~ ZHPCleaner v2017.6.27.106 by Nicolas Coolman (2017/06/27) ~ Run by Anaëlle Jolivet (Administrator) (28/06/2017 21:33:32) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Nettoyer ~ Report : C:\Users\Anaëlle Jolivet\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Anaëlle Jolivet\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 15063) ---\\ Service. (1) ARRETÉ : iSafeService =>.Superfluous.Elex ---\\ Navigateur internet. (2) SUPPRIMÉ Firefox: [0216rq2e.default] /*/*URL HomePage : http://www.ourluckysites.com/?type=hp&ts=1492418042&z=caa0870b86d794b67be7547gbzb[...] =>Hijacker.OurLuckySites REMPLACÉ IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [http://www.ourluckysites.com/?type=hp&ts=1492418042&z=caa0870b86d794b67be7547gbz[...]] =>Hijacker.OurLuckySites ---\\ Fichier hôte. (1) ~ Le fichier hôte est légitime. (21) ---\\ Tâche planifiée. (1) SUPPRIMÉ tâche: [Reimage Reminder] [C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe (Not File) ] =>.Superfluous.ReimageRepair ---\\ Explorateur ( Dossiers, Fichiers ). (8) DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [Elex do Brasil Participações Ltda - iSafe Kernel Driver] =>.Superfluous.Elex DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver] =>.Superfluous.Elex DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver] =>.Superfluous.Elex DEPLACÉ fichier^: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [Elex do Brasil Participações Ltda - iSafeSvc] =>.Superfluous.Elex DEPLACÉ fichier^: C:\WINDOWS\system32\drivers\NetUtils2016.sys =>.Superfluous.Netutils DEPLACÉ dossier: C:\Program Files (x86)\Elex-tech =>.Superfluous.Elex DEPLACÉ dossier^: C:\Users\Anaëlle Jolivet\AppData\Roaming\Elex-tech =>.Superfluous.Elex DEPLACÉ dossier: C:\Program Files (x86)\Elex-tech\YAC =>.Superfluous.YetAnotherCleaner ---\\ Base de Registres ( Clés, Valeurs, Données ). (22) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5BE328D9-1A31-44F2-A62D-4FC823AB2FFE} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BE328D9-1A31-44F2-A62D-4FC823AB2FFE} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownloa[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5BE328D9-1A31-44F2-A62D-4FC823AB2FFE} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownloa[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [] =>Adware.YahooPowered SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5BE328D9-1A31-44F2-A62D-4FC823AB2FFE} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_16_42_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByC0D0F0B0FzyyBtAzztCyD0AtBtB0BtN0D0Tzu0StCyByDyBtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0EtByEzytD0A0AtGyByDyEzztG0Azz0EzytGyBtAzzzytG0FtA0EyEtB0Azy0B0DyByBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0FyC0Bzz0EtAtDtGtDtAyC0EtGyEtA0DyDtG0B0DzzyEtGyDtDyCzy0C0BtD0B0B0Azz0D2QtN0A0LzuyE%26cr%3D1458216812%26a%3Dwbf_secureddownload_16_42_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_16_42_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByC0D0F0B0FzyyBtAzztCyD0AtBtB0BtN0D0Tzu0StCyByDyBtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0EtByEzytD0A0AtGyByDyEzztG0Azz0EzytGyBtAzzzytG0FtA0EyEtB0Azy0B0DyByBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0FyC0Bzz0EtAtDtGtDtAyC0EtGyEtA0DyDtG0B0DzzyEtGyDtDyCzy0C0BtD0B0B0Azz0D2QtN0A0LzuyE%26cr%3D1458216812%26a%3Dwbf_secureddownload_16_42_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BE328D9-1A31-44F2-A62D-4FC823AB2FFE} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_16_43_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByC0D0F0B0FzyyBtAzztCyD0AtBtB0BtN0D0Tzu0StCyByCtBtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyBzyyD0CtA0DzytGyEyDyDtDtGzy0AyEtDtGyBzztCyCtG0BzytAyDtD0D0AyD0BzztCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0FyC0Bzz0EtAtDtGtDtAyC0EtGyEtA0DyDtG0B0DzzyEtGyDtDyCzy0C0BtD0B0B0Azz0D2QtN0A0LzuyE%26cr%3D2051892952%26a%3Dwncy_secureddownload_16_43_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_secureddownload_16_42_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByC0D0F0B0FzyyBtAzztCyD0AtBtB0BtN0D0Tzu0StCyByDyBtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0EtByEzytD0A0AtGyByDyEzztG0Azz0EzytGyBtAzzzytG0FtA0EyEtB0Azy0B0DyByBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0FyC0Bzz0EtAtDtGtDtAyC0EtGyEtA0DyDtG0B0DzzyEtGyDtDyCzy0C0BtD0B0B0Azz0D2QtN0A0LzuyE%26cr%3D1458216812%26a%3Dwbf_secureddownload_16_42_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5BE328D9-1A31-44F2-A62D-4FC823AB2FFE} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_16_43_ssg02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByC0D0F0B0FzyyBtAzztCyD0AtBtB0BtN0D0Tzu0StCyByCtBtN1L2XzutAtFtByEtFtByBtFyDtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCyBzyyD0CtA0DzytGyEyDyDtDtGzy0AyEtDtGyBzztCyCtG0BzytAyDtD0D0AyD0BzztCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0FyC0Bzz0EtAtDtGtDtAyC0EtGyEtA0DyDtG0B0DzzyEtGyDtDyCzy0C0BtD0B0B0Azz0D2QtN0A0LzuyE%26cr%3D2051892952%26a%3Dwncy_secureddownload_16_43_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnl [C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys (Not File)] =>.Superfluous.Elex SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlKit [C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (Not File)] =>.Superfluous.Elex SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlR3 [C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (Not File)] =>.Superfluous.Elex SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeService [C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe (Not File)] =>.Superfluous.Elex SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\NetUtils2016 [C:\WINDOWS\system32\drivers\NetUtils2016.sys] =>.Superfluous.Netutils SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeKrnlBoot [] =>.Superfluous.YetAnotherCleaner SUPPRIMÉ clé^: HKLM\SYSTEM\CurrentControlSet\Services\iSafeNetFilter [] =>.Superfluous.YetAnotherCleaner SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\reimage [] =>.Superfluous.ReimageRepair SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Wow6432Node\Elex-tech [] =>.Superfluous.Elex SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iSafe [ELEX DO BRASIL PARTICIPAÇÕES LTDA] =>.Superfluous.Elex ---\\ Récapitulatif des éléments trouvés sur votre station. (6) https://nicolascoolman.eu/2017/03/28/superfluous-elex/ =>.Superfluous.Elex https://nicolascoolman.eu/2017/05/16/hijacker-ourluckysites/ =>Hijacker.OurLuckySites https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/ =>.Superfluous.ReimageRepair https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Netutils https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.YetAnotherCleaner https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.YahooPowered ---\\ Nettoyage Additionnel. (21) ~ Suppression des Clés de registre Tracing. (21) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Google Chrome) ~ Ce navigateur est absent (Opera Software) ~ Le système a été redémarré. ---\\ Statistiques ~ Items scannés : 676 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 34 ~ End of clean in 00h00mn50s ~==================== ZHPCleaner-[R]-28062017-21_34_22.txt ZHPCleaner-[S]-28062017-16_30_22.txt ZHPCleaner-[S]-28062017-20_18_43.txt ZHPCleaner-[S]-28062017-21_27_11.txt ZHPCleaner-[S]-28062017-21_33_22.txt