~ ZHPCleaner v2017.2.12.26 by Nicolas Coolman (2017/02/12) ~ Run by Admin (Administrator) (13/02/2017 18:51:22) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Nettoyer ~ Report : C:\Users\Admin\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Admin\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) ---\\ Service. (1) ARRETÉ : KingoSoftService =>PUP.Optional.Youndoo ---\\ Navigateur internet. (10) SUPPRIMÉ: [bdcsbn63.default] - user_pref("browser.search.selectedEngine", "webssearches"); =>PUP.Optional.WebsSearches REMPLACÉ Quicklaunch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\chrome.LNK [Bad : --load-extension="C:\Users\Admin\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/](.Google Inc..) =>Hijacker.Browser REMPLACÉ Quicklaunch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [Bad : --load-extension="C:\Users\Admin\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/](.Google Inc..) =>Hijacker.Browser REMPLACÉ Quicklaunch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.LNK [Bad : http://qtipr.com/](.Microsoft Corporation.) =>Hijacker.Browser REMPLACÉ Quicklaunch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://qtipr.com/](.Microsoft Corporation.) =>Hijacker.Browser REMPLACÉ Quicklaunch: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.LNK [Bad : http://qtipr.com/](.Mozilla Corporation.) =>Hijacker.Browser REMPLACÉ TaskBar: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ff42i15r14e33f26o83x.lnk [Bad : http://qtipr.com/](.Mozilla Corporation.) =>Hijacker.Browser REMPLACÉ TaskBar: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [Bad : --load-extension="C:\Users\Admin\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/](.Google Inc..) =>Hijacker.Browser REMPLACÉ TaskBar: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk [Bad : http://qtipr.com/](.Microsoft Corporation.) =>Hijacker.Browser REMPLACÉ Startup\Programs: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : http://qtipr.com/](.Microsoft Corporation.) =>Hijacker.Browser ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (32) ---\\ Tâche planifiée. (1) SUPPRIMÉ tâche: [Traffic Exchange v2 - 1] [C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (Not File) ] =>.Superfluous.Microleaves ---\\ Explorateur ( Dossiers, Fichiers ). (20) DEPLACÉ fichier: C:\Users\Admin\AppData\Roaming\inst.exe =>PUP.Optional.Pirrit DEPLACÉ fichier: C:\Users\Admin\AppData\Local\Kingosoft\Kingo Root\update_54326\bin\KingoSoftService.exe =>PUP.Optional.Youndoo DEPLACÉ fichier: C:\Program Files\Ralink\Common\RaMediaServer.exe =>PUP.Optional.Youndoo DEPLACÉ fichier: C:\Windows\Installer\wix{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}.SchedServiceConfig.rmi =>.Superfluous.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}.SchedServiceConfig.rmi =>.Superfluous.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{C74DCAC0-DDB3-4135-A70C-0553BF9490BC}.SchedServiceConfig.rmi =>.Superfluous.Empty DEPLACÉ fichier: C:\ProgramData\InstallMate\{8F968BA1-1122-4D38-AFD3-59005475A957}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup] =>.Superfluous.Tarma DEPLACÉ fichier: C:\ProgramData\InstallMate\{8F968BA1-1122-4D38-AFD3-59005475A957}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library] =>.Superfluous.Tarma DEPLACÉ fichier: C:\ProgramData\InstallMate\{78F742A0-40F3-434D-A1A6-08D1A3146056}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup] =>.Superfluous.Tarma DEPLACÉ fichier^: C:\ProgramData\InstallMate\{78F742A0-40F3-434D-A1A6-08D1A3146056}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library] =>.Superfluous.Tarma DEPLACÉ fichier: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_qtipr.com_0.localstorage =>Hijacker.Browser DEPLACÉ fichier: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_qtipr.com_0.localstorage-journal =>Hijacker.Browser DEPLACÉ fichier: C:\Users\Admin\AppData\Local\Temp\mininewsrepair.exe [ - mininewsrepair] =>.Superfluous.Tencent DEPLACÉ dossier: C:\Users\Admin\AppData\Local\UmmyVideoDownloader =>Adware¨Pirrit DEPLACÉ dossier: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UmmyVideoDownloader =>Adware¨Pirrit DEPLACÉ dossier: C:\ProgramData\InstallMate =>.Superfluous.Tarma DEPLACÉ dossier: C:\Users\Admin\AppData\Local\CrashRpt =>.Superfluous.CrashReports DEPLACÉ dossier: C:\Users\Invité\AppData\Local\Torch =>.Superfluous.Torch DEPLACÉ dossier: C:\Program Files\QuickTime =>Riskware.QuickTime DEPLACÉ dossier: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime ---\\ Base de Registres ( Clés, Valeurs, Données ). (32) SUPPRIMÉ donnée: HKLM\SOFTWARE\Classes\IE.HTTP\Shell\Open\Command\\Default [Bad : [html] "C:\Program Files\Internet Explorer\iexplore.exe" %1] =>Broken.OpenCommand SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E028DBDA-EEE7-48A0-ADF7-D250589A02C5}_is1 [UmmyVideoDownloader] =>Adware¨Pirrit SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\KingoSoftService [C:\Users\Admin\AppData\Local\Kingosoft\Kingo Root\update_54326\bin\KingoSoftService.exe (Not File)] =>PUP.Optional.Youndoo SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\RaMediaServer [C:\Program Files\Ralink\Common\RaMediaServer.exe (Not File)] =>PUP.Optional.Youndoo SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\InstallMonster [] =>Adware.InstallMonster SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\Magicbit [] =>.Superfluous.Magicbit SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\Tencent [] =>.Superfluous.Tencent SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\Classes\.APE [KuaiZipMount.ape] =>.Superfluous.ShanghaiGuangle SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\Classes\.CUE [KuaiZipMount.cue] =>.Superfluous.ShanghaiGuangle SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\Classes\.FLAC [KuaiZipMount.flac] =>.Superfluous.ShanghaiGuangle SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\Classes\.JAR [KuaiZip.jar] =>.Superfluous.ShanghaiGuangle SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1076428414-641238508-383798790-1000\SOFTWARE\Classes\.WV [KuaiZipMount.wv] =>.Superfluous.ShanghaiGuangle SUPPRIMÉ clé*: HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Apps Hat [] =>PUP.Optional.CrossRider SUPPRIMÉ clé: HKCU\Software\InstallMonster [] =>Adware.InstallMonster SUPPRIMÉ clé: HKCU\Software\Magicbit [] =>.Superfluous.Magicbit SUPPRIMÉ clé: HKCU\Software\Tencent [] =>.Superfluous.Tencent SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{835D0908-6353-4D8E-894B-5F98C7A7D62} [C:\Program Files\Apps Hat (Not File)] =>PUP.Optional.CrossRider SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E640F1EB-CD7E-4640-BF89-21DBABC84653} [C:\Program Files\Apps Hat (Not File)] =>PUP.Optional.CrossRider SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\TorntvDownloader [] =>PUP.Optional.TornTV SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{903C0EDF-980B-D416-CEE3-573E640C7447} [NExxtCoup] =>PUP.Optional.NextCoup SUPPRIMÉ clé*: HKLM\SOFTWARE\Classes\CLSID\{F69538B2-C4FC-24DA-F115-F9533C637E86} [pRicechop] =>PUP.Optional.PriceChop SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92C1F287-B8A1-415C-B872-4000F57C055A} [Microleaves] =>.Superfluous.Microleaves SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect SUPPRIMÉ clé*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029AB1D033707234FAD100A0EAB4A227 [C:\Program Files\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe (Not File)] =>.Superfluous.Microleaves SUPPRIMÉ valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] =>Riskware.QuickTime SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{3D694A94-63BD-4771-AAEC-D7165CD9935A} [C:\program files\common files\tencent\qqdownload\132\bugreport_xf.exe] =>.Superfluous.Tencent SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{50A7E6B5-DED0-487D-AC64-1AF01973F3D6} [C:\program files\common files\tencent\qqdownload\132\tencentdl.exe] =>.Superfluous.Tencent SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{7F1A1BEB-901D-4200-91EE-4900AE3D02E1} [C:\program files\common files\tencent\qqdownload\132\tencentdl.exe] =>.Superfluous.Tencent SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{DB2740DE-F85A-489B-A250-AE55EEED1FD6} [C:\program files\common files\tencent\qqdownload\132\bugreport_xf.exe] =>.Superfluous.Tencent SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{4999AE02-CC42-4B55-B655-EC19A6D7B3A7} [C:\program files\common files\tencent\qqdownload\132\bugreport_xf.exe] =>.Superfluous.Tencent SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{3AC27D6E-2AEF-4496-B235-C036DBC4BF4C} [C:\program files\common files\tencent\qqdownload\132\tencentdl.exe] =>.Superfluous.Tencent ---\\ Récapitulatif des éléments trouvés sur votre station. (22) https://www.anti-malware.top/2016/06/18/superfluous-youndoo/ =>PUP.Optional.Youndoo https://www.nicolascoolman.com/fr/hijacker-webssearches/ =>PUP.Optional.WebsSearches https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/ =>Hijacker.Browser https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Microleaves https://www.nicolascoolman.com/fr/pup-pirritsuggestor/ =>PUP.Optional.Pirrit https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty https://www.nicolascoolman.com/fr/pup-tarma/ =>.Superfluous.Tarma https://www.nicolascoolman.com/fr/adware-tencentaddressbar/ =>.Superfluous.Tencent https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware¨Pirrit https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.CrashReports https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Torch https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Broken.OpenCommand https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.InstallMonster https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Magicbit https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.ShanghaiGuangle https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional.CrossRider https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Camec https://www.nicolascoolman.com/fr/hijacker-torntv/ =>PUP.Optional.TornTV https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.NextCoup https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.PriceChop https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Nettoyage Additionnel. (10) ~ Suppression des Clés de registre Tracing. (10) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Le système a été redémarré. ---\\ Statistiques ~ Items scannés : 1970 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 65 ~ End of clean in 00h00mn55s ~==================== ZHPCleaner-[R]-13022017-18_52_17.txt ZHPCleaner-[S]-13022017-18_48_08.txt