~ ZHPFix v2019.1.28.13 by Nicolas Coolman (2019/01/28)
~ Run by mimy (Administrator)  (30/01/2019 19:26:42)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Certificate ZHPFix: Legal
~ State version : Version OK
~ Report : C:\Users\mimy\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)



---\\  USER SCRIPT. (27)
Script Zhpfix
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms}
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms}
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms}
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms}
R1 - HKEY_USERS\S-1-5-21-2029272635-3143883451-3429156010-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms}
HKCU\SOFTWARE\MAL
HKU\S-1-5-21-2029272635-3143883451-3429156010-1000\SOFTWARE\MAL
O40 - ASIC: Google Chrome [64Bits] - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (...) -- C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe (.not file.)  =>.SUP.Various
O68 - StartMenuInternet: <Google Chrome> <Google Chrome> [64Bits][HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome> [64Bits][HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome> [64Bits][HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)
C:\Program Files\K7E05EATPP\uninstaller.exe
C:\Program Files\K7E05EATPP
C:\Windows\Installer\a3a5a.msp
C:\Windows\Installer\a5524.msp
C:\Windows\Installer\ab98c.msp
C:\Windows\Installer\acb70.msp
C:\Windows\Installer\b922c.msp
C:\Windows\Installer\bca76.msp
C:\Windows\Installer\bcd92.msp
C:\Windows\Installer\bfec2.msp
C:\Windows\Installer\c30d7.msp
C:\Windows\Installer\cbbbae.msp
EmptyPrefetch
Emptytemp
EmptyClsid


---\\  SOFTWARE. (0)


---\\  SERVICE. (0)


---\\  SCHEDULED TASK. (0)


---\\  INTERNET BROWSER. (6)
REPLACED Data  Internet Explorer: http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms} [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page]
REPLACED Data  Internet Explorer: http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms} [HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar]
REPLACED Data  Internet Explorer: http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms} [HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL]
NOT FOUND Data  Internet Explorer: http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms} [HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,\\]
REPLACED Data  Internet Explorer: http://%66%65%65%64.%68%65%6c%70%65%72%62%61%72.%63%6f%6d/?p=mko_awfzxipyrahdgkbloo-bhlymrvyoio2t6mfqosf-wwm7vfzkcu53spz1pplrbqja7mylt-bcptnke4czumfssfrgi5akr_f7cs8gjcjsiv9j7pcmg9hljsd78xk1axqu3xbmowpyxbffyjil0xprtuontdfs7mj8di3t34bikon9v-xgum8xvaol3yziltskyhn1zf-glpbzej9q&q={searchterms} [HKEY_USERS\S-1-5-21-2029272635-3143883451-3429156010-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar]
REFUSED Key StartMenuInternet: Google Chrome [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.not file.)]


---\\  EXPLORER (folders, files). (39)
DELETED Folder : C:\Program Files\K7E05EATPP
MOVED File : C:\Windows\Installer\a3a5a.msp
MOVED File : C:\Windows\Installer\a5524.msp
MOVED File : C:\Windows\Installer\ab98c.msp
MOVED File : C:\Windows\Installer\acb70.msp
MOVED File : C:\Windows\Installer\b922c.msp
MOVED File : C:\Windows\Installer\bca76.msp
MOVED File : C:\Windows\Installer\bcd92.msp
MOVED File : C:\Windows\Installer\bfec2.msp
MOVED File : C:\Windows\Installer\c30d7.msp
MOVED File : C:\Windows\Installer\cbbbae.msp
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\1io2jzt0xzq.exe
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\271A.tmp.exe
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\brwflf.exe
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\fastdatax.exe
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\o0euim951y1v56.exe
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\OneSystemCare.exe
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\speedycar.exe
MOVED File Temp*: C:\Users\mimy\AppData\Local\Temp\SynciosDeviceService.exe
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\Tstp.exe
DELETED Reboot  File Temp^: C:\Users\mimy\AppData\Local\Temp\adb.log
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\AdobeARM.log
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\moz-update-newest-last-update.log
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\MpSigStub.log
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\MSI51ebb.LOG
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\MSI62168.LOG
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\MSI91aa1.LOG
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\CFG2215.tmp
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\CFG2673.tmp
DELETED Reboot  File Temp^: C:\Users\mimy\AppData\Local\Temp\is-3Q8GQ.tmp
DELETED Reboot  File Temp^: C:\Users\mimy\AppData\Local\Temp\is-PIMFH.tmp
DELETED Reboot  File Temp^: C:\Users\mimy\AppData\Local\Temp\is-QL57O.tmp
DELETED Reboot  File Temp^: C:\Users\mimy\AppData\Local\Temp\nslA5F0.tmp
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\nsr6051.tmp
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\Set273.tmp
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\SetBE4F.tmp
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\SetE5DF.tmp
DELETED Reboot  File Temp^: C:\Users\mimy\AppData\Local\Temp\~DFD3C4000287FD9203.TMP
MOVED File Temp: C:\Users\mimy\AppData\Local\Temp\brwflc.txt


---\\  REGISTRY (keys, values, data). (2)
DELETED Key: HKCU\SOFTWARE\MAL [MAL]
DELETED Key ASIC: HKLM64\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} [{8A69D345-D564-463c-AFF1-A69D9E530F96}]


---\\  COMMAND. (3)
~ EmptyPrefetch: Empty Prefetcher folder. 
~ EmptyTemp: Local Temp folder partially emptied. (28)
~ EmptyCSID: Empty CLSID folders deleted  (0)


---\\  UNPROCESSED. (0)

~ The system has been restarted.

***** ~ End of report completed in 00h00mn24s