~ ZHPCleaner v2016.7.24.88 by Nicolas Coolman (2016/07/24) ~ Run by damien (Administrator) (27/07/2016 12:31:06) ~ Site : http://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Nettoyer ~ Report : C:\Users\damien\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\damien\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows VISTA, 32-bit Service Pack 2 (Build 6002) ---\\ Service. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ Navigateur internet. (8) SUPPRIMÉ: [qj5l4e3g.default] - user_pref("DataMngr.Updater.Enabled", "true"); =>PUP.Optional.Datamngr SUPPRIMÉ: [qj5l4e3g.default] - user_pref("browser.search.defaultenginename", "Search Results"); =>PUP.Optional.SearchResults SUPPRIMÉ: [qj5l4e3g.default] - user_pref("browser.search.order.1", "Search Results"); =>PUP.Optional.SearchResults SUPPRIMÉ: [qj5l4e3g.default] - user_pref("extensions.cacaoweb.firstRun", 0); =>.Superfluous.CacaoWeb SUPPRIMÉ: [qj5l4e3g.default] - user_pref("extensions.facemoods.aflt", "_#bfus"); =>PUP.Optional.Facemoods SUPPRIMÉ: [qj5l4e3g.default] - user_pref("extensions.facemoods.firstRun", false); =>PUP.Optional.Facemoods SUPPRIMÉ: [qj5l4e3g.default] - user_pref("extensions.facemoods.lastActv", "12"); =>PUP.Optional.Facemoods SUPPRIMÉ donnée: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : ;*.local] =>Hijacker.Proxy ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (20) ---\\ Tâche planifiée. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ Explorateur ( Dossiers, Fichiers ). (72) DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk [Bad : C:\Users\damien\AppData\Local\iLivid\iLivid.exe] =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\searchplugins\Search_Results.xml =>PUP.Optional.SearchResults DEPLACÉ fichier*: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\Extensions\cacaoweb@cacaoweb.org\chrome =>.Superfluous.CacaoWeb DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\Extensions\cacaoweb@cacaoweb.org\chrome.manifest =>.Superfluous.CacaoWeb DEPLACÉ fichier*: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\Extensions\cacaoweb@cacaoweb.org\defaults =>.Superfluous.CacaoWeb DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\Extensions\cacaoweb@cacaoweb.org\install.rdf =>.Superfluous.CacaoWeb DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\ilividtoolbarguid\apnuserid.dat =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\ilividtoolbarguid\appid.dat =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\ilividtoolbarguid\geodata.xml =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\ilividtoolbarguid\guid.dat =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\ilividtoolbarguid\setupCfg.xml =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\ilividtoolbarguid\sysid.dat =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\ilividtoolbarguid\trackid.dat =>PUP.Optional.Bandoo DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png =>PUP.Optional.WeatherBug DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png =>PUP.Optional.WeatherBug DEPLACÉ fichier: C:\HELP_DECRYPT.HTML =>CryptoWall.Trace DEPLACÉ fichier: C:\HELP_DECRYPT.PNG =>CryptoWall.Trace DEPLACÉ fichier: C:\HELP_DECRYPT.TXT =>CryptoWall.Trace DEPLACÉ fichier: C:\HELP_DECRYPT.URL =>CryptoWall.Trace DEPLACÉ fichier: C:\Windows\Temp\closing.exe =>Heuristic.Suspect DEPLACÉ fichier: C:\Windows\Temp\deveject.exe =>Heuristic.Suspect DEPLACÉ fichier: C:\Windows\Temp\GUR20D7.exe =>Heuristic.Suspect DEPLACÉ fichier: C:\Windows\Temp\GUR2617.exe =>Heuristic.Suspect DEPLACÉ fichier: C:\Windows\Prefetch\CACAOWEB.EXE-DDC83D65.pf =>.Superfluous.CacaoWeb DEPLACÉ fichier: C:\Windows\Prefetch\REIMAGEREPAIR.EXE-217DF8A6.pf =>.Superfluous.ReimageRepair DEPLACÉ fichier: C:\ProgramData\InstallMate\{1A48A935-F5EF-4747-9A11-2F7C65BB2D90}\Setup.exe [Tarma Software Research Pty Ltd - Tarma® InstallMate Setup] =>.Superfluous.Tarma DEPLACÉ fichier: C:\ProgramData\InstallMate\{1A48A935-F5EF-4747-9A11-2F7C65BB2D90}\TsuDll.dll [Tarma Software Research Pty Ltd - Tarma® InstallMate Setup Library] =>.Superfluous.Tarma DEPLACÉ fichier: C:\Users\damien\Downloads\cacaoweb.exe =>.Superfluous.CacaoWeb DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\HELP_DECRYPT.HTML =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\HELP_DECRYPT.PNG =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\HELP_DECRYPT.TXT =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\HELP_DECRYPT.URL =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Local\HELP_DECRYPT.HTML =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Local\HELP_DECRYPT.PNG =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Local\HELP_DECRYPT.TXT =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Local\HELP_DECRYPT.URL =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage =>.Superfluous.CloudfrontNet DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal =>.Superfluous.CloudfrontNet DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage =>.Superfluous.AudienceInsights DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal =>.Superfluous.AudienceInsights DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consommerdurable.com_0.localstorage =>PUP.Optional.Browser DEPLACÉ fichier: C:\Users\damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consommerdurable.com_0.localstorage-journal =>PUP.Optional.Browser DEPLACÉ fichier: C:\Windows\Reimage.ini =>.Superfluous.ReimageRepair DEPLACÉ fichier: C:\Users\damien\HELP_DECRYPT.HTML =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\HELP_DECRYPT.PNG =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\HELP_DECRYPT.TXT =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\HELP_DECRYPT.URL =>CryptoWall.Trace DEPLACÉ fichier: C:\ProgramData\HELP_DECRYPT.HTML =>CryptoWall.Trace DEPLACÉ fichier: C:\ProgramData\HELP_DECRYPT.TXT =>CryptoWall.Trace DEPLACÉ fichier: C:\ProgramData\HELP_DECRYPT.PNG =>CryptoWall.Trace DEPLACÉ fichier: C:\ProgramData\HELP_DECRYPT.URL =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL =>CryptoWall.Trace DEPLACÉ fichier: C:\Users\damien\AppData\Roaming\cacaoweb\cacaoweb.exe =>.Superfluous.CacaoWeb DEPLACÉ dossier: C:\Users\damien\AppData\Roaming\Mozilla\Firefox\Profiles\qj5l4e3g.default\Extensions\cacaoweb@cacaoweb.org =>.Superfluous.CacaoWeb DEPLACÉ dossier: C:\Program Files\P4P =>.Superfluous.Sogou DEPLACÉ dossier: C:\Program Files\Search Results Toolbar =>PUP.Optional.SearchResults DEPLACÉ dossier: C:\ProgramData\InstallMate =>.Superfluous.Tarma DEPLACÉ dossier: C:\ProgramData\Trymedia =>PUP.Optional.Trymedia DEPLACÉ dossier^: C:\Users\damien\AppData\Roaming\cacaoweb =>.Superfluous.CacaoWeb DEPLACÉ dossier: C:\Users\damien\AppData\LocalLow\DataMngr =>PUP.Optional.Datamngr DEPLACÉ dossier: C:\Users\damien\AppData\LocalLow\facemoods.com =>PUP.Optional.Facemoods DEPLACÉ dossier: C:\Users\damien\AppData\LocalLow\ilividtoolbarguid =>PUP.Optional.Bandoo DEPLACÉ dossier: C:\Users\damien\AppData\Local\iLivid =>PUP.Optional.Bandoo DEPLACÉ dossier: C:\Program Files\QuickTime =>Riskware.QuickTime DEPLACÉ dossier: C:\ProgramData\QuickTime =>Riskware.QuickTime ---\\ Base de Registres ( Clés, Valeurs, Données ). (112) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} [http://start.facemoods.com/?a=bfus&s={searchTerms}&f=4] [Facemoods Search] =>PUP.Optional.Facemoods SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [http://dts.search-results.com/sr?src=ieb&gct=ds&appid=492&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6[...]] [Search Results] =>PUP.Optional.Bandoo SUPPRIMÉ clé: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [http://dts.search-results.com/sr?src=ieb&gct=ds&appid=492&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6[...]] [Search Results] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\Software\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif [C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoods.crx (Not File)] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC} [facemoods Helper] =>PUP.Optional.Facemoods SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} [http://start.facemoods.com/?a=bfus&s={searchTerms}&f=4] =>PUP.Optional.Facemoods SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [http://dts.search-results.com/sr?src=ieb&gct=ds&appid=492&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1352071400454515&q={searchTerms}] =>PUP.Optional.Bandoo SUPPRIMÉ clé: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} [http://dts.search-results.com/sr?src=ieb&gct=ds&appid=492&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1352071400454515&q={searchTerms}] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0 [escortApp 1.0 Type Library] =>PUP.Optional.MySearchDial SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [escortApp 1.0 Type Library] =>PUP.Optional.MySearchDial SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb ["C:\Users\damien\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer (Not File)] =>.Superfluous.CacaoWeb SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\facemoods ["C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe" /md I (Not File)] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\APN DTX [] =>.Superfluous.Conduit SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\cacaoweb [C:\Users\damien\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)] =>.Superfluous.CacaoWeb SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\DataMngr [] =>PUP.Optional.Datamngr SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\DataMngr_Toolbar [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\facemoods.com [] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\ilivid [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\ilividtoolbarguid [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\Reimage [] =>.Superfluous.ReimageRepair SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\Softonic [] =>.Superfluous.Softonic SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-3939998997-549058567-1527751718-1000\SOFTWARE\YahooPartnerToolbar [] =>Toolbar.YahooPartner SUPPRIMÉ clé: HKCU\Software\APN DTX [] =>.Superfluous.Conduit SUPPRIMÉ clé: HKCU\Software\cacaoweb [C:\Users\damien\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)] =>.Superfluous.CacaoWeb SUPPRIMÉ clé: HKCU\Software\DataMngr [] =>PUP.Optional.Datamngr SUPPRIMÉ clé: HKCU\Software\DataMngr_Toolbar [] =>PUP.Optional.Bandoo SUPPRIMÉ clé: HKCU\Software\facemoods.com [] =>PUP.Optional.Facemoods SUPPRIMÉ clé: HKCU\Software\ilivid [] =>PUP.Optional.Bandoo SUPPRIMÉ clé: HKCU\Software\ilividtoolbarguid [] =>PUP.Optional.Bandoo SUPPRIMÉ clé: HKCU\Software\Reimage [] =>.Superfluous.ReimageRepair SUPPRIMÉ clé: HKCU\Software\Softonic [] =>.Superfluous.Softonic SUPPRIMÉ clé: HKCU\Software\YahooPartnerToolbar [] =>Toolbar.YahooPartner SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods [] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com [2490] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.fr [] =>.Superfluous.Softonic SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\soundcloud.com [154] =>PUP.Optional.SoundCloud SUPPRIMÉ clé*: HKLM\SOFTWARE\Reimage [] =>.Superfluous.ReimageRepair SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\protector_dll.protectorbho [Google Toolbar Notifier BHO] =>PUP.Optional.BProtector SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 [Google Toolbar Notifier BHO] =>PUP.Optional.BProtector SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BrowserConnection.Loader [DataMngr] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1 [DataMngr] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\escort.escortIEPane [escortIEPane Object] =>PUP.Optional.Babylon SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\escort.escortIEPane.1 [escortIEPane Object] =>PUP.Optional.Funmoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\escort.escrtBtn.1 [escrtBtn Object] =>PUP.Optional.Babylon SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\esrv.escrtSrvc [escrtSrvc Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1 [escrtSrvc Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E} [IwebAtrbts] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8} [IXmlCnfg] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2} [IXtrnlBsc] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018} [IescrtSrvc] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F} [Ixtrnlmain] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B} [IReporter] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [IescrtHlpr] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B} [IRegmapDisp] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [IescrtBtn] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9} [IEvntCntr] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE} [IxpEmphszr] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\AppID\esrv.EXE [] =>PUP.Optional.Funmoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\AppID\escort.dll [] =>PUP.Optional.Babylon SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E} [facemoodsCmn 1.0 Type Library] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.dskBnd [CDskBnd Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.dskBnd.1 [CDskBnd Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr [CescrtHlpr Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1 [CescrtHlpr Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.xtrnl [escrtAx Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoods.xtrnl.1 [escrtAx Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoodsApp.appCore [appCore Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1 [appCore Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard [UrlHelper Class] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1 [UrlHelper Class] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\protector_dll.Protector [Protector Class] =>PUP.Optional.BProtector SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [Protector Class] =>PUP.Optional.BProtector SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [ProtectorLib Class] =>PUP.Optional.BProtector SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [ProtectorLib Class] =>PUP.Optional.BProtector SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [ReiEngine Class] =>PUP.Optional.GetLiveSupport SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [ReiEngine Class] =>PUP.Optional.GetLiveSupport SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Applications\iLividSetup (1).exe [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\Applications\iLividSetup.exe [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\DataMngr [] =>PUP.Optional.Datamngr SUPPRIMÉ clé*: HKLM\SOFTWARE\facemoods.com [] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\iLividSRTB [] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Trymedia Systems [] =>PUP.Optional.Trymedia SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods [Facemoods Toolbar] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid [Bandoo Media Inc] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid [APN LLC] =>PUP.Optional.Bandoo SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA8F93B8-2082-4FE3-B79D-8E82C1FA7EC8} [C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1 (Not File)] =>PUP.Optional.Datamngr SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f34c9277-6577-4dff-b2d7-7d58092f272f} [C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1 (Not File)] =>PUP.Optional.Datamngr SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4f05-9A6E-5D3B778EC567} [C:\Program Files\facemoods.com\facemoods\1.4.17.5 (Not File)] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} [ReiEngine Class] =>.Superfluous.ReimageRepair SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)] =>.Superfluous.ReimageRepair SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} [CompReg Class] =>.Superfluous.ReimageRepair SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)] =>.Superfluous.ReimageRepair SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41a7-B645-B0E88850EABF} [ErrorFilter Class] =>PUP.Optional.Datamngr SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41a7-B645-B0E88850EABF}\InprocServer32 [C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll (Not File)] =>PUP.Optional.Datamngr SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079} [escrtAx Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}\InprocServer32 [C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll (Not File)] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E} [appCore Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4dd2-8C55-56935A48987E}\InprocServer32 [C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll (Not File)] =>PUP.Optional.Facemoods SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468} [UrlHelper Class] =>PUP.Optional.Datamngr SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41f1-8761-47238DF4F468}\InprocServer32 [C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll (Not File)] =>PUP.Optional.Datamngr SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78} [escrtBtn Object] =>PUP.Optional.Facemoods SUPPRIMÉ clé: HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}\InprocServer32 [C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (Not File)] =>PUP.Optional.Facemoods SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cacaoweb ["C:\Users\damien\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer] =>.Superfluous.CacaoWeb SUPPRIMÉ valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR [C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE] =>PUP.Optional.Datamngr SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{7A9F7D57-2822-4C7E-B545-D462021FC8C1}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{C9749CDE-B288-4EAD-8492-B214A871D0BC}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{53BBC3C5-C6BD-45C1-A2E6-567B80235E4F} [C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe] =>PUP.Optional.Datamngr SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{F5377404-A42D-4FA1-99B8-C3555981A388} [C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe] =>PUP.Optional.Datamngr ---\\ Récapitulatif des éléments trouvés sur votre station. (27) http://www.nicolascoolman.fr/?p=270 =>PUP.Optional.Datamngr http://www.nicolascoolman.fr/?p=581 =>PUP.Optional.SearchResults https://www.anti-malware.top/2016/04/30/superfluous-cacaoweb/ =>.Superfluous.CacaoWeb http://www.nicolascoolman.fr/?p=681 =>PUP.Optional.Facemoods https://www.anti-malware.top/2016/06/09/pirate-de-serveur-proxy-hijacker-proxy/ =>Hijacker.Proxy http://www.nicolascoolman.fr/?p=237 =>PUP.Optional.Bandoo http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.WeatherBug http://www.nicolascoolman.fr/?p=4664 =>CryptoWall.Trace https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect http://www.nicolascoolman.fr/?p=1075 =>.Superfluous.ReimageRepair http://www.nicolascoolman.fr/?p=259 =>.Superfluous.Tarma http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.CloudfrontNet https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.AudienceInsights http://www.nicolascoolman.fr/?p=546 =>PUP.Optional.Browser http://www.nicolascoolman.fr/?p=1013 =>.Superfluous.Sogou http://www.nicolascoolman.fr/?p=564 =>PUP.Optional.Trymedia https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime https://www.anti-malware.top/2016/04/29/superfluous-montiera/ =>PUP.Optional.MySearchDial http://www.nicolascoolman.fr/?p=210 =>.Superfluous.Conduit http://www.nicolascoolman.fr/?p=5145 =>.Superfluous.Softonic http://www.nicolascoolman.fr/?p=5143 =>Toolbar.YahooPartner http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.SoundCloud https://www.anti-malware.top/2016/04/30/pup-optional-bprotector/ =>PUP.Optional.BProtector http://www.nicolascoolman.fr/?p=170 =>PUP.Optional.Babylon http://www.nicolascoolman.fr/?p=362 =>PUP.Optional.Funmoods http://www.nicolascoolman.com/forum/post33206.html#p33206 =>PUP.Optional.GetLiveSupport ---\\ Nettoyage Additionnel. (15) ~ Suppression des Clés de registre Tracing. (15) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) ~ Le système a été redémarré. ---\\ Statistiques ~ Items scannés : 496 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 192 ~ End of clean in 00h38mn13s ~==================== ZHPCleaner-[R]-27072016-13_09_19.txt ZHPCleaner-[S]-27072016-12_22_36.txt