~ ZHPCleaner v2016.12.21.221 by Nicolas Coolman (2016/12/21) ~ Run by Fabrice (Administrator) (24/12/2016 09:35:14) ~ Web: https://www.nicolascoolman.com ~ Blog: https://www.anti-malware.top ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Repair ~ Report : C:\Users\Fabrice\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Fabrice\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) ---\\ Services (1) CLOSED : ExpressVpnService =>PUP.Optional.ServiceManager ---\\ Browser internet (1) REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [http://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&trgb=IE&p2=%5EBE7%5E[...]] =>Toolbar.Ask ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (25) MOVED file: C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [Public Domain; Author Iain Patterson 2003-2014 - The non-sucking service manager] => MOVED file: C:\Windows\Prefetch\AMZNSEARCHPROTECT.EXE-69CB8B09.pf => MOVED file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi => MOVED file: C:\Windows\Installer\wix{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}.SchedServiceConfig.rmi => MOVED file: C:\Windows\Installer\wix{AA11FD16-297F-452D-9015-F9014303CDD3}.SchedServiceConfig.rmi => MOVED file: C:\Windows\Installer\wix{B6DCCCD3-520D-4485-B642-FCC136CE12C3}.SchedServiceConfig.rmi => MOVED file: C:\Windows\Installer\wix{FA378CD1-F32D-4610-9884-3902DF8AF826}.SchedServiceConfig.rmi => MOVED file: C:\Windows\Installer\wix{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}.SchedServiceConfig.rmi => MOVED file: C:\Users\Fabrice\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data => MOVED file: C:\Users\Fabrice\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences => MOVED file: C:\Windows\Installer\{4F524A2D-5637-2D53-4154-A758B70C2D01}\ToolbarIcon.exe => MOVED file*: C:\Windows\Installer\{4F524A2D-5637-006A-76A7-A758B70C2E00}\ToolbarIcon.exe => MOVED folder: C:\Users\Fabrice\AppData\Roaming\Delta =>.Superfluous.DeltaSearch MOVED folder: C:\Users\Fabrice\Music\iMesh =>.Superfluous.iMesh MOVED folder: C:\Windows\Installer\MSI30E1.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSI3A0B.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSI3BCA.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSI3BF.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSI3CA6.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSI3D91.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSI3EBA.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSI68A8.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSIA4D0.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSICF3B.tmp- =>.Superfluous.Empty MOVED folder: C:\Windows\Installer\MSIF69.tmp- =>.Superfluous.Empty ---\\ Registry ( Key, Value, Data) (33) DELETED value: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5637-2D53-4154-7A786E7484D7} [Ask Shopping Toolbar] =>PUP.Optional.APNToolBar DELETED value: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5637-2D53-4154-7A786E7484D7} [Ask Shopping Toolbar] =>PUP.Optional.APNToolBar DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7} [Ask Toolbar BHO] =>Toolbar.AskTBar DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-2D53-4154-7A786E7484D7} [Ask Shopping Toolbar BHO] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\Software\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7} [Ask Toolbar] =>Toolbar.AskTBar DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-2D53-4154-7A786E7484D7} [] =>PUP.Optional.Bandoo DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-2D53-4154-7A786E7484D7} [] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\Software\Classes\CLSID\{4F524A2D-5637-2D53-4154-7A786E7484D7} [Ask Shopping Toolbar] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4F524A2D-5637-2D53-4154-7A786E7484D7} [Ask Shopping Toolbar] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-2D53-4154-7A786E7484D7} [Ask Shopping Toolbar BHO] =>PUP.Optional.Bandoo DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\ExpressVpnService [C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (Not File)] =>PUP.Optional.ServiceManager DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\calendarspark.dl.myway.com [12] =>.Superfluous.MindSpark DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\filmfanatic2.dl.myway.com [12] =>.Superfluous.MindSpark DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\putlocker.com [] =>PUP.Optional.PutLocker DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safepcrepair.dl.myway.com [12] =>.Superfluous.SafePCRepair DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.audienceinsights.net [43] =>.Superfluous.AudienceInsights DELETED key*: [X64] HKLM\SOFTWARE\Classes\d [escrtAx Object] =>PUP.Optional.Generic DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\D2A425F47365A600677A7A857BC0E200 [Ask Toolbar] =>Toolbar.AskTBar DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>PUP.Optional.APNToolBar DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>PUP.Optional.APNToolBar DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-006A-76A7-A758B70C2E00} [APN, LLC] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-2D53-4154-A758B70C2D01} [APN, LLC] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE} [C:\Program Files (x86)\iMesh Applications\iMesh (Not File)] =>.Superfluous.iMesh DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>PUP.Optional.APNToolBar DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D} [C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (Not File)] =>PUP.Optional.APNToolBar DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\D2A425F4736535D214457A857BC0D210 [Ask Shopping Toolbar] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\D2A425F4736535D214457A857BC0D210 [] =>PUP.Optional.Bandoo DELETED key*: [X64] HKLM\Software\Classes\Installer\Features\D2A425F47365A600677A7A857BC0E200 [] =>Toolbar.AskTBar DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}\InprocServer32 ["C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll" (Not File)] =>Toolbar.AskTBar DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5637-2D53-4154-7A786E7484D7}\InprocServer32 ["C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\Passport_x64.dll" (Not File)] =>PUP.Optional.APNToolBar DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{7ECBC3BB-D3E6-4495-9733-051320F809B4} [C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe] =>.Superfluous.iMesh ---\\ Summary of the elements found (14) https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.ServiceManager https://www.anti-malware.top/2016/09/22/toolbar-ask/ =>Toolbar.Ask https://www.nicolascoolman.com/fr/toolbar-deltasearch/ =>.Superfluous.DeltaSearch https://www.nicolascoolman.com/fr/pup-imesh/ =>.Superfluous.iMesh https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.Empty https://www.nicolascoolman.com/fr/repaquetage-et_infections/ =>PUP.Optional.APNToolBar https://www.nicolascoolman.com/fr/?p=5143 =>Toolbar.AskTBar https://www.nicolascoolman.com/fr/adware-bandoo/ =>PUP.Optional.Bandoo https://www.anti-malware.top/2016/05/29/superfluous-mindspark/ =>.Superfluous.MindSpark https://www.nicolascoolman.com/fr/spyware-putlocker/ =>PUP.Optional.PutLocker https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.SafePCRepair https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.AudienceInsights https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/ =>PUP.Optional.Generic https://www.anti-malware.top/2016/04/22/heuristic-suspect/ =>Heuristic.Suspect ---\\ Other deletions. (39) ~ Registry Keys Tracing deleted (39) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 392 ~ Items found : 0 ~ Items cancelled : 1 ~ Items repaired : 60 ~ End of clean in 00h00mn58s ~==================== ZHPCleaner-[R]-24122016-09_36_12.txt ZHPCleaner-[S]-24122016-09_32_23.txt