~ ZHPCleaner v2017.2.10.25 by Nicolas Coolman (2017/02/10) ~ Run by Abdo (Administrator) (11/02/2017 09:24:05) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\Abdo\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Abdo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 10586) ---\\ Services (1) [S] FOUND : Service KMSELDI =>HackTool.KMSpico ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (1) FOUND task: [AutoPico Daily Restart] [C:\Program Files\KMSpico\AutoPico.exe] =>HackTool.KMSpico ---\\ Explorer ( File, Folder) (104) FOUND file: C:\Users\Abdo\Desktop\QQPlayer.lnk [Bad : C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe](.Tencent.) =>.Superfluous.Tencent FOUND file: C:\Users\Abdo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnk [Bad : C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe](.Tencent.) =>.Superfluous.Tencent FOUND file: C:\Program Files\KMSpico\Service_KMS.exe [@ByELDI - Service_KMS] =>HackTool.KMSpico FOUND file: C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe [Tencent - كيوكيو بلاير] =>.Superfluous.Tencent FOUND file: C:\Users\Abdo\Desktop\QQPlayer.lnk =>.Superfluous.Tencent FOUND file: C:\Users\Abdo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnk =>.Superfluous.Tencent FOUND file: C:\Program Files\KMSpico\AutoPico.exe [@ByELDI - AutoPico] =>HackTool.KMSpico FOUND file: C:\Windows\Prefetch\LENOVOSHAREIT-WIN.TMP-7D477408.pf =>.Superfluous.SHAREit FOUND file: C:\Windows\Prefetch\LENOVOSHAREIT-WIN.TMP-9C6917BB.pf =>.Superfluous.SHAREit FOUND file: C:\Windows\Installer\wix{7774002B-60B3-4146-BF82-5BF767D468B8}.SchedServiceConfig.rmi =>.Superfluous.Empty FOUND file: C:\Windows\Installer\wix{827F31DC-A307-4A62-B640-840D1A5D2698}.SchedServiceConfig.rmi =>.Superfluous.Empty FOUND file: C:\Windows\Installer\wix{C1578C4F-5453-44FE-A172-01331906BF18}.SchedServiceConfig.rmi =>.Superfluous.Empty FOUND folder: C:\Program Files (x86)\Tencent\QQPlayer =>.Superfluous.Tencent FOUND folder: C:\Program Files (x86)\Tencent =>.Superfluous.Tencent FOUND file: C:\Program Files\KMSpico\DevComponents.DotNetBar2.dll [DevComponents.com - DevComponents.DotNetBar] =>HackTool.KMSpico FOUND file: C:\Program Files\KMSpico\KMSELDI.exe [@ByELDI - KMS GUI ELDI] =>HackTool.KMSpico FOUND file: C:\Program Files\KMSpico\unins000.dat =>HackTool.KMSpico FOUND file: C:\Program Files\KMSpico\unins000.exe [ - Setup/Uninstall] =>HackTool.KMSpico FOUND file: C:\Program Files\KMSpico\UninsHs.exe [Han-soft - Uninstall for InnoSetup by Han-soft] =>HackTool.KMSpico FOUND file: C:\Program Files\KMSpico\Vestris.ResourceLib.dll [Vestris Inc. - ResourceLib] =>HackTool.KMSpico FOUND file: C:\Program Files\KMSpico\WinDivert.dll =>HackTool.KMSpico FOUND file: C:\Program Files\KMSpico\WinDivert.sys [Basil Projects - WinDivert network packet capture and (re)in] =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico\cert =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico\driver =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico\icons =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico\logs =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico\scripts =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico\sounds =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico\TokensBackup =>HackTool.KMSpico FOUND folder: C:\Program Files\KMSpico =>HackTool.KMSpico FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk =>HackTool.KMSpico FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk =>HackTool.KMSpico FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk =>HackTool.KMSpico FOUND file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk =>HackTool.KMSpico FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico FOUND folder: C:\Users\Abdo\AppData\Roaming\Tencent\QQPlayer =>.Superfluous.Tencent FOUND folder: C:\Users\Abdo\AppData\Roaming\Tencent =>.Superfluous.Tencent FOUND folder: C:\Windows\Installer\MSI103E.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI1252.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI12D.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI18FE.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI1F87.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI218B.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI219.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI2209.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI25D.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI287.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI2921.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI2A6A.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI2B57.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI2ED5.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI2F82.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI3040.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI344C.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI3556.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI3622.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI36FE.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI41.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI5EAC.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI647B.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI655B.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI65D9.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI6657.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI6752.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI6A12.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI75D2.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI774A.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI77E8.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI7894.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI819F.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI9279.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI95A8.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI975F.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI9898.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI9B68.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI9BF6.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI9CB2.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI9DF0.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSI9EFA.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIA034.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIA11F.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIA595.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIA651.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIAF.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIC35.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIDDC.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIE09C.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIE3.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIE763.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIE987.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIEA44.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIF0FF.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIF15B.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIF573.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIF9CA.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFB35.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFBCF.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFC8D.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFCFC.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFDB8.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFE46.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFEC4.tmp- =>.Superfluous.Empty FOUND folder: C:\Windows\Installer\MSIFFB3.tmp- =>.Superfluous.Empty FOUND folder: C:\Users\Abdo\AppData\Local\Temp\chrome_BITS_6312_909 =>.Superfluous.Empty ---\\ Registry ( Key, Value, Data) (17) FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe](.@ByELDI.) =>HackTool.KMSpico FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe] =>HackTool.KMSpico FOUND key: HKEY_USERS\S-1-5-21-2940119149-3528213125-3126080836-1001\SOFTWARE\Tencent [] =>.Superfluous.Tencent FOUND key: HKCU\Software\Tencent [] =>.Superfluous.Tencent FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQPlayer [Tencent] =>.Superfluous.Tencent FOUND key: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector [Protector Class] =>PUP.Optional.BProtector FOUND key: [X64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [Protector Class] =>PUP.Optional.BProtector FOUND key: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [ProtectorLib Class] =>PUP.Optional.BProtector FOUND key: [X64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [ProtectorLib Class] =>PUP.Optional.BProtector FOUND key: [X64] HKLM\SOFTWARE\Classes\StartSearchExt.StartSearchTool [StartSearchTool Class] =>PUP.Optional.StartSearch FOUND key: [X64] HKLM\SOFTWARE\Classes\StartSearchExt.StartSearchTool.1 [StartSearchTool Class] =>PUP.Optional.StartSearch FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{960495F9-F09C-4CB9-A101-A19EC6218CF0} [StartSearchTool Class] =>PUP.Optional.StartSearch FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [] =>HackTool.KMSpico FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico] =>HackTool.KMSpico FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent [] =>.Superfluous.Tencent FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect FOUND key: [X64] HKLM\SOFTWARE\Classes\CLSID\{960495F9-F09C-4CB9-A101-A19EC6218CF0}\InprocServer32 [C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS PDM\StartSearchExt.dll] =>PUP.Optional.StartSearch ---\\ Summary of the elements found (7) https://www.anti-malware.top/2016/09/08/hacktool-kmspico/ =>HackTool.KMSpico https://www.nicolascoolman.com/fr/adware-tencentaddressbar/ =>.Superfluous.Tencent https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.SHAREit https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty https://www.anti-malware.top/2016/04/30/pup-optional-bprotector/ =>PUP.Optional.BProtector https://www.nicolascoolman.com/fr/pup-optional-startsearch/ =>PUP.Optional.StartSearch https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 92874 ~ Items found : 129 ~ Items cancelled : 0 ~ Items repaired : 0 ~ End of search in 00h05mn44s ~==================== ZHPCleaner-[S]-11022017-09_29_49.txt