Script ZHPFix O23 - Service: AdBlockerService (AdBlockerService) . (.Star Line - AdBlockerService.) - C:\Program Files (x86)\AdBlocker\AdBlockerService.exe =>PUP.Optional.Adblocker O23 - Service: NetMedia Service (NetAdapterService) . (.CloudBees, Inc. - Windows Service Wrapper.) - C:\Program Files (x86)\jetstrmedia\NetMedia\service.exe =>Adware.iBryte =>Adware.iBryte O23 - Service: svchostwork tiny proxy server (svchostwork) . (...) - C:\Program Files (x86)\jetstrmedia\NetMedia\svchostwork.exe =>Adware.iBryte =>Adware.iBryte SR - Auto [30/06/2017] [ 326144] AdBlockerService (AdBlockerService) . (.Star Line.) - C:\Program Files (x86)\AdBlocker\AdBlockerService.exe =>PUP.Optional.Adblocker SR - Auto [30/06/2017] [ 326144] NetMedia Service (NetAdapterService) . (.CloudBees, Inc..) - C:\Program Files (x86)\jetstrmedia\NetMedia\service.exe =>Adware.iBryte =>Adware.iBryte SR - Auto [30/06/2017] [ 326144] svchostwork tiny proxy server (svchostwork) . (...) - C:\Program Files (x86)\jetstrmedia\NetMedia\svchostwork.exe =>Adware.iBryte =>Adware.iBryte [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [AdapterUpdater] (.Node.js.) -- C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe [25889032] (.Activate.) =>Adware.iBryte [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [NetAdapterServicesTask] (...) -- C:\Program Files (x86)\jetstrmedia\NetMedia\NetAdapterServiceRunner.vbs [449] (.Activate.) =>Adware.iBryte [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [NetAdapterUpdate] (.Node.js.) -- C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe [25889032] (.Activate.) =>Adware.iBryte [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [NoTask] (...) -- C:\Program Files (x86)\jetstrmedia\NetMedia\Nos.vbs [109] (.Activate.) =>Adware.iBryte [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [updater] (.devnull.) -- C:\Program Files (x86)\devnull\NetAdapterUpdate\updater.exe [615176] (.Activate.) =>Adware.iBryte O39 - APT: updater - (.devnull.) -- C:\WINDOWS\System32\Tasks\AdapterUpdater [3796] =>Adware.iBryte O39 - APT: NetAdapterServicesTask - (...) -- C:\WINDOWS\System32\Tasks\NetAdapterServicesTask [3632] =>Adware.iBryte O39 - APT: NetAdapterUpdate - (.Node.js.) -- C:\WINDOWS\System32\Tasks\NetAdapterUpdate [3800] =>Adware.iBryte O39 - APT: NoTask - (...) -- C:\WINDOWS\System32\Tasks\NoTask [3224] =>Adware.iBryte O39 - APT: updater - (.devnull.) -- C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3894] =>Adware.iBryte O39 - APT: updater - (.devnull.) -- C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} [3654] =>Adware.iBryte O39 - APT: updater - (.devnull.) -- C:\WINDOWS\System32\Tasks\updater [3764] =>Adware.iBryte [MD5.F9B4ED097AC7157FFD3DB9054E0506BC] - (.Star Line - AdBlockerService.) -- C:\Program Files (x86)\AdBlocker\AdBlockerService.exe [110080] [PID.2108] =>PUP.Optional.Adblocker [MD5.830845EC2A24868D32839CCF384A0DDC] - (.CloudBees, Inc. - Windows Service Wrapper.) -- C:\Program Files (x86)\jetstrmedia\NetMedia\service.exe [393976] [PID.22660] =>Adware.iBryte [MD5.BD9386A08FFE416B7FC377A05C3274C5] - (.Node.js - Node.js: Server-side JavaScript.) -- C:\Program Files (x86)\jetstrmedia\NetMedia\NetAdapter.exe [25814776] [PID.22600] =>Adware.iBryte [MD5.7971EBDB5DA5C60D0B3F3D8523D94EC7] - (...) -- C:\Program Files (x86)\jetstrmedia\NetMedia\svchostwork.exe [615160] [PID.21800] =>Adware.iBryte G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.delta-homes.com/ =>PUP.Optional.Qvo6 O4 - GS\Quicklaunch [Administrateur]: Launch Internet-Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www%2dsearching.com/?prd=set_epc&s=H6Czbcnbl1AU,f80e3864-1305-48b8-be61-c614c17f9436, =>PUP.Optional.Salus O4 - GS\TaskBar [Administrateur]: Microsoft Edge.lnk . (.Microsoft Corporation - Explorateur Windows.) C:\Windows\explorer.exe microsoft-edge:http://www%2dsearching.com/ =>PUP.Optional.SearchingCom O4 - GS\TaskBar [Administrateur]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com/ =>PUP.Optional.SearchingCom O4 - GS\Quicklaunch [Sebastien]: Launch Internet-Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www%2dsearching.com/?prd=set_epc&s=H6Czbcnbl1AU,f80e3864-1305-48b8-be61-c614c17f9436, =>PUP.Optional.Salus O4 - GS\TaskBar [Sebastien]: Microsoft Edge.lnk . (.Microsoft Corporation - Explorateur Windows.) C:\Windows\explorer.exe microsoft-edge:http://www%2dsearching.com/ =>PUP.Optional.SearchingCom O4 - GS\TaskBar [Sebastien]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com/ =>PUP.Optional.SearchingCom O4 - GS\CommonDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com/ =>PUP.Optional.SearchingCom O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www-searching.com/ =>PUP.Optional.SearchingCom O42 - Logiciel: NetAdapterUpdate - (.devnull.) [HKLM][64Bits] -- {ECAC9BEA-AD3F-49AF-A964-4CBC81DCFEDD} =>Adware.iBryte O42 - Logiciel: NetMedia - (.jetstrmedia.) [HKLM][64Bits] -- {75D563F2-A567-4815-A2E2-080D3503E209} =>Adware.iBryte O42 - Logiciel: OtherSearch - (.Skyler Emil.) [HKLM][64Bits] -- OtherSearch =>Adware.FastSearch HKLM\SOFTWARE\Wow6432Node\devnull =>Adware.iBryte HKLM\SOFTWARE\Wow6432Node\jetstrmedia =>Adware.iBryte HKLM\SOFTWARE\Wow6432Node\OtherSearch =>Adware.FastSearch HKLM\SOFTWARE\Wow6432Node\Soci2Sear Browser Enhancer =>PUP.Optional.Wajam HKCU\SOFTWARE\Interstatnogui =>Adware.UserMon HKCU\SOFTWARE\AppDataLow\Software\AppTrailers =>Adware.AppTrailers O43 - CFD: 22/06/2017 - [] D -- C:\Program Files (x86)\AdBlocker =>PUP.Optional.Adblocker O43 - CFD: 21/06/2017 - [] D -- C:\Program Files (x86)\devnull =>Adware.iBryte O43 - CFD: 15/07/2017 - [] D -- C:\Program Files (x86)\jetstrmedia =>Adware.iBryte O43 - CFD: 20/06/2017 - [0] D -- C:\Users\Sebastien\AppData\Roaming\Interstatnogui =>Adware.UserMon O43 - CFD: 07/06/2017 - [] D -- C:\Users\Sebastien\AppData\Local\AppTrailers =>Adware.AppTrailers O69 - SBI: prefs.js [Sebastien - zbwu4j4s.default] user_pref("browser.newtab.url", "http://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H6Czbcnbl1AU,f80e3864-1305-48b8-be61-c[...] =>PUP.Optional.SearchingCom O69 - SBI: prefs.js [Sebastien - zbwu4j4s.default] user_pref("extensions.homepage@mail.ru.lastHomepage", "http://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H6Czbcnbl1AU,f80[...] =>PUP.Optional.SearchingCom O69 - SBI: prefs.js [Sebastien - zbwu4j4s.default] user_pref("keyword.URL", "http://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H6Czbcnbl1AU,[...] =>PUP.Optional.SearchingCom O69 - SBI: SearchScopes [HKCU] {107393A5-6A7D-4C98-A975-3AC2821907F2} - (Searching) - http://www-searching.com/ =>PUP.Optional.SearchingCom [MD5.] [WIS][2017/07/03 21:16:37] (.jetstrmedia - Advanced Installer 14.1.1 build 79451.) -- C:\WINDOWS\Installer\229ca24.msi [4073984] =>Adware.iBryte [MD5.] [WIS][2017/06/21 07:16:37] (.devnull - Advanced Installer 14.0.2 build 78593.) -- C:\WINDOWS\Installer\53b1bb1.msi [4421632] =>Adware.iBryte [HKLM\SYSTEM\CurrentControlSet\Services\AdBlockerService] =>PUP.Optional.Adblocker C:\Program Files (x86)\AdBlocker\AdBlockerService.exe =>PUP.Optional.Adblocker [HKLM\SYSTEM\CurrentControlSet\Services\NetAdapterService] =>Adware.iBryte C:\Program Files (x86)\jetstrmedia\NetMedia\service.exe =>Adware.iBryte [HKLM\SYSTEM\CurrentControlSet\Services\svchostwork] =>Adware.iBryte C:\Program Files (x86)\jetstrmedia\NetMedia\svchostwork.exe =>Adware.iBryte C:\Program Files (x86)\jetstrmedia\NetMedia\NetAdapterServiceRunner.vbs =>Adware.iBryte C:\Program Files (x86)\jetstrmedia\NetMedia\Nos.vbs =>Adware.iBryte C:\WINDOWS\System32\Tasks\NetAdapterServicesTask =>Adware.iBryte C:\WINDOWS\System32\Tasks\NoTask =>Adware.iBryte [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OtherSearch] =>Adware.FastSearch [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75D563F2-A567-4815-A2E2-080D3503E209}] =>Adware.iBryte [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ECAC9BEA-AD3F-49AF-A964-4CBC81DCFEDD}] =>Adware.iBryte [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OtherSearch] =>Adware.FastSearch [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{75D563F2-A567-4815-A2E2-080D3503E209}] =>Adware.iBryte [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ECAC9BEA-AD3F-49AF-A964-4CBC81DCFEDD}] =>Adware.iBryte C:\Program Files (x86)\AdBlocker =>PUP.Optional.Adblocker C:\Users\Sebastien\AppData\Roaming\Interstatnogui =>Adware.UserMon C:\Users\Sebastien\AppData\Local\AppTrailers =>Adware.AppTrailers [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{107393A5-6A7D-4C98-A975-3AC2821907F2}] =>PUP.Optional.SearchingCom C:\WINDOWS\Installer\229ca24.msi =>Adware.iBryte C:\WINDOWS\Installer\53b1bb1.msi =>Adware.iBryte O23 - Service: Jszip Virtual Driver Service (JszipService) . (...) - C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe (.not file.) =>.Superfluous.Elex [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [VB0JLO6lbo] (...) -- C:\Program Files (x86)\5e1n843J6z\updengine.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [Microsoft\Windows\Multimedia\Logon] (...) -- C:\Users\Sebastien\AppData\Roaming\Windows_x64_nheqminer-5c\Zcash.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [Microsoft\Windows\Windows Error Reporting\VideErroroReporting] (...) -- C:\ProgramData\WindowsVideoErrorReporting\wvermgr.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty [MD5.12223B30C3A7E22F5C23D95ACA3E6722] [APT] [NCH Software\VoxalDowngrade] (...) -- C:\Program Files (x86)\NCH Software\Voxal\voxal.exe (.not file.) [0] (.Activate.) =>.Superfluous.Empty O39 - APT: ac5cd09fe35a156bd2ebf1996e2267db - (...) -- C:\WINDOWS\System32\Tasks\ac5cd09fe35a156bd2ebf1996e2267db [3294] (.Orphan.) =>.Superfluous.Orphan O39 - APT: VB0JLO6lbo - (...) -- C:\WINDOWS\System32\Tasks\VB0JLO6lbo [2052] (.Orphan.) =>.Superfluous.Orphan M0 - MFSP: prefs.js [Sebastien - zbwu4j4s.default] http://mail.ru/ O42 - Logiciel: Online Application - (.Microleaves.) [HKLM][64Bits] -- {5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} =>.Superfluous.Microleaves HKLM\SOFTWARE\Wow6432Node\Event Monitor =>.Superfluous.EventMonitor HKLM\SOFTWARE\Wow6432Node\JiSuZip =>.Superfluous.Elex HKLM\SOFTWARE\Wow6432Node\Microleaves =>.Superfluous.Microleaves HKCU\SOFTWARE\Event Monitor =>.Superfluous.EventMonitor HKCU\SOFTWARE\JiSuZip =>.Superfluous.Elex O43 - CFD: 23/06/2017 - [] D -- C:\Program Files (x86)\Accelerer PC {1FA0D67D60CA1E747E6FBD496E484B0D} =>.Superfluous.PCSpeedUp O43 - CFD: 07/07/2015 - [0] D -- C:\Program Files (x86)\GUM8A15.tmp O43 - CFD: 07/06/2017 - [] D -- C:\Program Files (x86)\Maoha =>.Superfluous.Elex O43 - CFD: 12/06/2017 - [] D -- C:\Program Files (x86)\Microleaves =>.Superfluous.Microleaves O43 - CFD: 14/06/2017 - [] D -- C:\Program Files (x86)\pccleanplus =>.Superfluous.PCCleanPlus O43 - CFD: 12/06/2017 - [] D -- C:\ProgramData\3ad5ccff-2701-1 =>.Superfluous.Polluteware O43 - CFD: 12/06/2017 - [] D -- C:\ProgramData\3ad5ccff-4c35-0 =>.Superfluous.Polluteware O43 - CFD: 12/06/2017 - [] D -- C:\Users\Sebastien\AppData\Roaming\Microleaves =>.Superfluous.Microleaves O43 - CFD: 22/07/2015 - [] D -- C:\Users\Sebastien\AppData\Roaming\RHEng =>.Superfluous.Conduit O43 - CFD: 07/06/2017 - [] D -- C:\Users\Sebastien\AppData\Local\CrashRpt =>.Superfluous.CrashReports O43 - CFD: 23/06/2017 - [0] D -- C:\Users\Sebastien\AppData\Local\InetInfo User empty folders CLSID founds (4). Clean with ZHPFix 'EmptyCLSID' command =>.Superfluous.Empty.CLSID O45 - LFCP:[MD5.84AC601404C59A3EB749AEEB5113C7BF] 23/06/2017 A -- C:\WINDOWS\Prefetch\PCSUUCC.EXE-9E574FB4.pf =>.Superfluous.PCSpeedUp O58 - SDL:2017/06/12 14:59:08 A . (.Auteurs - .) -- C:\WINDOWS\System32\drivers\NetUtils2016.sys [907160] =>.Superfluous.Netutils O87 - FAEL: "TCP Query User{772DB54A-11EB-4EA2-BA9B-3CD777F144AF}C:\revelation online\game\tw2_p.exe" [In-None-P6-TRUE] .(...) -- C:\revelation online\game\tw2_p.exe (.not file.) O87 - FAEL: "UDP Query User{2F9B0D67-18E4-4BD2-AC37-2DBD323BE406}C:\revelation online\game\tw2_p.exe" [In-None-P17-TRUE] .(...) -- C:\revelation online\game\tw2_p.exe (.not file.) [MD5.] [WIS][2017/04/18 16:15:45] (.Microleaves - Advanced Installer 13.8.1 build 77369.) -- C:\WINDOWS\Installer\8bbceb.msi [2752000] =>.Superfluous.Microleaves [HKLM\SYSTEM\CurrentControlSet\Services\JszipService] =>.Superfluous.Elex [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}] =>.Superfluous.Microleaves [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}] =>.Superfluous.Microleaves C:\Program Files (x86)\Accelerer PC =>.Superfluous.PCSpeedUp C:\Program Files (x86)\Maoha =>.Superfluous.Elex C:\Program Files (x86)\pccleanplus =>.Superfluous.PCCleanPlus C:\ProgramData\3ad5ccff-2701-1 =>.Superfluous.Polluteware C:\ProgramData\3ad5ccff-4c35-0 =>.Superfluous.Polluteware C:\Users\Sebastien\AppData\Roaming\Microleaves =>.Superfluous.Microleaves C:\Users\Sebastien\AppData\Roaming\RHEng =>.Superfluous.Conduit C:\Users\Sebastien\AppData\Local\CrashRpt =>.Superfluous.CrashReports C:\WINDOWS\Prefetch\PCSUUCC.EXE-9E574FB4.pf =>.Superfluous.PCSpeedUp C:\WINDOWS\System32\drivers\NetUtils2016.sys =>.Superfluous.Netutils C:\WINDOWS\Installer\8bbceb.msi =>.Superfluous.Microleaves [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified O17 - HKLM\System\CCS\Services\Tcpip\..\{3306a698-5de1-4793-af43-e2a2652f71e4}: DhcpNameServer = 172.18.13.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{54fac8fb-3c13-4e92-868e-7eb779cb30bd}: DhcpNameServer = 172.18.11.1 HKCU\SOFTWARE\Pritc HKCU\SOFTWARE\WiseRar O43 - CFD: 12/06/2017 - [] D -- C:\Users\Sebastien\AppData\Local\AdvinstAnalytics O43 - CFD: 16/06/2017 - [] D -- C:\Users\Default\AppData\Local\AdvinstAnalytics O43 - CFD: 16/06/2017 - [] D -- C:\Users\Default User\AppData\Local\AdvinstAnalytics O43 - CFD: 16/06/2017 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\AdvinstAnalytics SysRestore FirewallRaz EmptyPrefetch EmptyCLSID EmptyFlash Emptytemp ShortcutFix