~ ZHPCleaner v2017.6.17.100 by Nicolas Coolman (2017/06/17) ~ Run by CHIHEB (Administrator) (21/06/2017 03:17:02) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Nettoyer ~ Report : C:\Users\CHIHEB\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\CHIHEB\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Service. (0) ---\\ Navigateur internet. (13) REMPLACÉ Google Chrome Preferences: "https://feed.helperbar.com/" =>PUP.Optional.HelperBar SUPPRIMÉ donnée: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigUrl [Bad : http://webunstop.org/wpad.dat?625c81e14455a3b90eb599b59cf4525333055214] =>Hijacker.Proxy REMPLACÉ Quicklaunch: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Avast SafeZone Browser.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Avast Software.) =>Hijacker.Browser REMPLACÉ Quicklaunch: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Microsoft Corporation.) =>PUP.Optional.Salus REMPLACÉ Quicklaunch: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Microsoft Corporation.) =>Hijacker.Browser REMPLACÉ TaskBar: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Mozilla Corporation.) =>Hijacker.Browser REMPLACÉ Startup\Programs: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Microsoft Corporation.) =>PUP.Optional.Salus REMPLACÉ Startup\Programs: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Microsoft Corporation.) =>Hijacker.Browser REMPLACÉ Desktop: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Avast Software.) =>Hijacker.Browser REMPLACÉ Desktop: C:\Users\Public\Desktop\Google Chrome.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Google Inc..) =>Hijacker.Browser REMPLACÉ Desktop: C:\Users\Public\Desktop\Mozilla Firefox.lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Mozilla Corporation.) =>Hijacker.Browser REMPLACÉ SystemTools: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Microsoft Corporation.) =>PUP.Optional.Salus REMPLACÉ SystemTools: C:\Users\CHIHEB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk [Bad : https://launchpage.org/?uid=oTlCBGjcgx0cXuv%2BKehtq3%2BBGtHnDk0Jbf7SydBPa3phiz%2B9fLLALBof0ih%2FBicrG5A%3D](.Microsoft Corporation.) =>Hijacker.Browser ---\\ Fichier hôte. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ Tâche planifiée. (1) SUPPRIMÉ tâche: [AutoPico Daily Restart] [C:\Program Files\KMSpico\AutoPico.exe (Not File) ] =>HackTool.KMSpico ---\\ Explorateur ( Dossiers, Fichiers ). (23) DEPLACÉ fichier: C:\Program Files\KMSpico\Service_KMS.exe [@ByELDI - Service_KMS] =>HackTool.KMSpico DEPLACÉ fichier: C:\Program Files\KMSpico\AutoPico.exe [@ByELDI - AutoPico] =>HackTool.KMSpico DEPLACÉ fichier: C:\Windows\Prefetch\AUTOPICO.EXE-18EAEA5B.pf =>HackTool.KMSpico DEPLACÉ fichier: C:\Windows\Installer\wix{6199B534-A1B6-46ED-873B-97B0ECF8F81E}.SchedServiceConfig.rmi =>.Superfluous.Empty DEPLACÉ fichier: C:\Users\CHIHEB\AppData\Local\Temp\com.ashampoo.bacon_09656FA2.log =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\CHIHEB\AppData\Local\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.607SZBrowser_autoupdate.download.lock =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\CHIHEB\AppData\Local\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.607SZBrowser_autoupdate.metrics.lock =>.Superfluous.Temporary.Empty DEPLACÉ fichier^: C:\Users\CHIHEB\AppData\Local\Temp\etilqs_2owNmuCYrAxPqSB =>.Superfluous.Temporary.Empty DEPLACÉ fichier^: C:\Users\CHIHEB\AppData\Local\Temp\etilqs_chpiKd3VXtkJfKr =>.Superfluous.Temporary.Empty DEPLACÉ fichier^: C:\Users\CHIHEB\AppData\Local\Temp\etilqs_DqfeF8Q5LBZhbSM =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\CHIHEB\AppData\Local\Temp\FXSTIFFDebugLogFile.txt =>.Superfluous.Temporary.Empty DEPLACÉ fichier^: C:\Users\CHIHEB\AppData\Local\Temp\safezone_crashreporter.log =>.Superfluous.Temporary.Empty DEPLACÉ fichier: C:\Users\CHIHEB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_search.safefinder.com_0.localstorage =>PUP.Optional.SmartBar DEPLACÉ fichier: C:\Users\CHIHEB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_search.safefinder.com_0.localstorage-journal =>PUP.Optional.SmartBar DEPLACÉ dossier*: C:\Program Files (x86)\VideoLAN =>.Superfluous.Empty DEPLACÉ dossier*: C:\Program Files\ByteFence =>.Superfluous.ByteFence DEPLACÉ dossier*: C:\Program Files\KMSpico =>HackTool.KMSpico DEPLACÉ dossier*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico DEPLACÉ dossier*: C:\Users\CHIHEB\AppData\Roaming\ParetoLogic =>.Superfluous.Paretologic DEPLACÉ dossier*: C:\Users\CHIHEB\AppData\Local\CrashRpt =>.Superfluous.CrashReports DEPLACÉ dossier^: C:\Users\CHIHEB\AppData\Local\Temp\scoped_dir3828_27377 =>.Superfluous.Temporary.Steam DEPLACÉ dossier*: C:\ProgramData\Logic Cramble =>PUP.Optional.LogicHandler DEPLACÉ dossier*: C:\Users\CHIHEB\AppData\Roaming\vnlgp =>Trojan.BitCoinMiner ---\\ Base de Registres ( Clés, Valeurs, Données ). (23) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6s[...]] [Search the web] =>PUP.Optional.IMBooster SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6s[...]] [Search the web] =>PUP.Optional.IMBooster SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFolkkaCaflBAMwv4kK569qXNuWct4aayvF156hOqMNZFQN3-vsKMVMooejSSAvD4DTd65OHNp7ChQ3BIeDMu2FKiJBl5fRXlsXx8nqC-YyC4tg4gIfnYQIUl_cXA0Ta6mVtgLUIViSx2d1fxvLEi_oc2gGE,&q={searchTerms}] =>PUP.Optional.IMBooster SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFolkkaCaflBAMwv4kK569qXNuWct4aayvF156hOqMNZFQN3-vsKMVMooejSSAvD4DTd65OHNp7ChQ3BIeDMu2FKiJBl5fRXlsXx8nqC-YyC4tg4gIfnYQIUl_cXA0Ta6mVtgLUIViSx2d1fxvLEi_oc2gGE,&q={searchTerms}] =>PUP.Optional.IMBooster SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\ByteFenceService [C:\Program Files\ByteFence\ByteFenceService.exe (Not File)] =>.Superfluous.ByteFence SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe (Not File)] =>HackTool.KMSpico SUPPRIMÉ clé^: HKEY_USERS\S-1-5-21-1776833870-1233344491-4197509481-1000\SOFTWARE\ParetoLogic [] =>.Superfluous.Paretologic SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1776833870-1233344491-4197509481-1000\SOFTWARE\Classes\.snapdoc [SNAP.DOC] =>PUP.Optional.SmartBar SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-1776833870-1233344491-4197509481-1000\SOFTWARE\Classes\SNAP.DOC [SNAP.DOC] =>PUP.Optional.SmartBar SUPPRIMÉ clé^: HKCU\Software\ParetoLogic [] =>.Superfluous.Paretologic SUPPRIMÉ clé*: HKCU\Software\csastats [] =>Adware.InstallCore SUPPRIMÉ clé*: HKCU\Software\ProductSetup [] =>Adware.InstallCore SUPPRIMÉ clé*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ByteFenceService [] =>.Superfluous.ByteFence SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.Superfluous.ByteFence SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.Superfluous.ByteFence SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico] =>HackTool.KMSpico SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\ParetoLogic [] =>.Superfluous.Paretologic SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ParetoLogic PC Health Advisor_RASAPI32 [] =>.Superfluous.Paretologic SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ParetoLogic PC Health Advisor_RASMANCS [] =>.Superfluous.Paretologic SUPPRIMÉ clé*: HKCU\SOFTWARE\80c72162ad6e70a355cf0a60aff1b7bc [] =>Hijacker.Browser SUPPRIMÉ clé*: HKCU\SOFTWARE\c085ee5f3329d8767aef30d4dae5b55a [] =>Hijacker.Browser SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{F3971843-A561-45B7-9F74-4AA8FFFB52CB} [C:\Program Files\KMSpico\Service_KMS.exe] =>HackTool.KMSpico SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{CE321636-6867-42BD-944D-206D6D4D7D83} [C:\Program Files\KMSpico\Service_KMS.exe] =>HackTool.KMSpico ---\\ Récapitulatif des éléments trouvés sur votre station. (16) https://www.nicolascoolman.com/fr/pup-helperbar/ =>PUP.Optional.HelperBar https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/ =>Hijacker.Browser https://www.nicolascoolman.com/fr/pup-salus/ =>PUP.Optional.Salus https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty https://www.nicolascoolman.com/fr/hijacker-smartbar/ =>PUP.Optional.SmartBar https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>.Superfluous.ByteFence https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Paretologic https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.CrashReports https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Steam https://nicolascoolman.eu/2017/01/04/pup-optional-logichandler/ =>PUP.Optional.LogicHandler https://www.nicolascoolman.com/fr/trojan-bitcoinminer/ =>Trojan.BitCoinMiner https://www.nicolascoolman.com/fr/adware-imbooster/ =>PUP.Optional.IMBooster https://nicolascoolman.eu/2017/03/12/adware-installcore-2/ =>Adware.InstallCore ---\\ Nettoyage Additionnel. (57) ~ Suppression des Clés de registre Tracing. (57) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ Bilan de la réparation ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) ~ Le système a été redémarré. ---\\ Statistiques ~ Items scannés : 822 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items réparés : 62 ~ End of clean in 00h00mn49s ~==================== ZHPCleaner-[R]-21062017-03_17_51.txt ZHPCleaner-[S]-21062017-03_16_06.txt