorrentBar
[HKCU\Software\Softonic] => Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]
C:\ProgramData\AVG January 2013 Campaign => Toolbar.AVGSearc
Passe AdwCleaner Version:1.703 clic sur supprimer
Désactive ton antivirus pendant le téléchargement et l'installation
Télécharge le logiciel AdwCleaner Version:1.703
Voici le lien ci-dessous :
http://general-changelog-team.fr/fr/d ... ls-de-xplode/2-adwcleaner
une fois télécharger tu met le logiciel sur le bureau et clic sur le logiciel , une fois installait clic sur supprimer
refait un scanne avec ZHPDiag
tiens-nous infomés
anthony0371 @ Plus