~ ZHPCleaner v2018.2.25.40 by Nicolas Coolman (2018/02/25) ~ Run by eliot (Administrator) (28/02/2018 01:16:05) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Nettoyer ~ Report : C:\Users\eliot\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\eliot\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 16299) ---\\ ALTERNATE DATA STREAM (ADS). (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ SERVICE. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ NAVIGATEUR INTERNET. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ FICHIER HÔTE. (2) REMPLACÉ: 0.0.0.1 mssplus.mcafee.com ~ Nombre de redirections trouvées 1/35 ---\\ TÂCHE PLANIFIÉE. (1) SUPPRIMÉ tâche: [{6FB94CC9-142B-4897-AF3C-10DF8BDCA6EA}] [C:\Program Files\ByteFence\ByteFence.exe (Not File) ] =>.SUP.ByteFence ---\\ EXPLORATEUR ( Dossiers, Fichiers ). (26) DEPLACÉ fichier^: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\Extensions\cacaoweb@cacaoweb.org\chrome =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\Extensions\cacaoweb@cacaoweb.org\chrome.manifest =>.SUP.CacaoWeb DEPLACÉ fichier^: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\Extensions\cacaoweb@cacaoweb.org\defaults =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\Extensions\cacaoweb@cacaoweb.org\install.rdf =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\defaults\preferences\prefs.js =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\cacaoweb-64.png =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\cacaoweb.css =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\skin\cacaoweb.png =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\fr-FR\cacaoweb.properties =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\es-ES\cacaoweb.properties =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\en-US\cacaoweb.properties =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\locale\de-DE\cacaoweb.properties =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.js =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\extensions\cacaoweb@cacaoweb.org\chrome\content\cacaoweb.xul =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\Downloads\cacaoweb (1).exe =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Users\eliot\Downloads\cacaoweb (2).exe =>.SUP.CacaoWeb DEPLACÉ fichier: C:\Windows\SECOH-QAD.dll =>HackTool.KMSpico DEPLACÉ fichier: C:\Windows\SECOH-QAD.exe =>HackTool.KMSpico DEPLACÉ fichier: C:\Users\eliot\AppData\Local\Akamai\netsession_win.exe [Akamai Technologies, Inc. - Akamai NetSession Client] =>.SUP.AkamaiHD DEPLACÉ dossier*: C:\Users\eliot\AppData\Roaming\Mozilla\Firefox\Profiles\cj96kbjy.default\Extensions\cacaoweb@cacaoweb.org =>.SUP.CacaoWeb DEPLACÉ dossier*: C:\Program Files\KMSpico =>HackTool.KMSpico DEPLACÉ dossier*: C:\Users\eliot\OneDrive\Documents\PROPCCleaner =>.SUP.DoctorPC DEPLACÉ dossier^: C:\Users\eliot\AppData\Local\Akamai =>.SUP.AkamaiHD DEPLACÉ dossier*: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime DEPLACÉ dossier*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime DEPLACÉ dossier*: C:\Users\eliot\AppData\Local\Google\Update =>Heuristic.Suspect ---\\ BASE DE REGISTRES ( Clés, Valeurs, Données ). (18) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_18¶m1[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dmontlsfs_17_1[...]] [Yahoo! Powered Search] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_18¶m1[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dmontlsfs_17_1[...]] [Yahoo! Powered Search] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_18¶m1[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0EtC0D0B0A0FtCzzzz0FzztN0D0Tzu0StCzyyEyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0CyByE0CyByDyDtGtA0ByB0FtGyB0CyC0AtGtBtAtBzztGzztBtB0AyBzztA0CyByE0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyB0DtBtCtB0FtG0A0CyEyCtGyE0E0AyEtGzyyC0FyDtGtB0EtB0DtAzy0EyC0DtCtAtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzztDyD%26cr%3D1114038818%26a%3Dwbf_ir_17_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dmontlsfs_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0EtC0D0B0A0FtCzzzz0FzztN0D0Tzu0StCzyyEzytN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DtCtBtCtAzyyDtGtB0Bzy0CtGtBzz0A0AtGtBzztDyBtG0DtD0E0AtB0BtAtA0F0EzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyB0DtBtCtB0FtG0A0CyEyCtGyE0E0AyEtGzyyC0FyDtGtB0EtB0DtAzy0EyC0DtCtAtD2QtN0A0LzuyE%26cr%3D185436346%26a%3Dwncy_dmontlsfs_17_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0EtC0D0B0A0FtCzzzz0FzztN0D0Tzu0StCzyyEyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0CyByE0CyByDyDtGtA0ByB0FtGyB0CyC0AtGtBtAtBzztGzztBtB0AyBzztA0CyByE0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyB0DtBtCtB0FtG0A0CyEyCtGyE0E0AyEtGzyyC0FyDtGtB0EtB0DtAzy0EyC0DtCtAtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzztDyD%26cr%3D1114038818%26a%3Dwbf_ir_17_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_dmontlsfs_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0EtC0D0B0A0FtCzzzz0FzztN0D0Tzu0StCzyyEzytN1L2XzutAtFtBzytFtAtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0DtCtBtCtAzyyDtGtB0Bzy0CtGtBzz0A0AtGtBzztDyBtG0DtD0E0AtB0BtAtA0F0EzyyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyB0DtBtCtB0FtG0A0CyEyCtGyE0E0AyEtGzyyC0FyDtGtB0EtB0DtAzy0EyC0DtCtAtD2QtN0A0LzuyE%26cr%3D185436346%26a%3Dwncy_dmontlsfs_17_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_17_18¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzuzy0CyD0Czz0EtC0D0B0A0FtCzzzz0FzztN0D0Tzu0StCzyyEyBtN1L2XzutAtFtBzytFtAtFyCtCtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyE0CyByE0CyByDyDtGtA0ByB0FtGyB0CyC0AtGtBtAtBzztGzztBtB0AyBzztA0CyByE0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtAyB0DtBtCtB0FtG0A0CyEyCtGyE0E0AyEtGzyyC0FyDtGtB0EtB0DtAzy0EyC0DtCtAtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzztDyD%26cr%3D1114038818%26a%3Dwbf_ir_17_18%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2859240256-1174380967-1921194399-1001\SOFTWARE\Akamai [] =>.SUP.AkamaiHD SUPPRIMÉ clé: HKCU\Software\Akamai [] =>.SUP.AkamaiHD SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai [Akamai Technologies, Inc] =>.SUP.AkamaiHD SUPPRIMÉ clé*: HKCU\Software\undefined [] =>.SUP.Downloader SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface ["C:\Users\eliot\AppData\Local\Akamai\netsession_win.exe"] =>.SUP.AkamaiHD SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Akamai NetSession Interface [0x020000000000000000000000] =>.SUP.AkamaiHD SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{F7BDD4B0-5748-4118-BDAF-5EFB7FB73806}C:\users\eliot\appdata\local\akamai\netsession_win.exe [C:\users\eliot\appdata\local\akamai\netsession_win.exe] =>.SUP.AkamaiHD SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{208017BF-404D-4443-88EE-9B89F3A0B7BA}C:\users\eliot\appdata\local\akamai\netsession_win.exe [C:\users\eliot\appdata\local\akamai\netsession_win.exe] =>.SUP.AkamaiHD ---\\ RÉCAPITULATIF DES ÉLÉMENTS TROUVÉS SUR VOTRE STATION. (9) https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>.SUP.ByteFence https://nicolascoolman.eu/2017/01/15/superfluous-cacaoweb/ =>.SUP.CacaoWeb https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico https://nicolascoolman.eu/2017/12/26/sup-akamaihd/ =>.SUP.AkamaiHD https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.DoctorPC https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.YahooPowered https://nicolascoolman.eu/2017/12/22/sup-downloader/ =>.SUP.Downloader ---\\ NETTOYAGE ADDITIONNEL. (14) ~ Suppression des Clés de registre Tracing. (14) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ BILAN DE LA REPARATION ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) ~ Le système a été redémarré. ---\\ STATISTIQUES ~ Items scannés : 1144 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items options : 0/7 ~ Gain de place (Octets) : 0 ~ End of clean in 00h00mn35s ---\\ LISTE DES RAPPORTS (3) ZHPCleaner-[S]-26022018-17_11_54.txt ZHPCleaner-[S]-28022018-01_15_09.txt ZHPCleaner-[R]-28022018-01_16_40.txt