Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPCleaner v2020.6.4.202 by Nicolas Coolman (2020/06/04)
~ Run by Gomez (Administrator) (06/06/2020 19:30:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Nettoyer
~ Report : C:\Users\Gomez\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Gomez\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point :
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
---\\ ALTERNATE DATA STREAM (ADS). (0)
~ Aucun élément malicieux ou superflu trouvé.
---\\ SERVICE. (0)
~ Aucun élément malicieux ou superflu trouvé.
---\\ NAVIGATEUR INTERNET. (0)
~ Aucun élément malicieux ou superflu trouvé.
---\\ FICHIER HÔTE. (1)
~ Le fichier hôte est légitime. (18)
---\\ TÂCHE PLANIFIÉE. (1)
SUPPRIMÉ tâche: [bookingDesktopAppUpdateTaskMachineCore] [C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe (Not File) ] =>PUP.Optional.Booking
---\\ EXPLORATEUR ( Dossiers, Fichiers ). (32)
DEPLACÉ fichier: C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [bookingDesktopApp. - bookingDesktopApp Update] =>PUP.Optional.Booking
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Local Storage\chrome-extension_gfdefkjpjdbiiclhimebabkmclmiiegk_0.localstorage =>Hijacker.Browser
DEPLACÉ fichier: C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [bookingDesktopApp. - bookingDesktopApp Update] =>PUP.Optional.Booking
DEPLACÉ fichier: C:\Windows\Temp\GURB7E9.exe =>Heuristic.Suspect
DEPLACÉ fichier: C:\Users\Gomez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk =>.SUP.GoodGameEmpire
DEPLACÉ fichier*: C:\Program Files (x86)\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ fichier*: C:\ProgramData\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0\background.html =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0\manifest.json =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\background.html =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\background.js =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\config.json =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\manifest.json =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\test.js =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\tr.js =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images\chromium.svg =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images\shadow.png =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk =>Hijacker.Browser [http://dafucah.com/update]
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg =>Hijacker.Browser [http://nuqudop.com/update]
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\System =>Adware.Suspect
DEPLACÉ dossier^: C:\Program Files (x86)\bookingDesktopApp =>PUP.Optional.Booking
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Goodgame Empire =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Documents and Settings\Gomez\Application Data\Microsoft\Windows\Start Menu\Programs\Goodgame Empire =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\Program Files (x86)\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Application Data\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0 =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0 =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images =>Hijacker.Browser
---\\ BASE DE REGISTRES ( Clés, Valeurs, Données ). (48)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@bookingdesktopapp.com/bookingDesktopApp Update;version=3 [bookingDesktopApp.] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@bookingdesktopapp.com/bookingDesktopApp Update;version=9 [bookingDesktopApp.] =>PUP.Optional.Booking
SUPPRIMÉ clé*: HKCU\Software\undefined [AdditionalScan 147] =>.SUP.Downloader
SUPPRIMÉ clé*: HKCU\Software\ProductSetup [AdditionalScan 152] =>Adware.InstallCore
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2264680239-2557701228-1583835890-1000\SOFTWARE\bookingDesktopApp [] =>PUP.Optional.Booking
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2264680239-2557701228-1583835890-1000\SOFTWARE\cacaoweb [C:\Users\Gomez\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)] =>.SUP.CacaoWeb
SUPPRIMÉ clé**: HKCU\Software\bookingDesktopApp [] =>PUP.Optional.Booking
SUPPRIMÉ clé**: HKCU\Software\cacaoweb [C:\Users\Gomez\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)] =>.SUP.CacaoWeb
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com [] =>PUP.Optional.TheBrightTag
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopApp.OneClickCtrl.9 [bookingDesktopApp Update Plugin] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopApp.Update3WebControl.3 [bookingDesktopApp Update Plugin] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoCreateAsync [CoCreateAsync] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoCreateAsync.1.0 [CoCreateAsync] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreClass [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreClass.1 [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreMachineClass [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreMachineClass.1 [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CredentialDialogMachine [GoogleUpdate CredentialDialog] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CredentialDialogMachine.1.0 [GoogleUpdate CredentialDialog] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachine [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachine.1.0 [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachineFallback [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachineFallback.1.0 [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassSvc [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassSvc.1.0 [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.ProcessLauncher [Google Update Process Launcher Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.ProcessLauncher.1.0 [Google Update Process Launcher Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachine [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachine.1.0 [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachineFallback [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachineFallback.1.0 [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebSvc [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebSvc.1.0 [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bookingDesktopAppUpdateTaskMachineCore [] =>PUP.Optional.Booking
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bookingDesktopAppUpdateTaskMachineUA [] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\bookingDesktopApp [] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CB82F79-F13F-4F62-86F7-CAA51E3D58A2} [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AF09D48-D8ED-4444-BC2C-CD2FE457564B} [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Goodgame Empire [Goodgame Empire] =>.SUP.GoodGameEmpire
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{214CE195-79AA-4CA1-9C40-AE44339A8A10} [] =>PUP.Optional.Booking
SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Classes\CLSID\{214CE195-79AA-4CA1-9C40-AE44339A8A10}\InprocServer32 [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\psmachine_64.dll (Not File)] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D} [PSFactoryBuffer] =>PUP.Optional.Booking
SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}\InprocServer32 [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\psmachine_64.dll (Not File)] =>PUP.Optional.Booking
SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5DA9B9AB0E8E3ED495539C3AB185EBA9 ["C:\Users\Gomez\AppData\Local\chromium\Application] =>PUP.Optional.MyBrowser
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{8FA1D564-73BA-46DE-BDA4-838E6804C10F}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{04687BBD-5FA7-496F-BF24-8B2A3FADCE87}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{080D8E42-DF57-4490-A27B-25C1680A6EED}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{338CF3E4-5F6E-4BAE-9738-22B1E9AE4C40}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
---\\ RÉCAPITULATIF DES ÉLÉMENTS TROUVÉS SUR VOTRE STATION. (13)
https://nicolascoolman.eu/forum/Topic/booking-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.Booking
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser
https://nicolascoolman.eu/wp-content/uploads/2019/01/Informations-Sécurité-Zone-antimalware.jpg =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.GoodGameEmpire
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hijacker.Browser [http://dafucah.com/update]
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hijacker.Browser [http://nuqudop.com/update]
https://nicolascoolman.eu/2017/03/02/adware-suspect/ =>Adware.Suspect
https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/ =>Adware.InstallCore
https://nicolascoolman.eu/2017/01/15/superfluous-cacaoweb/ =>.SUP.CacaoWeb
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.TheBrightTag
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser
---\\ NETTOYAGE ADDITIONNEL. (34)
~ Suppression des Clés de registre Tracing. (34)
~ Suppression des anciens rapports ZHPCleaner. (0)
---\\ BILAN DE LA REPARATION
~ Réparation réalisée avec succès.
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Le système a été redémarré.
---\\ STATISTIQUES
~ Items scannés : 1652
~ Items trouvés : 0
~ Items annulés : 0
~ Gain de place (Octets) : 0
~ Items options : 8/15
---\\ OPTIONS DESACTIVÉES
~ Analyse et suppression des fichiers temporaires
~ Analyse et suppression des répertoires temporaires
~ Recherche et suppression des répertoires CLSID vides
~ Recherche et suppression des autres répertoires vides
~ Recherche et suppression des répertoires vides de LocalLow
~ Recherche et suppression des répertoires vides de Local
~ Recherche et suppression des fichiers obsolètes
~ End of clean in 00h01mn51s
---\\ LISTE DES RAPPORTS (3)
ZHPCleaner-[S]-06062020-16_56_55.txt
ZHPCleaner-[S]-06062020-19_25_23.txt
ZHPCleaner-[R]-06062020-19_32_03.txt
~ Run by Gomez (Administrator) (06/06/2020 19:30:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Nettoyer
~ Report : C:\Users\Gomez\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Gomez\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point :
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
---\\ ALTERNATE DATA STREAM (ADS). (0)
~ Aucun élément malicieux ou superflu trouvé.
---\\ SERVICE. (0)
~ Aucun élément malicieux ou superflu trouvé.
---\\ NAVIGATEUR INTERNET. (0)
~ Aucun élément malicieux ou superflu trouvé.
---\\ FICHIER HÔTE. (1)
~ Le fichier hôte est légitime. (18)
---\\ TÂCHE PLANIFIÉE. (1)
SUPPRIMÉ tâche: [bookingDesktopAppUpdateTaskMachineCore] [C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe (Not File) ] =>PUP.Optional.Booking
---\\ EXPLORATEUR ( Dossiers, Fichiers ). (32)
DEPLACÉ fichier: C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [bookingDesktopApp. - bookingDesktopApp Update] =>PUP.Optional.Booking
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Local Storage\chrome-extension_gfdefkjpjdbiiclhimebabkmclmiiegk_0.localstorage =>Hijacker.Browser
DEPLACÉ fichier: C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [bookingDesktopApp. - bookingDesktopApp Update] =>PUP.Optional.Booking
DEPLACÉ fichier: C:\Windows\Temp\GURB7E9.exe =>Heuristic.Suspect
DEPLACÉ fichier: C:\Users\Gomez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk =>.SUP.GoodGameEmpire
DEPLACÉ fichier*: C:\Program Files (x86)\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ fichier*: C:\ProgramData\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0\background.html =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0\manifest.json =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\background.html =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\background.js =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\config.json =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\manifest.json =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\test.js =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\tr.js =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images\chromium.svg =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images\shadow.png =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk =>Hijacker.Browser [http://dafucah.com/update]
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg =>Hijacker.Browser [http://nuqudop.com/update]
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\System =>Adware.Suspect
DEPLACÉ dossier^: C:\Program Files (x86)\bookingDesktopApp =>PUP.Optional.Booking
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Goodgame Empire =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Documents and Settings\Gomez\Application Data\Microsoft\Windows\Start Menu\Programs\Goodgame Empire =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\Program Files (x86)\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Application Data\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0 =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0 =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images =>Hijacker.Browser
---\\ BASE DE REGISTRES ( Clés, Valeurs, Données ). (48)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@bookingdesktopapp.com/bookingDesktopApp Update;version=3 [bookingDesktopApp.] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@bookingdesktopapp.com/bookingDesktopApp Update;version=9 [bookingDesktopApp.] =>PUP.Optional.Booking
SUPPRIMÉ clé*: HKCU\Software\undefined [AdditionalScan 147] =>.SUP.Downloader
SUPPRIMÉ clé*: HKCU\Software\ProductSetup [AdditionalScan 152] =>Adware.InstallCore
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2264680239-2557701228-1583835890-1000\SOFTWARE\bookingDesktopApp [] =>PUP.Optional.Booking
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2264680239-2557701228-1583835890-1000\SOFTWARE\cacaoweb [C:\Users\Gomez\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)] =>.SUP.CacaoWeb
SUPPRIMÉ clé**: HKCU\Software\bookingDesktopApp [] =>PUP.Optional.Booking
SUPPRIMÉ clé**: HKCU\Software\cacaoweb [C:\Users\Gomez\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)] =>.SUP.CacaoWeb
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com [] =>PUP.Optional.TheBrightTag
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopApp.OneClickCtrl.9 [bookingDesktopApp Update Plugin] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopApp.Update3WebControl.3 [bookingDesktopApp Update Plugin] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoCreateAsync [CoCreateAsync] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoCreateAsync.1.0 [CoCreateAsync] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreClass [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreClass.1 [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreMachineClass [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreMachineClass.1 [Google Update Core Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CredentialDialogMachine [GoogleUpdate CredentialDialog] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CredentialDialogMachine.1.0 [GoogleUpdate CredentialDialog] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachine [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachine.1.0 [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachineFallback [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachineFallback.1.0 [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassSvc [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassSvc.1.0 [Google Update Legacy On Demand] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.ProcessLauncher [Google Update Process Launcher Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.ProcessLauncher.1.0 [Google Update Process Launcher Class] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachine [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachine.1.0 [Google Update Broker Class Factory] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachineFallback [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachineFallback.1.0 [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebSvc [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebSvc.1.0 [GoogleUpdate Update3Web] =>PUP.Optional.Booking
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bookingDesktopAppUpdateTaskMachineCore [] =>PUP.Optional.Booking
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bookingDesktopAppUpdateTaskMachineUA [] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\bookingDesktopApp [] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CB82F79-F13F-4F62-86F7-CAA51E3D58A2} [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AF09D48-D8ED-4444-BC2C-CD2FE457564B} [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Goodgame Empire [Goodgame Empire] =>.SUP.GoodGameEmpire
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{214CE195-79AA-4CA1-9C40-AE44339A8A10} [] =>PUP.Optional.Booking
SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Classes\CLSID\{214CE195-79AA-4CA1-9C40-AE44339A8A10}\InprocServer32 [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\psmachine_64.dll (Not File)] =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D} [PSFactoryBuffer] =>PUP.Optional.Booking
SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}\InprocServer32 [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\psmachine_64.dll (Not File)] =>PUP.Optional.Booking
SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5DA9B9AB0E8E3ED495539C3AB185EBA9 ["C:\Users\Gomez\AppData\Local\chromium\Application] =>PUP.Optional.MyBrowser
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{8FA1D564-73BA-46DE-BDA4-838E6804C10F}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{04687BBD-5FA7-496F-BF24-8B2A3FADCE87}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{080D8E42-DF57-4490-A27B-25C1680A6EED}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{338CF3E4-5F6E-4BAE-9738-22B1E9AE4C40}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e] =>.SUP.CacaoWeb
---\\ RÉCAPITULATIF DES ÉLÉMENTS TROUVÉS SUR VOTRE STATION. (13)
https://nicolascoolman.eu/forum/Topic/booking-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.Booking
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser
https://nicolascoolman.eu/wp-content/uploads/2019/01/Informations-Sécurité-Zone-antimalware.jpg =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.GoodGameEmpire
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hijacker.Browser [http://dafucah.com/update]
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hijacker.Browser [http://nuqudop.com/update]
https://nicolascoolman.eu/2017/03/02/adware-suspect/ =>Adware.Suspect
https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/ =>Adware.InstallCore
https://nicolascoolman.eu/2017/01/15/superfluous-cacaoweb/ =>.SUP.CacaoWeb
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.TheBrightTag
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser
---\\ NETTOYAGE ADDITIONNEL. (34)
~ Suppression des Clés de registre Tracing. (34)
~ Suppression des anciens rapports ZHPCleaner. (0)
---\\ BILAN DE LA REPARATION
~ Réparation réalisée avec succès.
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Le système a été redémarré.
---\\ STATISTIQUES
~ Items scannés : 1652
~ Items trouvés : 0
~ Items annulés : 0
~ Gain de place (Octets) : 0
~ Items options : 8/15
---\\ OPTIONS DESACTIVÉES
~ Analyse et suppression des fichiers temporaires
~ Analyse et suppression des répertoires temporaires
~ Recherche et suppression des répertoires CLSID vides
~ Recherche et suppression des autres répertoires vides
~ Recherche et suppression des répertoires vides de LocalLow
~ Recherche et suppression des répertoires vides de Local
~ Recherche et suppression des fichiers obsolètes
~ End of clean in 00h01mn51s
---\\ LISTE DES RAPPORTS (3)
ZHPCleaner-[S]-06062020-16_56_55.txt
ZHPCleaner-[S]-06062020-19_25_23.txt
ZHPCleaner-[R]-06062020-19_32_03.txt