~ ZHPCleaner v2018.3.31.56 by Nicolas Coolman (2018/03/31)
~ Run by Myriam (Administrator)  (31/03/2018 12:40:08)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Myriam\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Myriam\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8, 64-bit  (Build 9200)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (29)
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.irmysearch.aflt", "dnld2msd");  =>PUP.Optional.MyWebSearch
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0CtD0DzyyCtByCyC0B0D0FtA0D0F0AyEtN0D0Tzu0CyCt[...]  =>PUP.Optional.MyWebSearch
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.irmysearch.cr", "298223812");  =>PUP.Optional.MyWebSearch
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.irmysearch.instlRef", "");  =>PUP.Optional.MyWebSearch
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.aflt", "dnld2msd");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CtD0DzyyCtByCyC0B0D0FtA0D0F0AyEtN0D0Tzu0Cy[...]  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.cr", "298223812");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.dfltLng", "");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.dfltSrch", true);  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.dnsErr", true);  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.excTlbr", false);  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.hmpg", true);  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=dnld2msd&cd=2Xzuy[...]  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.id", "C0D96266BDF3DFA4");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.instlDay", "15955");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.instlRef", "");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=dnld2msd&cd=2Xz[...]  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.prdct", "mysearchdial");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.tlbrId", "base");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=dnld2msd&cd=2[...]  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.vrsn", "");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial.vrsni", "");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial_i.hmpg", true);  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial_i.newTab", false);  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial_i.smplGrp", "none");  =>Adware.MySearchDial
DELETED: [auux7g6s.default-1378140617709] - user_pref("extensions.mysearchdial_i.vrsnTs", "19:42:11");  =>Adware.MySearchDial


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (21)
MOVED file: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\storage\default\https+++www.trainingmask.com\.metadata    =>Toolbar.Ask
MOVED file: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\storage\default\https+++www.trainingmask.com\.metadata-v2    =>Toolbar.Ask
MOVED file: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\storage\default\https+++www.trainingmask.com\idb\3166459941jsu.sqlite    =>Toolbar.Ask
MOVED file: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\storage\default\http+++gameofthrones.wikia.com\.metadata    =>.SUP.IronSourceLtd
MOVED file: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\storage\default\http+++gameofthrones.wikia.com\.metadata-v2    =>.SUP.IronSourceLtd
MOVED file: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\auux7g6s.default-1378140617709\storage\default\http+++gameofthrones.wikia.com\idb\301792106ttes.sqlite    =>.SUP.IronSourceLtd
MOVED file: C:\Windows\Prefetch\ADVANCED SYSTEMCARE.TMP-C97357D3.pf    =>.SUP.AdvancedSystemCare
MOVED file: C:\Windows\Prefetch\SEARCHSETTINGS64.EXE-E621C75D.pf    =>PUP.Optional.SearchSettings
MOVED folder*: C:\Users\Myriam\AppData\Roaming\PDAppFlex  =>Trojan.Elpman
MOVED folder*: C:\Program Files (x86)\Application Updater  =>PUP.Optional.Dealio
MOVED folder*: C:\Program Files (x86)\IObit Apps Toolbar  =>PUP.Optional.Dealio
MOVED folder*: C:\windows\System32\config\systemprofile\AppData\LocalLow\Application Updater  =>PUP.Optional.Dealio
MOVED folder: C:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater  =>PUP.Optional.Dealio
MOVED folder*: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
MOVED folder*: C:\ProgramData\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
MOVED folder*: C:\ProgramData\Application Data\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare
MOVED folder: C:\ProgramData\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare
MOVED folder: C:\ProgramData\Application Data\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
MOVED folder*: C:\Users\Myriam\AppData\LocalLow\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
MOVED folder*: C:\Users\Myriam\AppData\Roaming\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
MOVED folder*: C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare


---\\  Registry ( Key, Value, Data) (22)
DELETED key*: HKEY_USERS\S-1-5-21-2870124582-2670056687-1688047813-1001\SOFTWARE\IObit Apps []  =>PUP.Optional.Dealio
DELETED key: HKCU\Software\IObit Apps []  =>PUP.Optional.Dealio
DELETED key*: HKCU\Software\AppDataLow\Software\IObit Apps []  =>PUP.Optional.Dealio
DELETED key*: HKLM\SOFTWARE\IObit\RealTimeProtector []  =>.SUP.AdvancedSystemCare
DELETED key*: HKLM\SOFTWARE\IObit\Advanced SystemCare []  =>.SUP.AdvancedSystemCare
DELETED key*: HKLM\SOFTWARE\Iobit\ASC []  =>.SUP.AdvancedSystemCare
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE []  =>PUP.Optional.VShareRedir
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\esrv.EXE []  =>PUP.Optional.Funmoods
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} [esrv]  =>Adware.MySearchDial
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\191089AC088C2B64788B2A7C6165DAF3 [IObit Apps Toolbar v7.6]  =>PUP.Optional.Dealio
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdaterService []  =>PUP.Optional.WebCake
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\updateluckyleap_RASAPI32 []  =>PUP.Optional.LuckyLeap
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\updateluckyleap_RASMANCS []  =>PUP.Optional.LuckyLeap
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0338237183FFAC54ABE91AFF69A1ED42 [C:\?Program Files (x86)\IObit Apps Toolbar\FF\chrome\chrome.jar (Not File)]  =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\IObit Apps []  =>PUP.Optional.Dealio
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\ScriptHelper.EXE []  =>PUP.Optional.VShareRedir
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\esrv.EXE []  =>PUP.Optional.Funmoods
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} [esrv]  =>Adware.MySearchDial
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CA980191-C880-46B2-87B8-A2C71656AD3F} [Spigot, Inc.]  =>PUP.Optional.Dealio
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASAPI32 []  =>PUP.Optional.WebCake
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WebCakeDesktop_RASMANCS []  =>PUP.Optional.WebCake
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Advanced SystemCare 6 [0x020000000000000000000000]  =>.SUP.AdvancedSystemCare


---\\  Summary of the elements found (12)
https://nicolascoolman.eu/2017/12/17/adware-mywebsearch/  =>PUP.Optional.MyWebSearch
https://nicolascoolman.eu/2017/12/23/adware-mysearchdial/  =>Adware.MySearchDial
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask
https://www.anti-malware.top/2016/05/02/superfluous-ironsourceltd/  =>.SUP.IronSourceLtd
https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/  =>.SUP.AdvancedSystemCare
https://www.nicolascoolman.com/fr/adware-searchsettings/  =>PUP.Optional.SearchSettings
https://nicolascoolman.eu/2017/09/23/trojan-elpman/  =>Trojan.Elpman
https://www.nicolascoolman.com/fr/pup-dealio/  =>PUP.Optional.Dealio
https://www.nicolascoolman.com/fr/pup-vshareredir/  =>PUP.Optional.VShareRedir
https://www.nicolascoolman.com/fr/pup-funmoods/  =>PUP.Optional.Funmoods
https://www.nicolascoolman.com/fr/adware-webcake/  =>PUP.Optional.WebCake
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.LuckyLeap


---\\  Other deletions. (35)
~ Registry Keys Tracing deleted (35)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1385
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h01mn05s

---\\  Reports (2)
ZHPCleaner-[S]-31032018-12_04_08.txt
ZHPCleaner-[R]-31032018-12_41_13.txt