~ ZHPCleaner v2018.7.30.155 by Nicolas Coolman (2018/07/30)
~ Run by Albert (Administrator)  (03/08/2018 20:35:55)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Nettoyer
~ Report : C:\Users\Albert\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Albert\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit  (Build 9600)


---\\  ALTERNATE DATA STREAM (ADS). (0)
~ Aucun Ã©lÃ©ment malicieux ou superflu trouvÃ©.


---\\  SERVICE. (1)
WINSOCK [Protocol_Catalog9\NameSpace_Catalog5\Catalog_Entries]: Remise Ã  zÃ©ro du socket qui gÃ¨re la couche TCP/IP  =>Hijacker.Winsock


---\\  NAVIGATEUR INTERNET. (3)
REMPLACÃ Google Chrome Preferences: "https://d36s9hlc2vimc.cloudfront.net/"  =>.SUP.CloudfrontNet
SUPPRIMÃ donnÃ©e: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer [Bad : 127.0.0.1:5000]  =>Hijacker.Proxy
SUPPRIMÃ donnÃ©e: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable [Bad : 0]  =>Hijacker.Proxy


---\\  FICHIER HÃTE. (1)
~ Le fichier hÃ´te est lÃ©gitime. (21)


---\\  TÃCHE PLANIFIÃE. (1)
SUPPRIMÃ tÃ¢che: [Yahoo! Powered ditid] [C:\Windows\Tasks\Yahoo! Powered ditid.job (Not File) ]  =>Adware.YahooPowered


---\\  EXPLORATEUR  ( Dossiers, Fichiers ). (12)
DEPLACÃ fichier: C:\Users\Albert\Desktop\ÂµTorrent.lnk  [Bad : C:\Users\Albert\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
DEPLACÃ fichier: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ÂµTorrent.lnk  [Bad : C:\Users\Albert\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
DEPLACÃ fichier: C:\Windows\Tasks\Yahoo! Powered ditid.job    =>Adware.YahooPowered
DEPLACÃ fichier: C:\Users\Albert\Downloads\installer.exe [Akamai Technologies, Inc. - Akamai NetSession Client Installer]  =>.SUP.AkamaiHD
DEPLACÃ fichier: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage    =>.SUP.CloudfrontNet
DEPLACÃ fichier: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal    =>.SUP.CloudfrontNet
DEPLACÃ fichier*: C:\Program Files (x86)\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
DEPLACÃ fichier*: C:\ProgramData\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
DEPLACÃ fichier: C:\Users\Albert\AppData\Local\Akamai\netsession_win.exe [Akamai Technologies, Inc. - Akamai NetSession Client]  =>.SUP.AkamaiHD
DEPLACÃ dossier: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce  =>.SUP.SearchManager
DEPLACÃ dossier: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej  =>.SUP.SearchManager
DEPLACÃ dossier: C:\Users\Albert\AppData\Local\Akamai  =>.SUP.AkamaiHD


---\\  BASE DE REGISTRES ( ClÃ©s, Valeurs, DonnÃ©es ). (29)
SUPPRIMÃ clÃ©: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownloa[...]] [Yahoo! Powered]  =>Adware.YahooPowered
SUPPRIMÃ clÃ©: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownloa[...]] [Yahoo! Powered]  =>Adware.YahooPowered
SUPPRIMÃ clÃ©: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownloa[...]] [Yahoo! Powered]  =>Adware.YahooPowered
REMPLACÃ : HKLM64\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 [C:\Windows\System32\escortdrv.dll (Not File)]  =>Hijacker.Winsock
SUPPRIMÃ clÃ©*: HKCU\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce []  =>.SUP.SearchManager
SUPPRIMÃ clÃ©*: [X64] HKLM\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce []  =>.SUP.SearchManager
SUPPRIMÃ clÃ©*: [X64] HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce []  =>.SUP.SearchManager
SUPPRIMÃ clÃ©*: HKCU\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej []  =>.SUP.SearchManager
SUPPRIMÃ clÃ©*: [X64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej []  =>.SUP.SearchManager
SUPPRIMÃ clÃ©*: [X64] HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej []  =>.SUP.SearchManager
SUPPRIMÃ clÃ©: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_17_39&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtAyEzytCtAzytAzy0A0EzyyB0BtN0D0Tzu0StBtDzyzztN1L2XzutAtFtBzytFyCtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyBtCyDtB0A0D0BzztGtCyBtCtCtGyB0FtDzytGyB0DyCtDtGyCtDtD0EtBtD0EyD0D0EyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Ezz0F0AtDtByD0AtGtCyDyCtBtGyE0CyDtCtG0A0DyC0AtGtCzy0FyCyDzz0CyEtAzzyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtAzzzy%26cr%3D226217563%26a%3Dwncy_secureddownload_17_39%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}]  =>Adware.YahooPowered
SUPPRIMÃ clÃ©: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_17_39&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtAyEzytCtAzytAzy0A0EzyyB0BtN0D0Tzu0StBtDzyzztN1L2XzutAtFtBzytFyCtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyBtCyDtB0A0D0BzztGtCyBtCtCtGyB0FtDzytGyB0DyCtDtGyCtDtD0EtBtD0EyD0D0EyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Ezz0F0AtDtByD0AtGtCyDyCtBtGyE0CyDtCtG0A0DyC0AtGtCzy0FyCyDzz0CyEtAzzyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtAzzzy%26cr%3D226217563%26a%3Dwncy_secureddownload_17_39%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}]  =>Adware.YahooPowered
SUPPRIMÃ clÃ©: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_17_39&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtDyDtAyEzytCtAzytAzy0A0EzyyB0BtN0D0Tzu0StBtDzyzztN1L2XzutAtFtBzytFyCtFyDtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyBtCyDtB0A0D0BzztGtCyBtCtCtGyB0FtDzytGyB0DyCtDtGyCtDtD0EtBtD0EyD0D0EyE0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Ezz0F0AtDtByD0AtGtCyDyCtBtGyE0CyDtCtG0A0DyC0AtGtCzy0FyCyDzz0CyEtAzzyC0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEtAzzzy%26cr%3D226217563%26a%3Dwncy_secureddownload_17_39%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}]  =>Adware.YahooPowered
SUPPRIMÃ clÃ©*: HKEY_USERS\S-1-5-21-1109731196-1225286264-3777312828-1001\SOFTWARE\Akamai []  =>.SUP.AkamaiHD
SUPPRIMÃ clÃ©: HKCU\Software\Akamai []  =>.SUP.AkamaiHD
SUPPRIMÃ clÃ©*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai [Akamai Technologies, Inc]  =>.SUP.AkamaiHD
SUPPRIMÃ clÃ©*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
SUPPRIMÃ clÃ©*: HKCU\Software\csastats []  =>Adware.InstallCore
SUPPRIMÃ clÃ©*: HKCU\Software\undefined []  =>.SUP.Downloader
SUPPRIMÃ clÃ©*: HKCU\Software\ProductSetup []  =>Adware.InstallCore
SUPPRIMÃ clÃ©*: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com []  =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÃ clÃ©*: HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion []  =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÃ clÃ©: HKLM\SOFTWARE\Lavasoft\Web Companion []  =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÃ clÃ©*: HKLM\SYSTEM\CurrentControlSet\Services\WCAssistantService []  =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÃ clÃ©^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered ditid []  =>Adware.YahooPowered
SUPPRIMÃ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface ["C:\Users\Albert\AppData\Local\Akamai\netsession_win.exe"]  =>.SUP.AkamaiHD
SUPPRIMÃ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Akamai NetSession Interface [0x03000000ADCD8AEC7738D301]  =>.SUP.AkamaiHD
SUPPRIMÃ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{5E9A2B8D-559F-4361-8E1B-4032F4AC9FD0}C:\users\albert\appdata\local\akamai\netsession_win.exe [C:\users\albert\appdata\local\akamai\netsession_win.exe]  =>.SUP.AkamaiHD
SUPPRIMÃ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{9D568F2D-EF71-43BE-920B-86D1F80ABFE2}C:\users\albert\appdata\local\akamai\netsession_win.exe [C:\users\albert\appdata\local\akamai\netsession_win.exe]  =>.SUP.AkamaiHD


---\\  RÃCAPITULATIF DES ÃLÃMENTS TROUVÃS SUR VOTRE STATION. (10)
https://www.anti-malware.top/2016/09/25/hijacker-winsock/  =>Hijacker.Winsock
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/  =>.SUP.CloudfrontNet
https://nicolascoolman.eu/2017/04/03/hijacker-proxy/  =>Hijacker.Proxy
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Adware.YahooPowered
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/  =>.SUP.AkamaiHD
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/  =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SearchManager
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/  =>Adware.InstallCore
https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader


---\\  NETTOYAGE ADDITIONNEL. (37)
~ Suppression des ClÃ©s de registre Tracing. (37)
~ Suppression des anciens rapports ZHPCleaner. (0)


---\\ BILAN DE LA REPARATION
~ RÃ©paration rÃ©alisÃ©e avec succÃ¨s.
~ Le systÃ¨me a Ã©tÃ© redÃ©marrÃ©.


---\\ STATISTIQUES
~ Items scannÃ©s : 951
~ Items trouvÃ©s : 0
~ Items annulÃ©s : 0
~ Items options : 0/7
~ Gain de place (Octets) : 0


~ End of clean in 00h00mn53s

---\\  LISTE DES RAPPORTS (2)
ZHPCleaner-[S]-03082018-20_35_10.txt
ZHPCleaner-[R]-03082018-20_36_48.txt