~ ZHPCleaner v2015.6.21.281 by Nicolas Coolman (2015\06\21) ~ Run by André (Administrator) (22/06/2015 22:13:06) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Netttoyer ~ Report : C:\Users\André\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\André\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) ~ Windows 7, 32-bit Service Pack 1 (Build 7601) ---\\ Service. (0) ~ Aucun élément malicieux trouvé. ---\\ Navigateur internet. (24) SUPPRIMÉ: [lzuieawq.default] - user_pref("DataMngr.Updater.Enabled", "true"); (PUP.Datamngr) SUPPRIMÉ: [lzuieawq.default] - user_pref("browser.search.defaultenginename", "Search Results"); (PUP.SearchResults) SUPPRIMÉ: [lzuieawq.default] - user_pref("browser.search.order.1", "Search Results"); (PUP.SearchResults) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.Fissa.lastRunTime", "Tue, 01 Jan 2002 21:49:25 GMT"); (PUP.OfferBox) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); (Toolbar.Ask) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.asktb.default-channel-url-mask", "http://www.ask.com/web?q={query}&o={o}&l={l}[...] (Toolbar.Ask) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] (Toolbar.Ask) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.enabledAddons", "@FissaPlugin:1.0,ffox@bandoo.com:5.1,ffxtlbr@Facemoods.com:1.[...] (Adware.Facemoods) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.facemoods.aflt", "_#adj"); (Adware.Facemoods) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.facemoods.firstRun", false); (Adware.Facemoods) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.facemoods.lastActv", "1"); (Adware.Facemoods) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{1FD91A9C-410C-4090-BB[...] (Adware.Facemoods) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .ti[...] (Toolbar.Ask) SUPPRIMÉ: [lzuieawq.default] - user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); (Toolbar.Ask) DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\searchplugins\fissa.xml (PUP.OfferBox) [9B14E3C15FC8764DD9F18235A0B3117D] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\plugin@yontoo.com.xpi (Adware.Yontoo) [02FE699652CA0D387CC98D143DBA6C2D] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\chrome (Adware.Facemoods) [] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\chrome.manifest (Adware.Facemoods) [DBBA0DD37CB73F346AD5EA1AC79465EC] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\components (Adware.Facemoods) [] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\content (Adware.Facemoods) [] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\defaults (Adware.Facemoods) [] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\install.rdf (Adware.Facemoods) [782D6C22D8FDA990E6414F4792C11AEB] DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\vssver.scc (Adware.Facemoods) [D3AE9035071FD9AC1FC0CFE5B041128B] SUPPRIMÉ donnée: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : ] (Hijacker.Proxy) ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (21) ---\\ Tâche planifiée. (0) ~ Aucun élément malicieux trouvé. ---\\ Explorateur ( Dossiers, Fichiers ). (80) DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\searchplugins\fissa.xml (PUP.OfferBox) DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\plugin@yontoo.com.xpi (Adware.Yontoo) DEPLACÉ fichier*: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\chrome (Adware.Facemoods) DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\chrome.manifest (Adware.Facemoods) DEPLACÉ fichier^: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\components (Adware.Facemoods) DEPLACÉ fichier^: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\content (Adware.Facemoods) DEPLACÉ fichier*: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\defaults (Adware.Facemoods) DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\install.rdf (Adware.Facemoods) DEPLACÉ fichier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com\vssver.scc (Adware.Facemoods) DEPLACÉ fichier: C:\Program Files\ASUS\Asus WebStorage\BackupService.exe [ECAREME - BackupService] () DEPLACÉ fichier: C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe [Bandoo Media, inc - Data Manager] (PUP.Datamngr) DEPLACÉ fichier: C:\Windows\Prefetch\BANDOOUI.EXE-9DB61FE8.pf (Adware.Bandoo) DEPLACÉ fichier: C:\Windows\Installer\cb119.msi [Aedge Performance BCN SL - InstallShield® 2010 - Professional Edition] (PUP.PCSpeedUp) DEPLACÉ fichier: C:\ProgramData\FullRemove.exe (Suspect.Optional) DEPLACÉ fichier: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe [Tarma Software Research Pty Ltd - Tarma® Installer] (PUP.Tarma) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\{ED68FD02-BC04-4D9F-A509-32980B26056A}\{582D5733-C719-4DD7-A28D-6D9614237856}\offerbox-setup.exe [Aedge Performance BCN SL - OfferBox Browser setup] (PUP.PCSpeedUp) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\{501C2789-170B-411A-B14E-8A63FD03292E}\{582D5733-C719-4DD7-A28D-6D9614237856}\offerbox-setup.exe [Aedge Performance BCN SL - OfferBox Browser setup] (PUP.PCSpeedUp) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\GLF90CB\Bin\PreUninstall.exe [Bandoo Media Inc - Bandoo Uninstall] (Adware.Bandoo) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\GLF6721\Bin\PreUninstall.exe [Bandoo Media Inc - Bandoo Uninstall] (Adware.Bandoo) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\GLF154B\Bin\PreUninstall.exe [Bandoo Media Inc - Bandoo Uninstall] (Adware.Bandoo) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\CT3031777_Softonic.France_.exe (PUP.Softonic) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\IncrediMail_MediaBar_2.exe (PUP.IncrediMediaBar) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\MyBabylonTB.exe [Babylon Ltd. - Babylon Client Setup] (PUP.Babylon) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\Searchqu.ini (PUP.Datamngr) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\searchqutoolbar-manifest.xml (PUP.Datamngr) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\SetupDataMngr_Searchqu.exe (PUP.Datamngr) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\YontooFFClient.xpi (Adware.Yontoo) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\YontooLayers.crx (Adware.Yontoo) DEPLACÉ fichier: C:\Users\André\AppData\Local\Temp\YontooLayers.pem (Adware.Yontoo) DEPLACÉ fichier: C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe [Acresso Software Inc. - InstallShield] (Adware.Facemoods) DEPLACÉ fichier*: C:\Windows\Installer\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}\ARPPRODUCTICON.exe [Acresso Software Inc. - InstallShield] (PUP.OfferBox) DEPLACÉ dossier: C:\Users\André\AppData\Roaming\Mozilla\Firefox\Profiles\lzuieawq.default\Extensions\ffxtlbr@Facemoods.com (Adware.Facemoods) DEPLACÉ dossier: C:\Program Files\IncrediMail_MediaBar_2 (PUP.IncrediMediaBar) DEPLACÉ dossier: C:\Program Files\OfferBox (PUP.OfferBox) DEPLACÉ dossier: C:\Program Files\PlayerSide (Adware.SPointer) DEPLACÉ dossier: C:\Program Files\Windows Searchqu Toolbar (PUP.Datamngr) DEPLACÉ dossier: C:\ProgramData\GamesBar (Adware.GamesBar) DEPLACÉ dossier: C:\ProgramData\Tarma Installer (PUP.Tarma) DEPLACÉ dossier: C:\Users\André\AppData\Roaming\FissaSearch (PUP.OfferBox) DEPLACÉ dossier: C:\Users\André\AppData\Roaming\OfferBox (PUP.OfferBox) DEPLACÉ dossier: C:\Users\André\AppData\LocalLow\facemoods.com (Adware.Facemoods) DEPLACÉ dossier: C:\Users\André\AppData\LocalLow\IncrediMail_MediaBar_2 (PUP.IncrediMediaBar) DEPLACÉ dossier: C:\Users\André\AppData\LocalLow\searchquband (PUP.Datamngr) DEPLACÉ dossier: C:\Users\André\AppData\LocalLow\searchqutoolbar (PUP.Datamngr) DEPLACÉ dossier: C:\Users\André\AppData\Local\playerside Air (Adware.SPointer) DEPLACÉ dossier: C:\Users\André\AppData\LocalLow\Conduit (PUP.Conduit) DEPLACÉ dossier: C:\Users\André\AppData\Local\{DE2E22DB-6943-42BA-8F4A-AB7A332CE043} (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI1C6D.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI2074.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI25B3.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI2A17.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI2FD2.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI336C.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI353D.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI36A8.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI4D57.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI5766.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI5D21.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI7BA1.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI8D3E.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI92FA.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSI9DE1.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIBA19.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIBDC3.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIBE91.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIC0D0.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIC9AD.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSICF1B.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSID266.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSID5B1.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSID71E.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIDAE5.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIDE80.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIE1CB.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIE6FA.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIEA26.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIF2CA.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIF7AB.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIFB73.tmp- (Empty) DEPLACÉ dossier: C:\windows\Installer\MSIFF1C.tmp- (Empty) ---\\ Base de Registres ( Clés, Valeurs, Données ). (84) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} [http://dts.search-results.com/sr?src=ieb&appid=0&systemid=101&q={searchTerms}] [Search Results] (Adware.Bandoo) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} [http://www.fissa.com/fr/results/?s=b&c=11071412545&suid=EqAnS6I9l&d=8&pid=29&q={searchTerms}] [Fissa] (PUP.OfferBox) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=19emmRiNyOG] [MyStart Search] (Spyware.VMNToolbar) SUPPRIMÉ clé: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} [http://dts.search-results.com/sr?src=ieb&appid=0&systemid=101&q={searchTerms}] [Search Results] (Adware.Bandoo) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} [http://dts.search-results.com/sr?src=ieb&appid=0&systemid=101&q={searchTerms}] (Adware.Bandoo) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} [http://www.fissa.com/fr/results/?s=b&c=11071412545&suid=EqAnS6I9l&d=8&pid=29&q={searchTerms}] (PUP.OfferBox) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A} [http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=19emmRiNyOG] (Spyware.VMNToolbar) SUPPRIMÉ clé: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} [http://dts.search-results.com/sr?src=ieb&appid=0&systemid=101&q={searchTerms}] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}\1.0 [BandooCore 1.0 Type Library] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971} [BandooCore 1.0 Type Library] (Adware.Bandoo) SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-628526377-1225055562-3958403308-1000\Software\DataMngr [] (PUP.Datamngr) SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-628526377-1225055562-3958403308-1000\Software\DataMngr_Toolbar [] (Adware.Bandoo) SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-628526377-1225055562-3958403308-1000\Software\FissaSearch [] (PUP.OfferBox) SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-628526377-1225055562-3958403308-1000\Software\ImInstaller [] (Toolbar.IncrediMail) SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-628526377-1225055562-3958403308-1000\Software\OfferBox [] (PUP.OfferBox) SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-628526377-1225055562-3958403308-1000\Software\Softonic [] (PUP.Softonic) SUPPRIMÉ clé: HKCU\Software\DataMngr [] (PUP.Datamngr) SUPPRIMÉ clé: HKCU\Software\DataMngr_Toolbar [] (Adware.Bandoo) SUPPRIMÉ clé: HKCU\Software\FissaSearch [] (PUP.OfferBox) SUPPRIMÉ clé: HKCU\Software\ImInstaller [] (Toolbar.IncrediMail) SUPPRIMÉ clé: HKCU\Software\OfferBox [] (PUP.OfferBox) SUPPRIMÉ clé: HKCU\Software\Softonic [] (PUP.Softonic) SUPPRIMÉ clé*: HKCU\Software\AppDataLow\Software\searchqutoolbar [] (PUP.Datamngr) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Conduit.Engine [] (PUP.Conduit) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard [UrlHelper Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1 [UrlHelper Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} [IApi] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} [ILayers] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [IescrtHlpr] (Adware.Facemoods) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] (Adware.Facemoods) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5} [IGetResourceCallback] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL [] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\AppID\bandoocore.exe [] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.BandooCore [BandooCore Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1 [BandooCore Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr [ResourcesMngr Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1 [ResourcesMngr Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr [SettingsMngr Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1 [SettingsMngr Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr [StatisticMngr Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1 [StatisticMngr Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr [CescrtHlpr Object] (Adware.Facemoods) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 [CescrtHlpr Object] (Adware.Facemoods) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Toolbar.CT2545112 [] (PUP.Conduit) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Toolbar.CT2724386 [] (PUP.Conduit) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\YontooIEClient.Api [Yontoo Layers Api] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 [Yontoo Layers Api] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\YontooIEClient.Layers [Yontoo Layers] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 [Yontoo Layers] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\Software\Classes\Installer\Products\9888910D6677B424BA181FF6E8DDEF4F [Facemoods] (Adware.Facemoods) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644} [BandooCore] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C} [BandooCore Class] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} [Yontoo Layers Api] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Bandoo [] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\FissaSearch [] (PUP.OfferBox) SUPPRIMÉ clé*: HKLM\SOFTWARE\ImInstaller [] (Toolbar.IncrediMail) SUPPRIMÉ clé*: HKLM\SOFTWARE\OfferBox [] (PUP.OfferBox) SUPPRIMÉ clé*: HKLM\SOFTWARE\Tarma Installer [] (PUP.Tarma) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} [Yontoo LLC] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0198889-7766-424B-AB81-F16F8EDDFEF4} [Aedge Performance BCN SL] (PUP.PCSpeedUp) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B73C054-A2BF-44AF-BC67-F1B9F219DA86} [C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar (Not File)] (PUP.Datamngr) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{328D1702-8C8E-4E5F-A371-9CA7978E3A42} [C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar (Not File)] (PUP.Datamngr) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AF3046A-2DF7-4F37-8AF8-1A1198207DF5} [C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar (Not File)] (PUP.Datamngr) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} [C:\Program Files\Bandoo (Not File)] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} [C:\Program Files\Bandoo (Not File)] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7} [C:\PROGRA~1\WIA6EB~1\Datamngr\ToolBar (Not File)] (PUP.Datamngr) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} [C:\Program Files\Bandoo (Not File)] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} [C:\Program Files\Bandoo (Not File)] (Adware.Bandoo) SUPPRIMÉ clé*: HKLM\Software\Classes\Installer\Features\9888910D6677B424BA181FF6E8DDEF4F [Acresso Software Inc.] (Adware.Facemoods) SUPPRIMÉ clé*: HKLM\Software\Classes\Installer\Products\BA172DB42E6685D4FA8808EFB370074C [Fissa] (PUP.OfferBox) SUPPRIMÉ clé*: HKLM\Software\Classes\Installer\Features\BA172DB42E6685D4FA8808EFB370074C [Acresso Software Inc.] (PUP.OfferBox) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} [PSFactoryBuffer] (Adware.Yontoo) SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InprocServer32 [C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Not File)] (Adware.Yontoo) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC} [CescrtHlpr Object] (Adware.Facemoods) SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\InprocServer32 [C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (Not File)] (Adware.Facemoods) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} [UrlHelper Class] (PUP.Datamngr) SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\InprocServer32 [c:\progra~1\wia6eb~1\datamngr\iebho.dll (Not File)] (PUP.Datamngr) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} [ErrorFilter Class] (PUP.Datamngr) SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}\InprocServer32 [c:\progra~1\wia6eb~1\datamngr\iebho.dll (Not File)] (PUP.Datamngr) SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78} [escrtBtn Object] (Adware.Facemoods) SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32 [C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (Not File)] (Adware.Facemoods) SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32 [C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Not File)] (Adware.Yontoo) SUPPRIMÉ valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EeeStorageBackup [C:\Program Files\ASUS\Asus WebStorage\BackupService.exe] () SUPPRIMÉ valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR [C:\PROGRA~1\WIA6EB~1\Datamngr\DATAMN~1.EXE] (PUP.Datamngr) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) ~ Le système a été redémarré. ---\\ Statistiques ~ Items scannés : 2380 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 188 End of clean at 22:16:17 =================== ZHPCleaner-[R]-22062015-22_16_17.txt ZHPCleaner-[S]-22062015-22_12_19.txt