~ ZHPCleaner v2016.1.22.14 by Nicolas Coolman (2016/01/22) ~ Run by Quentin Heraud (Administrator) (24/01/2016 21:27:22) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Nettoyer ~ Report : C:\Users\Quentin Heraud\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Quentin Heraud\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 10586) ---\\ Service. (2) ARRETÉ : WdMan =>PUP.Optional.WdsManPro ARRETÉ : YSearchUtilSvc =>.Superfluous.YahooSearch ---\\ Navigateur internet. (14) REMPLACÉ Chrome Preferences: "http://www.yoursites123.com/" =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [http://www.yoursites123.com/?type=hp&ts=1452679761&z=83815c97da5b71b16298384g5z2[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL [http://www.yoursites123.com/web/?type=ds&ts=1449845383&z=e98dcd3cc7dd6505c299b8e[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page [http://www.yoursites123.com/web/?type=ds&ts=1449845383&z=e98dcd3cc7dd6505c299b8e[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [http://www.yoursites123.com/?type=hp&ts=1452679761&z=83815c97da5b71b16298384g5z2[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [http://www.omniboxes.com/web/?type=ds&ts=1448612043&z=e021ca4ab06244c32b91330g8z[...]] =>PUP.Optional.Omniboxes REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.yoursites123.com/?type=hp&ts=1452679761&z=83815c97da5b71b16298384g5z2[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Search Page [http://www.omniboxes.com/web/?type=ds&ts=1448612043&z=e021ca4ab06244c32b91330g8z[...]] =>PUP.Optional.Omniboxes REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [http://www.yoursites123.com/?type=hp&ts=1452679761&z=83815c97da5b71b16298384g5z2[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Default_Search_URL [http://yoursites123.com/web?type=ds&ts=1452679761&z=83815c97da5b71b16298384g5z2w[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.yoursites123.com/?type=hp&ts=1452679761&z=83815c97da5b71b16298384g5z2[...]] =>PUP.Optional.YourSites123 REMPLACÉ IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Search Page [http://yoursites123.com/web?type=ds&ts=1452679761&z=83815c97da5b71b16298384g5z2w[...]] =>PUP.Optional.YourSites123 REMPLACÉ Quicklaunch: C:\Users\Quentin Heraud\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://www.yoursites123.com/?type=sc&ts=1452679761&z=83815c97da5b71b16298384g5z2w0o5q3m6tbm1q3o&from=ient07021&uid=WDCXWD5000BPVT-22A1YT0_WD-WX21CC1E3687E3687] =>Hijacker.Browser REMPLACÉ TaskBar: C:\Users\Quentin Heraud\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [Bad : http://www.yoursites123.com/?type=sc&ts=1449845383&z=e98dcd3cc7dd6505c299b8eg0z6z5t5b9zawac6bbq&from=ient07021&uid=WDCXWD5000BPVT-22A1YT0_WD-WX21CC1E3687E3687] =>Hijacker.Browser ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (21) ---\\ Tâche planifiée. (2) SUPPRIMÉ tâche: [crash_service] [C:\Users\Quentin Heraud\AppData\Local\BoBrowser\Application\crash_service.exe (Not File) ] =>PUP.Optional.BoBrowser SUPPRIMÉ tâche: [Run_Bobby_Browser] [C:\Users\Quentin Heraud\AppData\Local\BoBrowser\Application\bobrowser.exe (Not File) ] =>PUP.Optional.BoBrowser ---\\ Explorateur ( Dossiers, Fichiers ). (39) DEPLACÉ fichier: C:\ProgramData\TempMoudleSet\MustangSer3133.exe [MustangService - ] =>.Superfluous.MustangBrowser DEPLACÉ fichier: C:\ProgramData\UWdMU\WdMan.exe [TU-Funs LIMITED - TU-Funs] =>PUP.Optional.WdsManPro DEPLACÉ fichier: C:\WINDOWS\System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 =>PUP.Optional.CrossRider DEPLACÉ fichier: C:\Windows\Prefetch\PICEXA.EXE-F91789A2.pf =>PUP.Optional.Picexa DEPLACÉ fichier*: C:\ProgramData\ZWdMZ\WdMan.exe [TFuns LIMITED - TFuns] =>PUP.Optional.WdsManPro DEPLACÉ fichier: C:\Users\Quentin Heraud\AppData\Roaming\Bubble Dock.boostrap.log =>PUP.Optional.BubbleDock DEPLACÉ fichier: C:\Users\Quentin Heraud\AppData\Roaming\Bubble Dock.installation.log =>PUP.Optional.BubbleDock DEPLACÉ fichier: C:\Users\Quentin Heraud\AppData\Roaming\WindApp.boostrap.log =>PUP.Optional.Nosibay DEPLACÉ fichier: C:\Users\Quentin Heraud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango DEPLACÉ fichier: C:\Users\Quentin Heraud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.Chatango DEPLACÉ fichier: C:\Users\Quentin Heraud\AppData\Local\Microsoft\Windows\INetCache\IE\EFL10U1N\picexa[1].exe =>PUP.Optional.Picexa DEPLACÉ fichier: C:\WINDOWS\System32\log\iSafeKrnlCall.log =>PUP.Optional.YetAnotherCleaner DEPLACÉ dossier: C:\ProgramData\UWdMU =>PUP.Optional.WdsManPro DEPLACÉ dossier: C:\ProgramData\ZWdMZ =>PUP.Optional.WdsManPro DEPLACÉ dossier: C:\ProgramData\cWMiniProc =>PUP.Optional.WdsManPro DEPLACÉ dossier: C:\ProgramData\MailUpdate =>PUP.Optional.MailUpdate DEPLACÉ dossier: C:\ProgramData\TempMoudleSet =>.Superfluous.MustangBrowser DEPLACÉ dossier: C:\Users\Quentin Heraud\AppData\Roaming\eCyber =>PUP.Optional.Elex DEPLACÉ dossier: C:\Users\Quentin Heraud\AppData\Roaming\MailUpdate =>PUP.Optional.MailUpdate DEPLACÉ dossier: C:\Users\Quentin Heraud\AppData\Roaming\WinZipper =>.Superfluous.WinZipper DEPLACÉ dossier: C:\Program Files (x86)\Software =>PUP.Optional.Boxore DEPLACÉ dossier: C:\Users\Quentin Heraud\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ DEPLACÉ dossier: C:\Users\Quentin Heraud\AppData\Local\Software =>PUP.Optional.Boxore DEPLACÉ dossier: C:\WINDOWS\Installer\MSI141F.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI29CE.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI2BC0.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI4138.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI424F.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI4AD1.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI5CBF.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI6442.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI6DB0.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI6EB7.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI8631.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI9BB3.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI9DE8.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIA0F0.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIB6D7.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIF364.tmp- =>Empty ---\\ Base de Registres ( Clés, Valeurs, Données ). (49) REMPLACÉ donnée: HKLM\...\Google Chrome.J4MLJ25FRNQG2UBIVQIRYB5MBE\Shell\open\Command\\"c:\users\quentin heraud\appdata\local\google\chrome\application\chrome.exe" http://www.yoursites123.com/?type=sc&ts=1452679761&z=83815c97da5b71b16298384g5z2w0o5q3m6tbm1q3o&from=ient07021&uid=WDCXWD5000BPVT-22A1YT0_WD-WX21CC1E3687E3687 (PUP.Optional.YourSites123) REMPLACÉ donnée: HKLM\...\IEXPLORE.EXE\Shell\open\Command\\C:\Program Files\Internet Explorer\iexplore.exe http://www.yoursites123.com/?type=sc&ts=1452679761&z=83815c97da5b71b16298384g5z2w0o5q3m6tbm1q3o&from=ient07021&uid=WDCXWD5000BPVT-22A1YT0_WD-WX21CC1E3687E3687 (PUP.Optional.YourSites123) SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1cc2bb80-20ab-43e5-b958-432d72b546ca} [Great Find] =>PUP.Optional.GreatFind SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\MustangService_2015_10_10 [C:\ProgramData\TempMoudleSet\MustangSer3133.exe (Not File)] =>.Superfluous.MustangBrowser SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\WdMan [C:\ProgramData\UWdMU\WdMan.exe (Not File)] =>PUP.Optional.WdsManPro SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\YSearchUtilSvc ["C:\Program Files (x86)\Yahoo!\yset\{D2428156-F05D-5D4C-82E4-2324B44EC82A}\YSearchUtilSvc.exe" (Not File)] =>.Superfluous.YahooSearch SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535529} [ICrossriderBHO] =>PUP.Optional.CrossRider SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536629} [ISandBox] =>PUP.Optional.CrossRider SUPPRIMÉ clé: HKLM\SYSTEM\CurrentControlSet\Services\MustangService_2015_10_10 [C:\ProgramData\TempMoudleSet\MustangSer3133.exe (Not File)] =>.Superfluous.MustangBrowser SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\PicexaService [C:\Program Files (x86)\Picexa\PicexaSvc.exe (Not File)] =>PUP.Optional.Picexa SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bubble Dock ["C:\Users\Quentin Heraud\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup (Not File)] =>PUP.Optional.BubbleDock SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro [C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (Not File)] =>PUP.Optional.OptimizerPro SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\BoBrowser [] =>PUP.Optional.BoBrowser SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\MustangExt [] =>.Superfluous.MustangBrowser SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\Nosibay [] =>PUP.Optional.SPointer SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\V9 [] =>PUP.Optional.V9Software SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\Classes\.ico [PicexaViewer.ico] =>PUP.Optional.Picexa SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\Classes\.jpe [PicexaViewer.jpg] =>PUP.Optional.Picexa SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\Classes\.jpeg [PicexaViewer.jpg] =>PUP.Optional.Picexa SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2268630317-1882049674-2691067573-1001\SOFTWARE\Classes\.tif [PicexaViewer.tif] =>PUP.Optional.Picexa SUPPRIMÉ clé: HKCU\Software\BoBrowser [] =>PUP.Optional.BoBrowser SUPPRIMÉ clé: HKCU\Software\MustangExt [] =>.Superfluous.MustangBrowser SUPPRIMÉ clé: HKCU\Software\Nosibay [] =>PUP.Optional.SPointer SUPPRIMÉ clé: HKCU\Software\V9 [] =>PUP.Optional.V9Software SUPPRIMÉ clé*: HKCU\Software\AppDataLow\Software\DynConIE [] =>PUP.Optional.DynConIE SUPPRIMÉ clé*: HKCU\Software\AppDataLow\Software\Smartbar [] =>PUP.Optional.QuickShare SUPPRIMÉ clé*: HKCU\Software\TeleCharger [] =>.Superfluous.Downloader SUPPRIMÉ clé*: HKCU\Software\undefined [] =>.Superfluous.Downloader SUPPRIMÉ clé*: HKCU\Software\Store [] =>PUP.Optional.Generic SUPPRIMÉ clé*: HKLM\SOFTWARE\Wow6432Node\Tsv [] =>PUP.Optional.Elex SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mailUpdate [] =>PUP.Optional.MailUpdate SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PicexaService [] =>PUP.Optional.Picexa SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro [] =>PUP.Optional.WdsManPro SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc [] =>.Superfluous.WinZipper SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5 [] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D [] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20 [] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B [] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5 [] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC [] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739 [] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Clara [] =>PUP.Optional.SupTab SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\delta-homesSoftware [] =>Toolbar.DeltaSearch SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\istartsurfSoftware [] =>PUP.Optional.IsStart SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\omniboxesSoftware [] =>PUP.Optional.Omniboxes SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\V9 [] =>PUP.Optional.V9Software SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\yoursites123Software [] =>PUP.Optional.YourSites123 SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet [Yahoo Inc.] =>.Superfluous.YahooSearch SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} [GreenTree Applications SRL] =>.Superfluous.GreenTreeApp ---\\ Récapitulatif des éléments trouvés sur votre station. (31) http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.WdsManPro http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.YahooSearch http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.YourSites123 http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Omniboxes http://www.nicolascoolman.fr/?p=4664 =>Hijacker.Browser http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.BoBrowser http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.MustangBrowser http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Picexa http://www.nicolascoolman.fr/?p=177 =>PUP.Optional.BubbleDock http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Nosibay http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Chatango http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.YetAnotherCleaner http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.MailUpdate http://www.nicolascoolman.fr/?p=996 =>PUP.Optional.Elex http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.WinZipper http://www.nicolascoolman.fr/?p=90 =>PUP.Optional.Boxore http://www.nicolascoolman.fr/?p=679 =>PUP.Optional.DomaIQ http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.GreatFind http://www.nicolascoolman.fr/?p=324 =>PUP.Optional.OptimizerPro http://www.nicolascoolman.fr/?p=205 =>PUP.Optional.SPointer http://www.nicolascoolman.fr/?p=556 =>PUP.Optional.V9Software http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.DynConIE http://www.nicolascoolman.fr/?p=433 =>PUP.Optional.QuickShare http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.Downloader http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Generic http://www.nicolascoolman.fr/?p=224 =>PUP.Optional.IMBooster http://www.nicolascoolman.fr/?p=297 =>PUP.Optional.SupTab http://www.nicolascoolman.fr/?p=273 =>Toolbar.DeltaSearch http://www.nicolascoolman.fr/pup-isstart/ =>PUP.Optional.IsStart http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.GreenTreeApp ---\\ Nettoyage Additionnel. (10) ~ Suppression des Clés de registre Tracing. (10) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Mozilla Firefox) ~ Ce navigateur est absent (Opera Software) ---\\ Statistiques ~ Items scannés : 245 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 108 ~ End of clean in 00h01mn17s =================== ZHPCleaner-[R]-24012016-21_28_39.txt ZHPCleaner-[S]-24012016-21_26_45.txt