~ ZHPCleaner v2018.11.19.196 by Nicolas Coolman (2018/11/19)
~ Run by KARAM (Administrator)  (21/11/2018 05:09:10)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\KARAM\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\KARAM\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10240)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (5)
DELETED: [sql9mk8y.default] - user_pref("browser.search.defaultenginename", "Palikan");  =>PUP.Optional.GoPalikan
DELETED: [sql9mk8y.default] - user_pref("browser.search.selectedEngine", "Palikan");  =>PUP.Optional.GoPalikan
REPLACED IE Params: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page [http://www.palikan.com/?f=1&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0[...]]  =>PUP.Optional.GoPalikan
REPLACED IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.palikan.com/?f=1&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0[...]]  =>PUP.Optional.GoPalikan
REPLACED IE Params: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\\Start Page [http://www.palikan.com/?f=1&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0[...]]  =>PUP.Optional.GoPalikan


---\\  Hosts file (1)
~ The hosts file is legitimate (24)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (24)
MOVED file: C:\Users\KARAM\Desktop\QQPlayer.lnk  [Bad : C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe](.Tencent technology (Shenzhen) limited.)  =>.SUP.Tencent
MOVED file: C:\Users\KARAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnk  [Bad : C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe](.Tencent technology (Shenzhen) limited.)  =>.SUP.Tencent
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\searchplugins\palikan.xml    =>PUP.Optional.GoPalikan
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\https+++en.softonic.com\.metadata    =>.SUP.Softonic
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\https+++en.softonic.com\.metadata-v2    =>.SUP.Softonic
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\https+++en.softonic.com\idb\993782502OBNDE__KSDISG_NLA.sqlite    =>.SUP.Softonic
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\https+++ar.softonic.com\.metadata    =>.SUP.Softonic
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\https+++ar.softonic.com\.metadata-v2    =>.SUP.Softonic
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\https+++ar.softonic.com\idb\993782502OBNDE__KSDISG_NLA.sqlite    =>.SUP.Softonic
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\http+++pxlgnpgecom-a.akamaihd.net\.metadata    =>.SUP.AkamaiHD
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\http+++pxlgnpgecom-a.akamaihd.net\.metadata-v2    =>.SUP.AkamaiHD
MOVED file: C:\Users\KARAM\AppData\Roaming\Mozilla\Firefox\Profiles\sql9mk8y.default\storage\default\http+++pxlgnpgecom-a.akamaihd.net\idb\2532886276bta_fcpe_.sqlite    =>.SUP.AkamaiHD
MOVED file: C:\ProgramData\KMSAutoS\KMSAuto Net.exe [MSFree Inc. - KMSAuto Net]  =>HackTool.WinActivator
MOVED file: C:\ProgramData\KMSAutoS\bin\KMSSS.exe [MDL Forum, mod by Ratiborus - KMS Server Emulator Service (XP)]  =>HackTool.AutoKMS
MOVED file: C:\Windows\Reimage.ini    =>.SUP.ReimageRepair
MOVED folder: C:\Users\KARAM\AppData\Roaming\DriverPack Notifier  =>.SUP.DriverPack
MOVED folder: C:\Users\KARAM\AppData\Roaming\DRPSu  =>.SUP.DriverPack
MOVED folder^: C:\Program Files (x86)\DriverPack Notifier  =>.SUP.DriverPack
MOVED folder: C:\Program Files (x86)\Tencent  =>.SUP.Tencent
MOVED folder: C:\ProgramData\APN  =>Toolbar.Ask
MOVED folder: C:\ProgramData\KMSAutoS  =>HackTool.WinActivator
MOVED folder: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVED folder: C:\Users\KARAM\AppData\Roaming\Tencent  =>.SUP.Tencent
MOVED folder: C:\Users\KARAM\AppData\Local\MSfree Inc  =>HackTool.WinActivator


---\\  Registry ( Key, Value, Data) (13)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} [http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DtB0C0DyE[...]] [Palikan]  =>PUP.Optional.GoPalikan
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DtB0C0DyE[...]] [Palikan]  =>PUP.Optional.GoPalikan
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DtB0C0DyE[...]] [Palikan]  =>PUP.Optional.GoPalikan
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} [http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DtB0C0DyEyDyDtBtDtAtDtN0D0Tzu0StBtBtDtCtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0BtDyEtD0EtD0EtGtB0B0FtBtGtC0F0DyCtGtA0ByCtAtG0F0DzyyCyD0CyC0D0C0F0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0A0FyDyBtA0AtGtA0A0EzztGyE0C0EyCtGzztByBzztGzzyCtCyEzz0C0E0DzzyCyB0C2QtN0A0LzutB&cr=1415319352&ir=&q={searchTerms}]  =>PUP.Optional.GoPalikan
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DtB0C0DyEyDyDtBtDtAtDtN0D0Tzu0StBtBtDtCtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0BtDyEtD0EtD0EtGtB0B0FtBtGtC0F0DyCtGtA0ByCtAtG0F0DzyyCyD0CyC0D0C0F0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0A0FyDyBtA0AtGtA0A0EzztGyE0C0EyCtGzztByBzztGzzyCtCyEzz0C0E0DzzyCyB0C2QtN0A0LzutB&cr=1415319352&ir=&q={searchTerms}]  =>PUP.Optional.GoPalikan
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.palikan.com/results.php?f=4&a=plk_coinisreb_18_02&cd=2XzuyEtN2Y1L1Qzu0A0AyC0B0A0DtB0C0DyEyDyDtBtDtAtDtN0D0Tzu0StBtBtDtCtN1L2XzutAtFtByBtFyEtFyDyEtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0BtDyEtD0EtD0EtGtB0B0FtBtGtC0F0DyCtGtA0ByCtAtG0F0DzyyCyD0CyC0D0C0F0FtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0A0FyDyBtA0AtGtA0A0EzztGyE0C0EyCtGzztByBzztGzzyCtCyEzz0C0E0DzzyCyB0C2QtN0A0LzutB&cr=1415319352&ir=&q={searchTerms}]  =>PUP.Optional.GoPalikan
DELETED key*: HKU\.DEFAULT\Software\ByteFence []  =>.SUP.ByteFence
DELETED key: HKU\S-1-5-18\Software\ByteFence []  =>.SUP.ByteFence
DELETED key*: HKCU\Software\csastats []  =>Adware.InstallCore
DELETED key*: HKCU\Software\ProductSetup []  =>Adware.InstallCore
DELETED key*: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0220D03E4356C0654A37F1553557CDEE [C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\ProjectTemplates\VisualBasic\Windows\1033\WPFBrowserApplication\Settings.settings]  =>Adware.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DriverPack Notifier [DriverPack Solution]  =>.SUP.DriverPack


---\\  Summary of the elements found (12)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.GoPalikan
https://nicolascoolman.eu/2017/02/23/tencentadressbar/  =>.SUP.Tencent
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Softonic
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/  =>.SUP.AkamaiHD
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/  =>.SUP.ReimageRepair
https://nicolascoolman.eu/2018/07/04/sup-driverpack/  =>.SUP.DriverPack
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask
https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/  =>.SUP.ByteFence
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/  =>Adware.InstallCore
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/  =>Adware.CrossRider


---\\  Other deletions. (59)
~ Registry Keys Tracing deleted (59)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 1348
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h00mn37s

---\\  Reports (2)
ZHPCleaner-[S]-21112018-05_05_53.txt
ZHPCleaner-[R]-21112018-05_09_47.txt