~ ZHPCleaner v2017.5.14.81 by Nicolas Coolman (2017/05/14) ~ Run by Pierre (Administrator) (27/05/2017 12:41:45) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Nettoyer ~ Report : C:\Users\Pierre\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Pierre\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 15063) ---\\ Service. (1) ARRETÉ : EasyTuneEngineService =>Heuristic.Pirrit ---\\ Navigateur internet. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (205) ---\\ Tâche planifiée. (1) SUPPRIMÉ tâche: [GraphicsCardEngine] [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe] =>Heuristic.Pirrit ---\\ Explorateur ( Dossiers, Fichiers ). (82) DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\2A1C.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\3CBA.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\681a6aedb027install.rdf =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\ACLMInstaller.exe.config =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\ACLMInstallLog20170525-162733.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\Americanas.ico =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\BDEB2EB.BAK =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\BigFarm.ico =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\big_bang_empire.ico =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\CasasBahia.ico =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\CF5E.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csp54D6.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csp5554.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csp5611.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csp619B.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csp9FCE.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cspA01D.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cspA01E.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cspA02F.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cspA030.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cspA05F.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cspA070.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cspA081.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csw9121.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csw91CE.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\csw91DF.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cswA0E3.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cswA3F1.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cswA431.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cswD46E.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cswD569.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\cswD599.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\DeleteOnReboot.bat =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\DisWhql.ini =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\dv2A0C2.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\dv2A8F1.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\dv2B0D2.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\E06.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\FC3.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\fList.xml =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\GBTSpecial.xml =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\HomePage.dat =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\Setup Log 2017-05-26 #001.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\Setup Log 2017-05-26 #002.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\Setup Log 2017-05-26 #003.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\Setup Log 2017-05-26 #004.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\Setup Log 2017-05-26 #005.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\Setup Log 2017-05-27 #001.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\tmp-2jz.xpi =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\tmp-qlg.xpi =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\wctA375.tmp =>.Superfluous.Temporary.Various DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\_&q9C3D.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\{B4DD5742-5A9B-480C-8AB9-ABF4E76531A4}.png =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\~DFBADA7BE696342B43.TMP =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\~DFC743C220EBAFBE34.TMP =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\~se46DF.tmp [IntertSect Alliance Pty Ltd - wsrnnae Service] =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\~se5F94.tmp =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\~se90A4.tmp [IntertSect Alliance Pty Ltd - terana Service] =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\Pierre\AppData\Local\Temp\~seD410.tmp =>.Superfluous.Temporary.Empty DEPLACÉ dossier^: C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService =>Heuristic.Pirrit DEPLACÉ dossier: C:\Users\Pierre\AppData\Roaming\WinSAPSvc =>PUP.Optional.Youndoo DEPLACÉ dossier: C:\Users\Pierre\AppData\Local\CrashRpt =>.Superfluous.CrashReports DEPLACÉ dossier: C:\Users\Pierre\AppData\Local\Temp\EasyTuneEngineService =>Heuristic.Pirrit DEPLACÉ dossier: C:\Users\pierr\AppData\Local\Temp\EasyTuneEngineService =>Heuristic.Pirrit DEPLACÉ dossier: C:\Documents and Settings\pierr\Local Settings\Application Data\Temp\EasyTuneEngineService =>Heuristic.Pirrit DEPLACÉ dossier: C:\ProgramData\BIT =>.Superfluous.Elex DEPLACÉ dossier: C:\WINDOWS\Installer\MSI251.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI2F20.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI46F4.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI47FF.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI65AC.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI680F.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI6835.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI68F1.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI695F.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI6A1D.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI6F31.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI9D9B.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI9E57.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIAB5B.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIAD22.tmp- =>.Superfluous.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIF957.tmp- =>.Superfluous.Empty ---\\ Base de Registres ( Clés, Valeurs, Données ). (28) SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\EasyTuneEngineService [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe] =>Heuristic.Pirrit SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\OcButtonService [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe] =>Heuristic.Pirrit SUPPRIMÉ clé*: HKLM\SOFTWARE\Wow6432Node\Firefox [] =>Adware.GhokswaBrowser SUPPRIMÉ clé: HKLM\SOFTWARE\Firefox [] =>Adware.GhokswaBrowser SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\BIT [] =>.Superfluous.Elex SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\WinSAPSvc [] =>PUP.Optional.Youndoo SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\InterSect Alliance [] =>.Superfluous.InterSect SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\018DB0496FC46614CBED2103F75B7262 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\acpimof_ocpanel.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\026A2426B53FDFC4599B58F49DE82D74 [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\Languages\SPA\ (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\040381EE9264F8945BD73E983C928059 [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\Languages\VIE\ (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DA9CE1E8343FF54A861511CAB59FE3D [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\cctWin.exe (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E779259750044C565F4587810BED609 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\ICCProxy.exe (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AFB09D4D260CBE40927B761FAD7F590 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\Gigabyte.ComputerSystemHardware.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D955E654775BC541907F78DD8CCBCC1 [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\IccService11\ (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E170AB4F1E37DF4286ED5EBC296C494 [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\Languages\KOR\ (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29DA1DB1F0599C74C9D3DB350EBACE11 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\KillGraphicEngine.exe (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AE2A28A3E915D64EBB460CB07A0F0F4 [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\Languages\IND\ (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BE88CBA5B05095458148AD86DE6556A [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DD706E15A87DBF4BAB7440F8F450607 [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\Languages\ENG\ (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FFC39CF0B45A1B409FA86F62DEE50A6 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\Gigabyte.GraphicsCard.Common.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\304FEEB91CD7D064795B38CF8B4667C7 [C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\Languages\FRA\ (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36AD3DEB36FD2994BA0296C56CCF0760 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38A80B6A9E042164A9E79D7E4D072123 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\Gigabyte.EasyTune.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41CF50DB84D9425419E4D12E5BCDE5E6 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\Gigabyte.GraphicsCard.Remoting.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42DC1F6889DD52B4192FF3145D432DEE [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\Gigabyte.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4BA7CDF7E7BB513489528D4C3BE95A3D [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\Gigabyte.EasyTune.Remoting.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CA4C5ECCA4AB774F919442CB6DE9E63 [C:\?Program Files (x86)\GIGABYTE\EasyTuneEngineService\Gigabyte.NativeFunctions.dll (Not File)] =>Heuristic.Pirrit SUPPRIMÉ clé*: HKCU\SOFTWARE\5286868F54696D063F59296A27BE70AA [] =>Hijacker.Browser ---\\ Récapitulatif des éléments trouvés sur votre station. (10) https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Heuristic.Pirrit https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Various https://nicolascoolman.eu/2017/03/11/superfluous-youndoo/ =>PUP.Optional.Youndoo https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.CrashReports https://nicolascoolman.eu/2017/03/28/superfluous-elex/ =>.Superfluous.Elex https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty https://nicolascoolman.eu/2017/02/19/adware-ghokswabrowser/ =>Adware.GhokswaBrowser https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.InterSect https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/ =>Hijacker.Browser ---\\ Nettoyage Additionnel. (24) ~ Suppression des Clés de registre Tracing. (24) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) ~ Le système a été redémarré. ---\\ Statistiques ~ Items scannés : 1338 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 113 ~ End of clean in 00h00mn44s ~==================== ZHPCleaner-[R]-25052017-16_50_54.txt ZHPCleaner-[R]-27052017-12_42_29.txt ZHPCleaner-[R]-28012017-19_41_11.txt ZHPCleaner-[S]-25052017-16_50_00.txt ZHPCleaner-[S]-27052017-12_41_17.txt ZHPCleaner-[S]-28012017-19_12_30.txt ZHPCleaner-[S]-28012017-19_39_53.txt