~ ZHPCleaner v2015.12.13.397 by Nicolas Coolman (2015/12/13) ~ Run by Artcraft (Administrator) (14/12/2015 14:51:35) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\Artcraft\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Artcraft\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) MOVED file: C:\Users\Artcraft\AppData\Local\Temp\UNI8BE7.tmp\dr.dll [Tencent - 电脑管家dll] =>PUP.Optional.TencentAddressBar MOVED file: C:\Users\Artcraft\AppData\Local\Temp\UNI8BE7.tmp\Unpin.exe [Tencent - 电脑管家-卸载程序] =>PUP.Optional.TencentAddressBar MOVED file: C:\Users\Artcraft\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imediabuzzy.com_0.localstorage =>PUP.Optional.MediaBuzz MOVED file: C:\Users\Artcraft\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_imediabuzzy.com_0.localstorage-journal =>PUP.Optional.MediaBuzz MOVED file: C:\Users\Artcraft\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage =>PUP.Optional.Generic MOVED file: C:\Users\Artcraft\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal =>PUP.Optional.Generic MOVED folder: C:\Program Files (x86)\QuickSearch =>PUP.Optional.FastSearch MOVED folder: C:\Windows\Installer\MSI502C.tmp- =>Empty MOVED folder: C:\Windows\Installer\MSI7BC9.tmp- =>Empty MOVED folder: C:\Windows\Installer\MSIBA90.tmp- =>Empty ---\\ Registry ( Key, Value, Data) (12) DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\softaal [C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys (Not File)] =>PUP.Optional.TencentAddressBar DELETED key*: HKEY_USERS\S-1-5-21-2554863769-1644592177-3804684417-1000\SOFTWARE\Tencent [] =>PUP.Optional.TencentAddressBar DELETED key: HKCU\Software\Tencent [] =>PUP.Optional.TencentAddressBar DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\soundcloud.com [] =>PUP.Optional.Multiplug DELETED key*: [X64] HKLM\SOFTWARE\DtsEncodeTools [] =>PUP.Optional.WeatherTool DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent [] =>PUP.Optional.TencentAddressBar DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wasteland 2_is1 [Wasteland 2] =>PUP.Optional.AdRoar DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Tencent ["C:\Program Files (x86)\Tencent\Tencent.exe" http://down.baidu2016.com/qq/test.txt /start] =>PUP.Optional.TencentAddressBar DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{899B6FD5-F8A9-4AFE-B02B-F8B1AB61E800}C:\users\artcraft\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\artcraft\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{B13EFDC9-DA5C-478F-9B5C-0E44025463CD}C:\users\artcraft\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\artcraft\appdata\roaming\cacaoweb\cacaoweb.exe] =>.Superfluous.CacaoWeb DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{D5391955-27C1-4804-8B07-5477CDBD8E07} [C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe] =>PUP.Optional.TencentAddressBar DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{28722463-16A9-4F20-9250-C80DB7806D67} [C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe] =>PUP.Optional.TencentAddressBar ---\\ Summary of the elements found (8) http://www.nicolascoolman.fr/?p=368 =>PUP.Optional.TencentAddressBar http://www.nicolascoolman.fr/?p=191 =>PUP.Optional.MediaBuzz http://www.nicolascoolman.fr/repaquetage-et_infections =>PUP.Optional.Generic http://www.nicolascoolman.fr/repaquetage-et_infections =>PUP.Optional.FastSearch http://www.nicolascoolman.fr/?p=1402 =>PUP.Optional.Multiplug http://www.nicolascoolman.fr/pup-optional-weathertool =>PUP.Optional.WeatherTool http://www.nicolascoolman.fr/repaquetage-et_infections =>PUP.Optional.AdRoar http://www.nicolascoolman.fr/?p=338 =>.Superfluous.CacaoWeb ---\\ Other deletions. (0) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 265 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 22 ~ End of clean in 0 minutes =================== ZHPCleaner-[R]-14122015-14_41_53.txt ZHPCleaner-[R]-14122015-14_51_49.txt ZHPCleaner-[S]-14122015-14_41_46.txt ZHPCleaner-[S]-14122015-14_41_47.txt ZHPCleaner-[S]-14122015-14_41_48.txt ZHPCleaner-[S]-14122015-14_41_50.txt ZHPCleaner-[S]-14122015-14_41_51.txt ZHPCleaner-[S]-14122015-14_51_15.txt