~ ZHPCleaner v2019.4.25.54 by Nicolas Coolman (2019/04/25) ~ Run by victor (Administrator) (26/04/2019 15:44:30) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Nettoyer ~ Report : C:\Users\victor\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\victor\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 17134) ---\\ ALTERNATE DATA STREAM (ADS). (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ SERVICE. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ NAVIGATEUR INTERNET. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ FICHIER HÔTE. (1) ~ Le fichier hôte est légitime. (22) ---\\ TÂCHE PLANIFIÉE. (0) ~ Aucun élément malicieux ou superflu trouvé. ---\\ EXPLORATEUR ( Dossiers, Fichiers ). (41) DEPLACÉ fichier: C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\ddhvu0h8.default-1474493428282-1518443267125\bookmarkbackups\bookmarks-2019-02-26_71_T4Pc3HWRKGC4dOxkfMvvaA==.jsonlz4 =>.SUP.EORezo DEPLACÉ fichier: C:\Users\victor\AppData\Roaming\Mozilla\Firefox\Profiles\18nc40kd.default-1474493428282-1556280753619\bookmarkbackups\bookmarks-2019-02-26_71_T4Pc3HWRKGC4dOxkfMvvaA==.jsonlz4 =>.SUP.EORezo DEPLACÉ fichier: C:\Windows\Installer\wix{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{B2E25355-C24E-4E7D-8AD3-455D59810838}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{FA70E4D3-C628-44D5-991C-3F188488C30B}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\wix{FBA3961B-D1DF-493C-BC1F-E67D3B832895}.SchedServiceConfig.rmi =>.SUP.Empty DEPLACÉ fichier: C:\Windows\Installer\121111a.msp =>.SUP.Obsolete.Adobe DEPLACÉ fichier: C:\Windows\Installer\2b29a4aa.msp =>.SUP.Obsolete.Adobe DEPLACÉ fichier: C:\Windows\Installer\59d6f04.msp =>.SUP.Obsolete.Adobe DEPLACÉ fichier: C:\Windows\Installer\5b1b66d.msp =>.SUP.Obsolete.Adobe DEPLACÉ fichier: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSCore.dll [SweetLabs, Inc. - SLSCore] =>.SUP.SweetLabs DEPLACÉ fichier: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSLib.dll [SweetLabs, Inc. - SLSLib] =>.SUP.SweetLabs DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\aria-debug-10868.log =>.SUP.Temporary.OneDrive DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\aria-debug-11016.log =>.SUP.Temporary.OneDrive DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\aria-debug-6080.log =>.SUP.Temporary.OneDrive DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\aria-debug-6548.log =>.SUP.Temporary.OneDrive DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\aria-debug-9308.log =>.SUP.Temporary.OneDrive DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\aria-debug-9624.log =>.SUP.Temporary.OneDrive DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\BIT5858.tmp =>.SUP.Temporary.Empty DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\BroadcastMsg_1555585422.txt =>.SUP.Temporary.Empty DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\BroadcastMsg_1555845237.txt =>.SUP.Temporary.Empty DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\BroadcastMsg_1556197252.txt =>.SUP.Temporary.Empty DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\wct2FD8.tmp =>.SUP.Temporary.Office DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\wct7ECC.tmp =>.SUP.Temporary.Office DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\wct7F6F.tmp =>.SUP.Temporary.Office DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\wct8417.tmp =>.SUP.Temporary.Office DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\wctD5B7.tmp =>.SUP.Temporary.Office DEPLACÉ fichier: C:\Users\victor\AppData\Local\Temp\wctF177.tmp =>.SUP.Temporary.Office DEPLACÉ dossier: C:\Program Files\ByteFence =>.SUP.ByteFence DEPLACÉ dossier: C:\WINDOWS\Installer\MSI134.tmp- =>.SUP.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI300E.tmp- =>.SUP.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI4D4B.tmp- =>.SUP.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSI50E.tmp- =>.SUP.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSIB0F8.tmp- =>.SUP.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSICD00.tmp- =>.SUP.Empty DEPLACÉ dossier: C:\WINDOWS\Installer\MSICF14.tmp- =>.SUP.Empty DEPLACÉ dossier: C:\Users\victor\AppData\LocalLow\Splashteam =>.SUP.Empty ---\\ BASE DE REGISTRES ( Clés, Valeurs, Données ). (19) SUPPRIMÉ clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_38[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3231E7B9-CBE5-44EE-93DF-335EB6FF14B6} [https://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_38[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3231E7B9-CBE5-44EE-93DF-335EB6FF14B6} [https://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_38[...]] [Yahoo! Powered] =>Adware.YahooPowered SUPPRIMÉ clé**: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} [https://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyC0DzztA0FyE0AtByCyB0DyBtB0FtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0F0CtAyDtAtC0CtGyBtD0FtCtGyC0CyD0AtGyCtA0E0AtGyC0EyCzztD0F0C0AyE0CtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtB0F0AzytByC0FtGtDtCtB0AtGyEzzzzyCtG0B0EtB0FtGyDyC0E0CyB0E0B0AtDzzzz0B2QtN0A0LzuyE%26cr%3D1985904480%26a%3Dwbf_dmontlsfs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3231E7B9-CBE5-44EE-93DF-335EB6FF14B6} [https://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyC0DzztA0FyE0AtByCyB0DyBtB0FtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0F0CtAyDtAtC0CtGyBtD0FtCtGyC0CyD0AtGyCtA0E0AtGyC0EyCzztD0F0C0AyE0CtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtB0F0AzytByC0FtGtDtCtB0AtGyEzzzzyCtG0B0EtB0FtGyDyC0E0CyB0E0B0AtDzzzz0B2QtN0A0LzuyE%26cr%3D1985904480%26a%3Dwbf_dmontlsfs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3231E7B9-CBE5-44EE-93DF-335EB6FF14B6} [https://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dmontlsfs_16_38¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0ByEyC0DzztA0FyE0AtByCyB0DyBtB0FtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyB0F0CtAyDtAtC0CtGyBtD0FtCtGyC0CyD0AtGyCtA0E0AtGyC0EyCzztD0F0C0AyE0CtD0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtB0F0AzytByC0FtGtDtCtB0AtGyEzzzzyCtG0B0EtB0FtGyDyC0E0CyB0E0B0AtDzzzz0B2QtN0A0LzuyE%26cr%3D1985904480%26a%3Dwbf_dmontlsfs_16_38%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}] =>Adware.YahooPowered SUPPRIMÉ clé*: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence [] =>.SUP.ByteFence SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AdobeAAMUpdater-1.0 [0x030000008882A18D3453D301] =>Trojan.Dropper SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched [0x020000000000000000000000] =>Heuristic.Suspect SUPPRIMÉ valeur: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\c__users_victor_appdata_local_chromium_application_chrome.exe [0x0300000073E1DDA20A54D301] =>.SUP.HideBaid SUPPRIMÉ valeur: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\c__program_files_(x86)_filehippo.com_filehippo.appmanager.exe [0x03000000C2B382D80B71D301] =>.SUP.HideBaid SUPPRIMÉ valeur: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\c__users_victor_appdata_local_microsoft_onedrive_onedrive.exe [0x0300000059F812AD0A54D301] =>.SUP.HideBaid SUPPRIMÉ valeur: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\EpicGamesLauncher [0x03000000187AD680077CD401] =>Heuristic.Suspect SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\ [No Folder] =>.SUP.Obsolete.NoFolder SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Lenovo\OneKey App\OneKey Recovery\WSVD\8_X64\ [No Folder] =>.SUP.Obsolete.NoFolder SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\EPSON\MyEpson Portal\MepInkChg\ [No Folder] =>.SUP.Obsolete.NoFolder SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\EPSON\MyEpson Portal\MepInkChg6\ [No Folder] =>.SUP.Obsolete.NoFolder SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Lenovo\OneKey App\OneKey Recovery\WSVD\7_X64\ [No Folder] =>.SUP.Obsolete.NoFolder SUPPRIMÉ valeur: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Lenovo\OneKey App\OneKey Recovery\WSVD\Vista_X64\ [No Folder] =>.SUP.Obsolete.NoFolder ---\\ RÉCAPITULATIF DES ÉLÉMENTS TROUVÉS SUR VOTRE STATION. (13) https://www.nicolascoolman.com/fr/pup-eorezo/ =>.SUP.EORezo https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.SweetLabs https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Office https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>.SUP.ByteFence https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.YahooPowered https://www.anti-malware.top/2016/09/07/trojan-dropper/ =>Trojan.Dropper https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.HideBaid https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.NoFolder ---\\ NETTOYAGE ADDITIONNEL. (26) ~ Suppression des Clés de registre Tracing. (26) ~ Suppression des anciens rapports ZHPCleaner. (0) ---\\ BILAN DE LA REPARATION ~ Réparation réalisée avec succès. ~ Ce navigateur est absent (Opera Software) ---\\ STATISTIQUES ~ Items scannés : 1253 ~ Items trouvés : 0 ~ Items annulés : 0 ~ Items options : 12/12 ~ Gain de place (Octets) : 31019136 ~ End of clean in 00h00mn22s ---\\ LISTE DES RAPPORTS (2) ZHPCleaner-[S]-26042019-15_43_17.txt ZHPCleaner-[R]-26042019-15_44_52.txt