~ ZHPCleaner v2015.9.30.359 by Nicolas Coolman (2015/09/30)
~ Run by user (Administrator)  (30/09/2015 18:46:20)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Nettoyer
~ Report : C:\Users\user\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\user\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Service. (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\  Navigateur internet. (5)
SUPPRIMÉ: [gca60zfo.default] - user_pref("extensions.a6c03cee0ab9442c4a67a50758d658df5a30468fabf5c7acom69063.69063.internaldb.monet[...]  =>PUP.Optional.Monetization
SUPPRIMÉ: [gca60zfo.default] - user_pref("extensions.a6c03cee0ab9442c4a67a50758d658df5a30468fabf5c7acom69063.69063.name", "HQCinema[...]  =>PUP.Optional.CrossRider
SUPPRIMÉ: [gca60zfo.default] - user_pref("extensions.a6c03cee0ab9442c4a67a50758d658df5a30468fabf5c7acom69063.69063.publisher", "HQ [...]  =>PUP.Optional.CrossRider
REMPLACÉ Opera URL: http://www.searchya.com/?f=1&a=syd72&cd=2XzuyEtN2Y1L1QzuyCzzyD0DyEtAtCtBtDtAtC0Czy0EzzyDtN0D0Tzu0CyC[...]  =>PUP.Optional.SearchYa
REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs [http://www.qvo6.com/newtab/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_con[...]]  =>PUP.Optional.Qvo6


---\\  Fichier hôte. (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\  Tâche planifiée. (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\  Explorateur  ( Dossiers, Fichiers ). (19)
DEPLACÉ fichier: C:\Users\user\AppData\Local\searchya-speeddial.crx    =>PUP.Optional.SearchYa
DEPLACÉ fichier: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
DEPLACÉ fichier: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
DEPLACÉ dossier: C:\Program Files (x86)\c4672b16-778f-4dff-aac2-aef07acbfe1c  =>PUP.Optional.CrossRider
DEPLACÉ dossier: C:\Program Files (x86)\gmsd_fr_58  =>PUP.Optional.CrossRider
DEPLACÉ dossier: C:\ProgramData\EmailNotifier  =>PUP.Optional.EmailNotifier
DEPLACÉ dossier: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
DEPLACÉ dossier: C:\Windows\AutoKMS  =>HackTool.AutoKMS
DEPLACÉ dossier: C:\Windows\Installer\MSI187.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSI1D62.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSI25BB.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSI3181.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSI48E5.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSI6944.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSI953.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSIA939.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSIE4A5.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSIEEE0.tmp-  =>Empty
DEPLACÉ dossier: C:\Windows\Installer\MSIFAE.tmp-  =>Empty


---\\  Base de Registres ( Clés, Valeurs, Données ). (69)
SUPPRIMÉ clé: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} [http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}] [DnsBasic] (PUP.Optional.BasicScan)
REMPLACÉ donnée: HKLM\...\BoBrowser.2HLVDPGSKI2343GZCT2VYMWAZ4\Shell\open\Command\\"C:\Users\user\AppData\Local\BoBrowser\Application\bobrowser.exe" http://www.mystartsearch.com/?type=sc&ts=1420499088&from=wpc&uid=ST31000524AS_9VPF0R5SXXXX9VPF0R5S (PUP.Optional.StartSearch)
REMPLACÉ donnée: HKLM\...\Opera\Shell\open\Command\\"C:\Program Files (x86)\Opera\Opera.exe" http://www.mystartsearch.com/?type=sc&ts=1420499088&from=wpc&uid=ST31000524AS_9VPF0R5SXXXX9VPF0R5S (PUP.Optional.StartSearch)
REMPLACÉ donnée: HKLM\...\Orange Adventurer.2HLVDPGSKI2343GZCT2VYMWAZ4\Shell\open\Command\\"C:\Users\user\AppData\Local\Adventurer\Application\adventurer.exe" http://www.mystartsearch.com/?type=sc&ts=1420499088&from=wpc&uid=ST31000524AS_9VPF0R5SXXXX9VPF0R5S (PUP.Optional.StartSearch)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3880b4f6-9b7f-417b-a840-f0052bf8f489} [unisoaLes]  =>PUP.Optional.Multiplug
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3880b4f6-9b7f-417b-a840-f0052bf8f489} []  =>PUP.Optional.Multiplug
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3880b4f6-9b7f-417b-a840-f0052bf8f489} []  =>PUP.Optional.Multiplug
SUPPRIMÉ clé*: [X64] HKLM\Software\Classes\CLSID\{3880b4f6-9b7f-417b-a840-f0052bf8f489} [unisoaLes]  =>PUP.Optional.Multiplug
SUPPRIMÉ clé*: [X64] HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3880b4f6-9b7f-417b-a840-f0052bf8f489} []  =>PUP.Optional.Multiplug
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3880b4f6-9b7f-417b-a840-f0052bf8f489} []  =>PUP.Optional.Multiplug
SUPPRIMÉ clé: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} [http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}]  =>PUP.Optional.BasicScan
SUPPRIMÉ clé: HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A} [http://www.dnsbasic.com/?prt=DNSBASIC111&sp=&keywords={searchTerms}]  =>PUP.Optional.BasicScan
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\BoBrowser.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Clients\StartMenuInternet\Orange Adventurer.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.StartSearch
SUPPRIMÉ clé*: HKCU\Software\HQCinema Pro 2.1V15.02-nv []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: HKCU\Software\HQCinema Pro 2.1V15.02-nv-ie []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155275565} [ICrossriderBHO]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255705596} [ICrossriderBHO]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166276665} [ISandBox]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266706696} [ISandBox]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271165} []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271165} []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111271165} []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271165} []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\925995f4-2c30-4b7c-ba05-e0f6a35c023d []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\ad60776a-a69a-4b54-b66a-48e84f733caf []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\c16e91b5-a720-7fd3-dfb3-6811949e6911 []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\HQCinema Pro 2.1V15.02-nv []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\HQCinema Pro 2.1V15.02-nv-ie []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\esgiguard [C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (Not File)]  =>.Superfluous.SpyHunter
SUPPRIMÉ clé: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\HQCinema Pro 2.1V15.02-nv []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\HQCinema Pro 2.1V15.02-nv-ie []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\NoVooIT []  =>Trojan.Vonteera
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\searchya! []  =>PUP.Optional.SearchYa
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\Classes\.gif [BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4]  =>PUP.Optional.BoBrowser
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\Classes\.jpeg [BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4]  =>PUP.Optional.BoBrowser
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\Classes\.jpg [BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4]  =>PUP.Optional.BoBrowser
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\Classes\.pdf [BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4]  =>PUP.Optional.BoBrowser
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1580924457-2563732265-922674259-1001\Software\Classes\.png [BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4]  =>PUP.Optional.BoBrowser
SUPPRIMÉ clé: HKCU\Software\NoVooIT []  =>Trojan.Vonteera
SUPPRIMÉ clé: HKCU\Software\searchya! []  =>PUP.Optional.SearchYa
SUPPRIMÉ clé*: HKLM\SOFTWARE\Wow6432Node\Policies\Google\Update []  =>PUM.Security.Hijack
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 [BoBrowser HTML Document]  =>PUP.Optional.BoBrowser
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller [SwInstaller Class]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstaller.1 [SwInstaller Class]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Download.SwInstallerAttributes.1 [SwInstallerAttributes Class]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Swdir.SwInstallerCtl.1 [SwInstallerCtl Class]  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\Software\Classes\Installer\Products\ACFD5B980E184AE4A8A0F404781ADD00 [Iminent]  =>PUP.Optional.IMBooster
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Applications\iLividSetup-r484-n-bc.exe []  =>PUP.Optional.Bandoo
SUPPRIMÉ clé*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Iminent []  =>PUP.Optional.IMBooster
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.1.3]  =>HackTool.KMSpico
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\HQCinema Pro 2.1V15.02 []  =>PUP.Optional.CrossRider
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} [Simple Adblock]  =>PUP.Optional.Multiplug
SUPPRIMÉ clé*: [X64] HKLM\Software\Classes\Installer\Features\ACFD5B980E184AE4A8A0F404781ADD00 []  =>PUP.Optional.IMBooster
SUPPRIMÉ valeur: HKLM64\Software\Classes\.htm\OpenWithProgIDs\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\Software\Classes\.html\OpenWithProgIDs\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\Software\Classes\.shtml\OpenWithProgIDs\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\Software\Classes\.webp\OpenWithProgIDs\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\Software\Classes\.xht\OpenWithProgIDs\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse
SUPPRIMÉ valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mbot_fr_186 []  =>PUP.Optional.CrossRider
SUPPRIMÉ valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_60 []  =>PUP.Optional.CrossRider
SUPPRIMÉ valeur: HKLM64\SOFTWARE\Classes\.gif\OpenWithProgids\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\SOFTWARE\Classes\.jpeg\OpenWithProgids\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\SOFTWARE\Classes\.jpg\OpenWithProgids\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\SOFTWARE\Classes\.pdf\OpenWithProgids\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser
SUPPRIMÉ valeur: HKLM64\SOFTWARE\Classes\.png\OpenWithProgids\\BoBrowsHTM.2HLVDPGSKI2343GZCT2VYMWAZ4 []  =>PUP.Optional.BoBrowser


---\\ Bilan de la réparation
~ Réparation réalisée avec succès.


---\\ Statistiques
~ Items scannés : 5040
~ Items trouvés : 0
~ Items annulés : 0
~ Items réparés : 99


~ End of clean in 1 minutes
===================
ZHPCleaner-[R]-30092015-18_48_08.txt
ZHPCleaner-[S]-30092015-18_45_37.txt