~ ZHPCleaner v2017.8.29.147 by Nicolas Coolman (2017/08/29)
~ Run by NET1 (Administrator)  (01/09/2017 11:29:13)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\NET1\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\NET1\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Ultimate, 64-bit  (Build 7600)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (39)
DELETED: [cjc3j2f3.default] - user_pref("extensions.BabylonToolbar_i.newTab", true);  =>Adware.Babylon
DELETED: [cjc3j2f3.default] - user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://www.claro-search.com/?affID=116677&tt=091[...]  =>Adware.Babylon
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.admin", false);  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.aflt", "babsst");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.dfltLng", "en");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.excTlbr", false);  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.id", "5a62142d00000000000000214fb317e5");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.instlDay", "15685");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.instlRef", "sst");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.prdct", "claro");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.prtnrId", "claro");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.tlbrId", "base");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.tlbrSrchUrl", "");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.vrsn", "1.8.3.10");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro.vrsni", "1.8.3.10");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro_i.smplGrp", "none");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.claro_i.vrsnTs", "1.8.3.1011:40:07");  =>PUP.Optional.ClaroSearch
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.admin", false);  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.aflt", "babsst");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.autoRvrt", "false");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.dfltLng", "en");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.excTlbr", false);  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.ffxUnstlRst", false);  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.id", "5a62142d00000000000000214fb317e5");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.instlDay", "15980");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.instlRef", "sst");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.newTab", false);  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.prdct", "searchgol");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.prtnrId", "searchgol");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.rvrt", "false");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.smplGrp", "none");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.tlbrId", "base");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.tlbrSrchUrl", "");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.vrsn", "1.8.16.19");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.vrsnTs", "1.8.16.1923:12:12");  =>PUP.Optional.SearchGol
DELETED: [cjc3j2f3.default] - user_pref("extensions.searchgol.vrsni", "1.8.16.19");  =>PUP.Optional.SearchGol
REPLACED Google Chrome Preferences: "http://www.searchgol.com/"  =>PUP.Optional.SearchGol


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (12)
MOVED file: C:\Users\NET1\AppData\Roaming\Mozilla\Firefox\Profiles\cjc3j2f3.default\searchplugins\searchgol.xml    =>PUP.Optional.SearchGol
MOVED file: C:\Users\NET1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibnjmihbbanannlbobkbmnmckjnmdnom_0.localstorage    =>PUP.Optional.RocketNewTab
MOVED file: C:\Users\NET1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchgol.com_0.localstorage    =>PUP.Optional.SearchGol
MOVED file: C:\Users\NET1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchgol.com_0.localstorage-journal    =>PUP.Optional.SearchGol
MOVED file: C:\Documents and Settings\Sashka\Downloads\LVD-SAE@iacsearchandmedia.com.xpi    =>PUP.Optional.IACSearchAndMedia
MOVED folder*: C:\Users\NET1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak  =>Hijacker.Browser [http://www.interoperabilitybridges.com/ChromeWMP/w]
MOVED folder*: C:\Users\NET1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom  =>PUP.Optional.RocketNewTab
MOVED folder*: C:\Users\NET1\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnjmihbbanannlbobkbmnmckjnmdnom  =>PUP.Optional.RocketNewTab
MOVED folder*: C:\ProgramData\Babylon  =>Adware.Babylon
MOVED folder*: C:\Users\NET1\AppData\Roaming\Babylon  =>Adware.Babylon
MOVED folder*: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVED folder*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


---\\  Registry ( Key, Value, Data) (54)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [http://www.claro-search.com/?q={searchTerms}&affID=116677&tt=091212_621_5012_5&babsrc=SP_ss&mntrId=5[...]] [Claro Search]  =>PUP.Optional.ClaroSearch
DELETED key*: HKCU\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom []  =>PUP.Optional.RocketNewTab
DELETED key*: [X64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom []  =>PUP.Optional.RocketNewTab
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom []  =>PUP.Optional.RocketNewTab
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [http://www.claro-search.com/?q={searchTerms}&affID=116677&tt=091212_621_5012_5&babsrc=SP_ss&mntrId=5a62142d00000000000000214fb317e5]  =>PUP.Optional.ClaroSearch
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97 [Avast Software]  =>PUM.Misplaced.Certificate
DELETED key*: HKCU\SOFTWARE\Rocket Browser []  =>PUP.Optional.RocketBrowser
DELETED key*: HKCU\Software\InstallCore\1I1T1Q1S []  =>Heuristic.InstallCore
DELETED key*: HKCU\Software\InstallCore\Custom []  =>Heuristic.InstallCore
DELETED key*: HKCU\Software\InstallCore\Uninstall []  =>Heuristic.InstallCore
DELETED key*: HKEY_USERS\S-1-5-21-1113787428-1424384801-3093382837-1000\SOFTWARE\BabSolution []  =>PUP.Optional.BabSolution
DELETED key*: HKEY_USERS\S-1-5-21-1113787428-1424384801-3093382837-1000\SOFTWARE\DataMngr []  =>PUP.Optional.Datamngr
DELETED key*: HKEY_USERS\S-1-5-21-1113787428-1424384801-3093382837-1000\SOFTWARE\InstallCore []  =>Adware.InstallCore
DELETED key: HKEY_USERS\S-1-5-21-1113787428-1424384801-3093382837-1000\SOFTWARE\Rocket Browser []  =>PUP.Optional.RocketBrowser
DELETED key: HKCU\Software\BabSolution []  =>PUP.Optional.BabSolution
DELETED key: HKCU\Software\DataMngr []  =>PUP.Optional.Datamngr
DELETED key: HKCU\Software\InstallCore []  =>Adware.InstallCore
DELETED key*: HKCU\Software\TeleCharger []  =>.SUP.Downloader
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Prod.cap []  =>PUP.Optional.ClaroSearch
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi [ScriptHelperApi Class]  =>Toolbar.Agent
DELETED key*: [X64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 [ScriptHelperApi Class]  =>Toolbar.Agent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Babylon []  =>Adware.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\DataMngr []  =>PUP.Optional.Datamngr
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 []  =>PUP.Optional.BabSolution
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS []  =>PUP.Optional.BabSolution
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32 []  =>Adware.Babylon
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS []  =>Adware.Babylon
DELETED key*: HKCU\SOFTWARE\5e57d8dbb538ee15 [mngr.exe]  =>Hijacker.Browser


---\\  Summary of the elements found (16)
https://nicolascoolman.eu/2017/03/03/adware-babylon/  =>Adware.Babylon
https://www.nicolascoolman.com/fr/pup-clarosearch/  =>PUP.Optional.ClaroSearch
https://www.nicolascoolman.com/fr/hijacker-searchgol/  =>PUP.Optional.SearchGol
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.RocketNewTab
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.IACSearchAndMedia
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Hijacker.Browser [http://www.interoperabilitybridges.com/ChromeWMP/w]
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/06/26/trojan-certlock/  =>PUM.Misplaced.Certificate
https://www.nicolascoolman.com/fr/pup-optional-rocketbrowser/  =>PUP.Optional.RocketBrowser
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Heuristic.InstallCore
https://www.nicolascoolman.com/fr/hijacker-babsolution/  =>PUP.Optional.BabSolution
https://www.nicolascoolman.com/fr/pup-datamngr/  =>PUP.Optional.Datamngr
https://nicolascoolman.eu/2017/03/12/adware-installcore-2/  =>Adware.InstallCore
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Downloader
https://www.nicolascoolman.com/fr/?p=5143  =>Toolbar.Agent
https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/  =>Hijacker.Browser


---\\  Other deletions. (135)
~ Registry Keys Tracing deleted (135)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1369
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 105


~ End of clean in 00h01mn28s
~====================
ZHPCleaner-[R]-01092017-11_30_41.txt
ZHPCleaner-[S]-01092017-11_28_00.txt