~ ZHPCleaner v2015.9.8.344 by Nicolas Coolman (2015/09/08) ~ Run by Gaï (Administrator) (09/09/2015 08:17:48) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Pas de fichier réseau ~ Type : Nettoyer ~ Report : C:\Users\Gaï\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Gaï\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 10240) ---\\ Service. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ Navigateur internet. (9) SUPPRIMÉ: [rb6mps2b.default] - user_pref("extensions.a172cfb0d00604ca2807d96193776c90fc73dda8c44c58a81f097dcom65759.65759.internald[...] =>PUP.Optional.Monetization SUPPRIMÉ: [rb6mps2b.default] - user_pref("extensions.a172cfb0d00604ca2807d96193776c90fc73dda8c44c58a81f097dcom65759.65759.name", "C[...] =>PUP.Optional.CrossRider SUPPRIMÉ: [rb6mps2b.default] - user_pref("extensions.a172cfb0d00604ca2807d96193776c90fc73dda8c44c58a81f097dcom65759.65759.publisher[...] =>PUP.Optional.CrossRider SUPPRIMÉ: [rb6mps2b.default] - user_pref("extensions.aa338c5448f724f94af2f11cc4cdd6788a64e7ca7d83cb2cdcom63311.63311.name", "TheTor[...] =>PUP.Optional.TornTV SUPPRIMÉ: [rb6mps2b.default] - user_pref("extensions.crossrider.bic", "14fa7bd0dba892ca87ea760c74761993"); =>PUP.Optional.CrossRider SUPPRIMÉ: [rb6mps2b.default] - user_pref("extensions.xpiState", "{\"app-profile\":{\"172cfb0d00604ca2807d96193776c@90fc73dda8c44c58[...] =>PUP.Optional.CacaoWeb REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1414788112&from=ild&uid=TOSHIBAXMQ01ABD[...]] =>PUP.Optional.StartSearch REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\\Default [http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbEqF9V[...]] =>PUP.Optional.SmartBar REMPLACÉ IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Default_Page_URL [http://www.mystartsearch.com/?type=hp&ts=1414788112&from=ild&uid=TOSHIBAXMQ01ABD[...]] =>PUP.Optional.StartSearch ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (21) ---\\ Tâche planifiée. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ Explorateur ( Dossiers, Fichiers ). (51) DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk [Bad : C:\Users\Gaï\AppData\Roaming\TornTV.com\TornTV Downloader.exe] =>PUP.Optional.TornTV DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\Mozilla\Firefox\Profiles\rb6mps2b.default\searchplugins\WebSearch.xml =>PUP.Optional.SimpleSearches DEPLACÉ fichier*: C:\Users\Gaï\AppData\Roaming\Mozilla\Firefox\Profiles\rb6mps2b.default\Extensions\cacaoweb@cacaoweb.org\chrome =>PUP.Optional.CacaoWeb DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\Mozilla\Firefox\Profiles\rb6mps2b.default\Extensions\cacaoweb@cacaoweb.org\chrome.manifest =>PUP.Optional.CacaoWeb DEPLACÉ fichier*: C:\Users\Gaï\AppData\Roaming\Mozilla\Firefox\Profiles\rb6mps2b.default\Extensions\cacaoweb@cacaoweb.org\defaults =>PUP.Optional.CacaoWeb DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\Mozilla\Firefox\Profiles\rb6mps2b.default\Extensions\cacaoweb@cacaoweb.org\install.rdf =>PUP.Optional.CacaoWeb DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\MTGXQFU.exe [CinemaProV31.10 - CinemaProGoV31.10 exe] =>PUP.Optional.Pirrit DEPLACÉ fichier: C:\Windows\Tasks\MTGXQFU.job =>PUP.Optional.Pirrit DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\WVXPK.exe [esc - TheTorntv V10 exe] =>PUP.Optional.Pirrit DEPLACÉ fichier: C:\Windows\Tasks\WVXPK.job =>PUP.Optional.Pirrit DEPLACÉ fichier: C:\WINDOWS\System32\roboot64.exe [RCP,Advanced System Optimizer - Registry Optimizer] =>PUP.Optional.Systweak DEPLACÉ fichier: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml =>PUP.Optional.StartSearch DEPLACÉ fichier: C:\Users\Gaï\Downloads\cacaoweb nat diagnostics.json =>PUP.Optional.CacaoWeb DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\Bubble Dock.boostrap.log =>PUP.Optional.BubbleDock DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\Bubble Dock.installation.log =>PUP.Optional.BubbleDock DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\WindApp.boostrap.log =>PUP.Optional.Nosibay DEPLACÉ fichier: C:\Users\Gaï\AppData\Roaming\WindApp.installation.log =>PUP.Optional.Nosibay DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\nsoBB34.tmp [CMI Limited - Setup] =>PUP.Optional.CMILimited DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage =>PUP.Optional.PutLocker DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal =>PUP.Optional.PutLocker DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.Chatango DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage =>PUP.Optional.AddLyrics DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal =>PUP.Optional.AddLyrics DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.driverboost.com_0.localstorage =>Superfluous.DriverBoost DEPLACÉ fichier: C:\Users\Gaï\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.driverboost.com_0.localstorage-journal =>Superfluous.DriverBoost DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\Mozilla\Firefox\Profiles\rb6mps2b.default\Extensions\cacaoweb@cacaoweb.org =>PUP.Optional.CacaoWeb DEPLACÉ dossier: C:\Program Files (x86)\AnyProtectEx =>PUP.Optional.AnyProtect DEPLACÉ dossier: C:\Program Files (x86)\globalUpdate =>PUP.Optional.GlobalUpdate DEPLACÉ dossier: C:\Program Files (x86)\LPT =>PUP.Optional.Linkury DEPLACÉ dossier: C:\Program Files (x86)\SmarterPower =>PUP.Optional.SmarterPower DEPLACÉ dossier: C:\Program Files (x86)\SupTab =>PUP.Optional.SupTab DEPLACÉ dossier: C:\ProgramData\8554309264135237880 =>PUP.Optional.CrossRider DEPLACÉ dossier: C:\ProgramData\WindowsMangerProtect =>PUP.Optional.WpManager DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\0V1L2Z2Z1T1I1L1T =>Adware.InstallCore DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\AnyProtectEx =>PUP.Optional.AnyProtect DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\cacaoweb =>PUP.Optional.CacaoWeb DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\Nosibay =>PUP.Optional.SPointer DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\Store =>PUP.Optional.Nosibay DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\sweet-page =>PUP.Optional.SweetPage DEPLACÉ dossier: C:\Users\Gaï\AppData\Roaming\Systweak =>PUP.Optional.Systweak DEPLACÉ dossier: C:\Users\Gaï\Documents\Optimizer Pro =>PUP.Optional.OptimizerPro DEPLACÉ dossier: C:\Users\Gaï\Documents\PC Speed Maximizer =>PUP.Optional.PCSpeedMaximizer DEPLACÉ dossier: C:\Users\Gaï\AppData\Local\globalUpdate =>PUP.Optional.GlobalUpdate DEPLACÉ dossier: C:\Program Files (x86)\Software =>PUP.Optional.Boxore DEPLACÉ dossier: C:\Users\Gaï\AppData\Local\Software =>PUP.Optional.Boxore DEPLACÉ dossier: C:\WINDOWS\Installer\MSI9F43.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIA7B4.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIB908.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSID4A3.tmp- =>Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIE0C9.tmp- =>Empty ---\\ Base de Registres ( Clés, Valeurs, Données ). (23) SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} [http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_47_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0[...]] [Astromenda] (PUP.Optional.Astromenda) SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1414788112&from=ild&uid=TOSHIBAXMQ01ABD075_14CWTDZ7TXX1[...]] [mystartsearch] (PUP.Optional.StartSearch) SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} [http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbEqF9V99oJdlQYhRGO3jKndclF[...]] [SafeFinder Search] (PUP.Optional.SmartBar) SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1414788112&from=ild&uid=TOSHIBAXMQ01ABD075_14CWTDZ7TXX1[...]] [mystartsearch] (PUP.Optional.StartSearch) SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/01&hid=17335093512896288296&l[...]] [WebSearch] (PUP.Optional.SimpleSearches) SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} [http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_47_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0ByD0B0Czy0B0AtAyByBtN0D0Tzu0StCtDyDyCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyE0DyByDyEzztCtGyCyB0A0EtGtDtAtCtAtG0A0B0F0CtGtAzz0C0FtC0D0A0F0Azy0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0FyD0FzyyB0B0AtGtCyCzzyDtGyEyByBtCtG0BtCzy0BtGyCzyyEyE0F0F0F0DyCtB0F0C2Q&cr=750939831&ir=] =>PUP.Optional.Astromenda SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1414788112&from=ild&uid=TOSHIBAXMQ01ABD075_14CWTDZ7TXX14CWTDZ7T&q={searchTerms}] =>PUP.Optional.StartSearch SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} [http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880Sv7sAtbEqF9V99oJdlQYhRGO3jKndclFPDc1wOD1pIU9cCwYGZ066PiH0uQLxFGlnRDHnCPA9u_ry5rkrDg7mP_kMaRH2d56DdHezq8ZEokqD6wUFgLgtfE7qX3F7sqosyZSQXL_U4UOb754UEqVRQZ57dapd65_CbdnkLrxyemQ,,&q={searchTerms}] =>PUP.Optional.SmartBar SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} [http://www.mystartsearch.com/web/?type=ds&ts=1414788112&from=ild&uid=TOSHIBAXMQ01ABD075_14CWTDZ7TXX14CWTDZ7T&q={searchTerms}] =>PUP.Optional.StartSearch SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} [http://websearch.searchfix.info/?l=1&q={searchTerms}&pid=724&r=2014/12/01&hid=17335093512896288296&lg=EN&cc=FR] =>PUP.Optional.SimpleSearches SUPPRIMÉ clé*: HKCU\Software\Store [] =>PUP.Optional.Generic SUPPRIMÉ clé*: HKLM\SOFTWARE\Wow6432Node\Policies\Google\Update [] =>PUM.Security.Hijack SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave [BuyNsave] =>PUP.Optional.BuyNSave SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\BuyNsave.BuyNsave.9 [BuyNsave] =>PUP.Optional.BuyNSave SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\TornTvDownloader.File [] =>PUP.Optional.TornTV SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{bfd6ef22-2bb7-4493-80a8-b534df4b768b} [BuyNsave] =>PUP.Optional.Multiplug SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_AA18D74D75FFA78497B6DFF6BC4431DA ["C:\Users\Gaï\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window] =>PUP.Optional.CrossBrowse SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{9CBBBA54-91B2-437E-92C1-A0444D11E259}C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe] =>PUP.Optional.CacaoWeb SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{4DC071AD-BC71-4015-B6BB-401E8B6E6A93}C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe] =>PUP.Optional.CacaoWeb SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{46405397-964E-47D5-AC43-7B04AAD3F4D7}C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe] =>PUP.Optional.CacaoWeb SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{45CB8A88-A676-4395-BE85-6AEE0AED6FBC}C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gaï\appdata\roaming\cacaoweb\cacaoweb.exe] =>PUP.Optional.CacaoWeb SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{DADFDCDC-0BD1-4BCC-BC32-1F36E7B588E2}C:\users\gaï\appdata\roaming\torntv.com\torntv downloader.exe [C:\users\gaï\appdata\roaming\torntv.com\torntv downloader.exe] =>PUP.Optional.TornTV SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{F6CE0CE9-EC63-498F-BA17-1EA1F2725B8B}C:\users\gaï\appdata\roaming\torntv.com\torntv downloader.exe [C:\users\gaï\appdata\roaming\torntv.com\torntv downloader.exe] =>PUP.Optional.TornTV ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) ---\\ Statistiques ~ Items scannés : 1287 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 90 ~ End of clean in 1 minutes =================== ZHPCleaner-[R]-09092015-08_19_34.txt ZHPCleaner-[S]-09092015-08_17_15.txt