~ ZHPCleaner v2016.8.5.98 by Nicolas Coolman (2016/08/05) ~ Run by mezoo (Administrator) (06/08/2016 00:15:43) ~ Site : https://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\mezoo\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\mezoo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 10586) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (17) DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var1", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var10", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var2", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var3", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var4", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var5", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var6", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var7", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var8", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.Var9", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.cache.tbs_include_xml_006938", "18/12/21/2/113"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.firstlaunch", "0"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.guid", "%7B89B51CD5-0861-A99D-7C9D-9EC95B67D647%7D"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.popupblockedcnt", "2"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6.userId", "%12"); =>PUP.Optional.IMBooster DELETED: [nj11tx8v.default] - user_pref("id_imbooster4web_v6_installed_version", "1.0.1018.0"); =>PUP.Optional.IMBooster DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : ;*.local] =>Hijacker.Proxy ---\\ Hosts file (0) ~ No malicious or unnecessary items found. ---\\ Scheduled automatic tasks. (1) DELETED task: [AutoKMS] [C:\Windows\AutoKMS.exe (Not File) ] =>HackTool.AutoKMS ---\\ Explorer ( File, Folder) (61) MOVED file: C:\Windows\Tasks\AutoKMS.job =>HackTool.AutoKMS MOVED file: C:\Users\mezoo\Downloads\Programs\my_downloader_installer.exe [Akamai Technologies, Inc. - Akamai NetSession Client Installer] =>.Superfluous.AkamaiHD MOVED folder: C:\WINDOWS\AutoKMS =>HackTool.AutoKMS MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime MOVED folder: C:\WINDOWS\Installer\MSI1579.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI17F0.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI1B4C.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI1C64.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI250C.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI2A27.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI2A4B.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI32D9.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI337C.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI377D.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI3A2E.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI3A7F.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI3B04.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI3CFB.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI3D1D.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI3DD9.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI3FFD.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI4245.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI44A1.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI486B.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI49D5.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI4C16.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI4E78.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI52DE.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI52F5.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI5383.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI53D2.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI54D3.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI5A47.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI5A62.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI65B.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI67D8.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI6C6D.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI7468.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI7586.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI7C7C.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI7C71.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI845C.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI8570.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI8AC6.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSI8E64.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIA8BB.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIB2DD.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIB8C3.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIBD10.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIC70A.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIC783.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSICF3B.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSID26B.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSID7D6.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIDAD5.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIDDA3.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIE6FB.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIED93.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIF13B.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIF285.tmp- =>Empty MOVED folder: C:\WINDOWS\Installer\MSIFB1F.tmp- =>Empty ---\\ Registry ( Key, Value, Data) (7) DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D4788D4-7B93-4B6E-84F9-C34A2CE91F0} [C:\Program Files (x86)\Torntv V9.0 (Not File)] =>PUP.Optional.TornTV DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7D40935-B105-4F07-935-32DDAC91244E} [C:\Program Files (x86)\Torntv V9.0 (Not File)] =>PUP.Optional.TornTV DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0634259-7323-48BB-A7EF-DF6B4201E180} [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (Not File)] =>PUP.Optional.SweetIM DELETED key*: [X64] HKLM\SOFTWARE\Classes\IERichMediaDownloader.IE [Rich Media Downloader] =>PUP.Optional.RichMediaPlayer DELETED key*: [X64] HKLM\SOFTWARE\Classes\TorntvDownloader [] =>PUP.Optional.TornTV DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect DELETED key*: HKCU\SOFTWARE\CD2614266816DA107F6AEBE320D1A132 [] =>Hijacker.Browser ---\\ Summary of the elements found (10) https://www.nicolascoolman.com/fr/adware-imbooster/ =>PUP.Optional.IMBooster https://www.anti-malware.top/2016/06/09/pirate-de-serveur-proxy-hijacker-proxy/ =>Hijacker.Proxy https://www.anti-malware.top/2016/05/04/hacktool-autokms/ =>HackTool.AutoKMS https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.AkamaiHD https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime https://www.nicolascoolman.com/fr/hijacker-torntv/ =>PUP.Optional.TornTV https://www.nicolascoolman.com/fr/pup-sweetim/ =>PUP.Optional.SweetIM https://www.nicolascoolman.com/fr/pup-richmediaplayer/ =>PUP.Optional.RichMediaPlayer https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect https://www.nicolascoolman.com/fr/hijacker-browser/ =>Hijacker.Browser ---\\ Other deletions. (8) ~ Registry Keys Tracing deleted (8) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 1330 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 86 ~ End of clean in 00h00mn21s ~==================== ZHPCleaner-[R]-06082016-00_16_04.txt ZHPCleaner-[S]-06082016-00_14_59.txt