~ ZHPCleaner v2020.6.4.202 by Nicolas Coolman (2020/06/04)
~ Run by Gomez (Administrator)  (06/06/2020 19:30:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Nettoyer
~ Report : C:\Users\Gomez\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Gomez\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\  ALTERNATE DATA STREAM (ADS). (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\  SERVICE. (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\  NAVIGATEUR INTERNET. (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\  FICHIER HÔTE. (1)
~ Le fichier hôte est légitime. (18)


---\\  TÂCHE PLANIFIÉE. (1)
SUPPRIMÉ tâche: [bookingDesktopAppUpdateTaskMachineCore] [C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe (Not File) ]  =>PUP.Optional.Booking


---\\  EXPLORATEUR  ( Dossiers, Fichiers ). (32)
DEPLACÉ fichier: C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\npbookingDesktopAppUpdate3.dll [bookingDesktopApp. - bookingDesktopApp Update]  =>PUP.Optional.Booking
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Local Storage\chrome-extension_gfdefkjpjdbiiclhimebabkmclmiiegk_0.localstorage    =>Hijacker.Browser
DEPLACÉ fichier: C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [bookingDesktopApp. - bookingDesktopApp Update]  =>PUP.Optional.Booking
DEPLACÉ fichier: C:\Windows\Temp\GURB7E9.exe    =>Heuristic.Suspect
DEPLACÉ fichier: C:\Users\Gomez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk    =>.SUP.GoodGameEmpire
DEPLACÉ fichier*: C:\Program Files (x86)\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ fichier*: C:\ProgramData\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0\background.html    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0\manifest.json    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\background.html    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\background.js    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\config.json    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\manifest.json    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\test.js    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\tr.js    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images\chromium.svg    =>Hijacker.Browser
DEPLACÉ fichier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images\shadow.png    =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk  =>Hijacker.Browser [http://dafucah.com/update]
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg  =>Hijacker.Browser [http://nuqudop.com/update]
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\System  =>Adware.Suspect
DEPLACÉ dossier^: C:\Program Files (x86)\bookingDesktopApp  =>PUP.Optional.Booking
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Goodgame Empire  =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire  =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Documents and Settings\Gomez\Application Data\Microsoft\Windows\Start Menu\Programs\Goodgame Empire  =>.SUP.GoodGameEmpire
DEPLACÉ dossier: C:\Users\Gomez\AppData\Roaming\Lavasoft\Web Companion  =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\Program Files (x86)\lavasoft\web companion  =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\lavasoft\web companion  =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Application Data\lavasoft\web companion  =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion  =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\gfdefkjpjdbiiclhimebabkmclmiiegk\1.0.0.50_0  =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0  =>Hijacker.Browser
DEPLACÉ dossier: C:\Users\Gomez\AppData\Local\chromium\User Data\Default\Extensions\kjdcopljcgiekkmjhinmcpioncofoclg\14.1.4.58_0\images  =>Hijacker.Browser


---\\  BASE DE REGISTRES ( Clés, Valeurs, Données ). (48)
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@bookingdesktopapp.com/bookingDesktopApp Update;version=3 [bookingDesktopApp.]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@bookingdesktopapp.com/bookingDesktopApp Update;version=9 [bookingDesktopApp.]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: HKCU\Software\undefined [AdditionalScan 147]  =>.SUP.Downloader
SUPPRIMÉ clé*: HKCU\Software\ProductSetup [AdditionalScan 152]  =>Adware.InstallCore
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2264680239-2557701228-1583835890-1000\SOFTWARE\bookingDesktopApp []  =>PUP.Optional.Booking
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-2264680239-2557701228-1583835890-1000\SOFTWARE\cacaoweb [C:\Users\Gomez\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)]  =>.SUP.CacaoWeb
SUPPRIMÉ clé**: HKCU\Software\bookingDesktopApp []  =>PUP.Optional.Booking
SUPPRIMÉ clé**: HKCU\Software\cacaoweb [C:\Users\Gomez\AppData\Roaming\cacaoweb\cacaoweb.exe (Not File)]  =>.SUP.CacaoWeb
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\thebrighttag.com []  =>PUP.Optional.TheBrightTag
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopApp.OneClickCtrl.9 [bookingDesktopApp Update Plugin]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopApp.Update3WebControl.3 [bookingDesktopApp Update Plugin]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoCreateAsync [CoCreateAsync]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoCreateAsync.1.0 [CoCreateAsync]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreClass [Google Update Core Class]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreClass.1 [Google Update Core Class]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreMachineClass [Google Update Core Class]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CoreMachineClass.1 [Google Update Core Class]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CredentialDialogMachine [GoogleUpdate CredentialDialog]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.CredentialDialogMachine.1.0 [GoogleUpdate CredentialDialog]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachine [Google Update Broker Class Factory]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachine.1.0 [Google Update Broker Class Factory]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachineFallback [Google Update Legacy On Demand]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassMachineFallback.1.0 [Google Update Legacy On Demand]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassSvc [Google Update Legacy On Demand]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.OnDemandCOMClassSvc.1.0 [Google Update Legacy On Demand]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.ProcessLauncher [Google Update Process Launcher Class]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.ProcessLauncher.1.0 [Google Update Process Launcher Class]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachine [Google Update Broker Class Factory]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachine.1.0 [Google Update Broker Class Factory]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachineFallback [GoogleUpdate Update3Web]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebMachineFallback.1.0 [GoogleUpdate Update3Web]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebSvc [GoogleUpdate Update3Web]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\bookingDesktopAppUpdate.Update3WebSvc.1.0 [GoogleUpdate Update3Web]  =>PUP.Optional.Booking
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bookingDesktopAppUpdateTaskMachineCore []  =>PUP.Optional.Booking
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bookingDesktopAppUpdateTaskMachineUA []  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\bookingDesktopApp []  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CB82F79-F13F-4F62-86F7-CAA51E3D58A2} [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AF09D48-D8ED-4444-BC2C-CD2FE457564B} [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Goodgame Empire [Goodgame Empire]  =>.SUP.GoodGameEmpire
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{214CE195-79AA-4CA1-9C40-AE44339A8A10} []  =>PUP.Optional.Booking
SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Classes\CLSID\{214CE195-79AA-4CA1-9C40-AE44339A8A10}\InprocServer32 [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\psmachine_64.dll (Not File)]  =>PUP.Optional.Booking
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D} [PSFactoryBuffer]  =>PUP.Optional.Booking
SUPPRIMÉ clé**: [X64] HKLM\SOFTWARE\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}\InprocServer32 [C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0\psmachine_64.dll (Not File)]  =>PUP.Optional.Booking
SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5DA9B9AB0E8E3ED495539C3AB185EBA9 ["C:\Users\Gomez\AppData\Local\chromium\Application]  =>PUP.Optional.MyBrowser
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{8FA1D564-73BA-46DE-BDA4-838E6804C10F}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e]  =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{04687BBD-5FA7-496F-BF24-8B2A3FADCE87}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e]  =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{080D8E42-DF57-4490-A27B-25C1680A6EED}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e]  =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{338CF3E4-5F6E-4BAE-9738-22B1E9AE4C40}C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\gomez\appdata\roaming\cacaoweb\cacaoweb.e]  =>.SUP.CacaoWeb


---\\  RÉCAPITULATIF DES ÉLÉMENTS TROUVÉS SUR VOTRE STATION. (13)
https://nicolascoolman.eu/forum/Topic/booking-logiciel-potentiellement-indesirable-pup-lpi/  =>PUP.Optional.Booking
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/wp-content/uploads/2019/01/Informations-Sécurité-Zone-antimalware.jpg  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.GoodGameEmpire
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/  =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Hijacker.Browser [http://dafucah.com/update]
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Hijacker.Browser [http://nuqudop.com/update]
https://nicolascoolman.eu/2017/03/02/adware-suspect/  =>Adware.Suspect
https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/  =>Adware.InstallCore
https://nicolascoolman.eu/2017/01/15/superfluous-cacaoweb/  =>.SUP.CacaoWeb
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.TheBrightTag
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser


---\\  NETTOYAGE ADDITIONNEL. (34)
~ Suppression des Clés de registre Tracing. (34)
~ Suppression des anciens rapports ZHPCleaner. (0)


---\\ BILAN DE LA REPARATION
~ Réparation réalisée avec succès.
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK
~ Le système a été redémarré.


---\\ STATISTIQUES
~ Items scannés : 1652
~ Items trouvés : 0
~ Items annulés : 0
~ Gain de place (Octets) : 0
~ Items options : 8/15


---\\ OPTIONS DESACTIVÉES
~ Analyse et suppression des fichiers temporaires
~ Analyse et suppression des répertoires temporaires
~ Recherche et suppression des répertoires CLSID vides
~ Recherche et suppression des autres répertoires vides
~ Recherche et suppression des répertoires vides de LocalLow
~ Recherche et suppression des répertoires vides de Local
~ Recherche et suppression des fichiers obsolètes





~ End of clean in 00h01mn51s

---\\  LISTE DES RAPPORTS (3)
ZHPCleaner-[S]-06062020-16_56_55.txt
ZHPCleaner-[S]-06062020-19_25_23.txt
ZHPCleaner-[R]-06062020-19_32_03.txt