~ ZHPCleaner v2017.3.26.53 by Nicolas Coolman (2017/03/26) ~ Run by ADRI (Administrator) (27/03/2017 22:29:46) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Type : Nettoyer ~ Report : C:\Users\ADRI\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\ADRI\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 14393) ---\\ Service. (1) ARRETÉ : iSafeService =>.Superfluous.Elex ---\\ Navigateur internet. (1) REMPLACÉ Edge Params: HomeButtonPage [http://www.startpageing123.com/?type=hp&ts=1490024711&z=37088c785ab60b2af17e41egfz6t1eceao6z8m3eec&from=che0812&uid=LDLC_07122016A0086] =>Hijacker.StartpageIng123 ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (60) ---\\ Tâche planifiée. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ Explorateur ( Dossiers, Fichiers ). (33) DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [Elex do Brasil Participações Ltda - iSafe Kernel Driver] =>.Superfluous.Elex DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver] =>.Superfluous.Elex DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [Elex do Brasil Participações Ltda - YAC Monitor Driver] =>.Superfluous.Elex DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver] =>.Superfluous.Elex DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [Elex do Brasil Participações Ltda - iSafeSvc] =>.Superfluous.Elex DEPLACÉ fichier: C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP)] =>.Superfluous.Elex DEPLACÉ fichier: C:\Windows\Prefetch\BYTEFENCE.EXE-FAC31F78.pf =>.Superfluous.ByteFence DEPLACÉ fichier: C:\Windows\Prefetch\KMSPICO 10.2.1.EXE-3ABF5F75.pf =>HackTool.KMSpico DEPLACÉ fichier: C:\Windows\Prefetch\KMSPICO10.2.1__8174_IL13.EXE-93F8038E.pf =>HackTool.KMSpico DEPLACÉ fichier: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-78F19D9E.pf =>HackTool.KMSpico DEPLACÉ fichier: C:\Windows\Installer\wix{3973721B-C2ED-4505-98B6-752897ECF2F1}.SchedServiceConfig.rmi =>.Superfluous.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi =>.Superfluous.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{75FE588B-F158-4BB3-A283-A8D18E522A52}.SchedServiceConfig.rmi =>.Superfluous.Empty DEPLACÉ fichier: C:\Users\ADRI\AppData\Local\Temp\wct2039.tmp =>.Superfluous.Temporary.Various DEPLACÉ fichier: C:\Users\ADRI\AppData\Local\Temp\wct285A.tmp =>.Superfluous.Temporary.Various DEPLACÉ fichier: C:\Users\ADRI\AppData\Local\Temp\wct8C16.tmp =>.Superfluous.Temporary.Various DEPLACÉ fichier: C:\Users\ADRI\AppData\Local\Temp\wctAAC6.tmp =>.Superfluous.Temporary.Various DEPLACÉ fichier: C:\Users\ADRI\AppData\Local\Temp\wctCF8A.tmp =>.Superfluous.Temporary.Various DEPLACÉ fichier: C:\Windows\SECOH-QAD.exe =>HackTool.KMSpico DEPLACÉ fichier: C:\Windows\Installer\{BB1104E2-BF22-4754-831E-5A9EE253991C}\_853F67D554F05449430E7E.exe =>.Superfluous.WinSnare DEPLACÉ dossier^: C:\Program Files (x86)\Elex-tech =>.Superfluous.Elex DEPLACÉ dossier: C:\Program Files\KMSpico =>HackTool.KMSpico DEPLACÉ dossier^: C:\Users\ADRI\AppData\Roaming\Elex-tech =>.Superfluous.Elex DEPLACÉ dossier^: C:\Program Files (x86)\Elex-tech\YAC =>.Superfluous.YetAnotherCleaner DEPLACÉ dossier: C:\WINDOWS\Installer\MSI37B2.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI39A7.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI5010.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI52A3.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI8C0E.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI9836.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSID9CD.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIDC49.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIDD26.tmp- =>.Superfluous.Empty ---\\ Base de Registres ( Clés, Valeurs, Données ). (28) SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnl [C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys] =>.Superfluous.Elex SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlKit [C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys] =>.Superfluous.Elex SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlMon [C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys] =>.Superfluous.Elex SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlR3 [C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys] =>.Superfluous.Elex SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeService [C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe] =>.Superfluous.Elex SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeNetFilter [C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys (Not File)] =>.Superfluous.Elex SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\atwola.com [] =>.Superfluous.Atwola SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\uk.at.atwola.com [] =>.Superfluous.Atwola SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\atwola.com [] =>.Superfluous.Atwola SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\uk.at.atwola.com [] =>.Superfluous.Atwola SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bytefence.com [] =>.Superfluous.ByteFence SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\fr.bytefence.com [81] =>.Superfluous.ByteFence SUPPRIMÉ clé*: HKLM\SOFTWARE\Wow6432Node\Firefox [] =>Adware.GhokswaBrowser SUPPRIMÉ clé: HKLM\SOFTWARE\Firefox [] =>Adware.GhokswaBrowser SUPPRIMÉ clé*: [X64] HKLM\Software\Classes\Installer\Products\2E4011BB22FB457438E1A5E92E3599C1 [WinSnare] =>.Superfluous.WinSnare SUPPRIMÉ clé*: [X64] HKLM\Software\Classes\Installer\Products\461D8763BD4837F4FA6D1936241E7046 [BikaQ Rss] =>.Superfluous.BikaQ SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.Superfluous.ByteFence SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.Superfluous.ByteFence SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04BEC1167A09FA954849FDA12DB9ACB0 [C:\Program Files (x86)\WinSnare(4.3.9)\WinSnare.dll (Not File)] =>.Superfluous.WinSnare SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Wow6432Node\Elex-tech [] =>.Superfluous.Elex SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe [ELEX DO BRASIL PARTICIPAÇÕES LTDA] =>.Superfluous.Elex SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3678D164-84DB-4F73-AFD6-916342E10764} [BikaQ] =>.Superfluous.BikaQ SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB1104E2-BF22-4754-831E-5A9EE253991C} [WinSnare] =>.Superfluous.WinSnare SUPPRIMÉ clé*: [X64] HKLM\Software\Classes\Installer\Features\2E4011BB22FB457438E1A5E92E3599C1 [] =>.Superfluous.WinSnare SUPPRIMÉ clé*: HKCU\SOFTWARE\DD6DCB63F2BAD8A587657A1174F45010 [] =>Hijacker.Browser SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\DD6DCB63F2BAD8A587657A1174F45010 [] =>Hijacker.Browser SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{958B932E-5BC2-4B6F-972F-57B2DBCE9C6F}C:\users\adri\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\adri\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{0785B020-7F8E-4472-9F2A-CB2208E80BD3}C:\users\adri\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\adri\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb ---\\ Récapitulatif des éléments trouvés sur votre station. (13) https://www.anti-malware.top/2016/05/18/superfluous-elex/ =>.Superfluous.Elex https://nicolascoolman.eu/2017/03/06/hijacker-startpageing123/ =>Hijacker.StartpageIng123 https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>.Superfluous.ByteFence https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Various https://nicolascoolman.eu/2017/01/12/superfluous-winsnare/ =>.Superfluous.WinSnare https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.YetAnotherCleaner https://nicolascoolman.eu/2017/02/04/superfluous-atwola/ =>.Superfluous.Atwola https://nicolascoolman.eu/2017/02/19/adware-ghokswabrowser/ =>Adware.GhokswaBrowser https://nicolascoolman.eu/2017/02/17/superfluous-bikaq/ =>.Superfluous.BikaQ https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/ =>Hijacker.Browser https://nicolascoolman.eu/2017/01/15/superfluous-cacaoweb/ =>.Superfluous.CacaoWeb ---\\ Nettoyage Additionnel. (14) ~ Suppression des Clés de registre Tracing. (14) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Mozilla Firefox) ~ Ce navigateur est absent (Opera Software) ~ Le système a été redémarré. ---\\ Statistiques ~ Items scannés : 473 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 63 ~ End of clean in 00h01mn06s ~==================== ZHPCleaner-[R]-27032017-22_30_52.txt ZHPCleaner-[S]-27032017-22_29_16.txt