~ ZHPFix v2020.3.4.182 By Nicolas Coolman (2020/03/04)
~ Run by ZhiroCo (Administrator)  (2020/04/05 00:09:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: https://www.facebook.com/nicolascoolman1
~ Certificate ZHPFix: Legal
~ State version:  Version OK
~ Report: C:\Users\ZhiroCo\Desktop\ZHPFix.txt
~ Report: C:\Users\ZhiroCo\AppData\Roaming\ZHP\ZHPFix.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 18363)


---\\  USER SCRIPT. (72)
Script ZHPFix 
FirewallRaz 
EmptyPrefetch 
EmptyTemp 
EmptyFlash 

[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe [57344] [PID.2900] 
[MD5.5603C2C8940F5E43864D4000304AB175] - (.Copyright (C) - .) -- C:\Windows\Domino.exe [49152] [PID.2912] 
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer 
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe © 
O4 - HKLM\..\Run: [AdobeCEPServiceManager] . (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe © 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe © 
O4 - HKLM\..\Run: [Syncios device service] . (...) -- C:\Program Files\Syncios\SynciosDeviceService.exe 
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe © 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe © 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe © 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe © 
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe 
O4 - HKLM\..\Run: [Domino] . (.Copyright (C) - .) -- C:\Windows\Domino.exe 
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe © 
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © 
Read more at http://www.cjoint.com/c/EJFrm2EXius#dPlOOQfg7wPQVUPE.99
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © 
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe © 
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8 
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8 
[MD5.00000000000000000000000000000000] [APT] [MyBarStart] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [MyBarUpdate] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [Trojan Killer] (...) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (.not file.) [0] 
O42 - Logiciel: globalupdate Helper - (.globalupdate Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\McAfee.com
HKLM\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair 
HKCU\SOFTWARE\Bitdefender
HKCU\SOFTWARE\MCAFEE
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
O43 - CFD: 25/10/2015 - [] D -- C:\Program Files\NixSrv =>PUP.Optional.Amonetize 
O43 - CFD: 30/08/2015 - [] D -- C:\ProgramData\ExtTag.quarantined =>PUP.Optional.ExtTag 
O43 - CFD: 06/07/2015 - [] D -- C:\ProgramData\IObit
O43 - CFD: 13/07/2015 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 06/07/2015 - [] D -- C:\ProgramData\ProductData =>PUP.Optional.Generic
O43 - CFD: 06/07/2015 - [] D -- C:\Users\Home\AppData\Roaming\IObit
O43 - CFD: 29/07/2015 - [] D -- C:\Users\Home\AppData\Roaming\RHEng =>PUP.Optional.Conduit 
O43 - CFD: 25/07/2015 - [] D -- C:\Users\Home\AppData\Local\CrashRpt =>.Superfluous.CrashReports
O43 - CFD: 14/09/2015 - [0] D -- C:\Users\Home\AppData\Local\PackageAware =>PUP.Optional.BearShare 
O43 - CFD: 31/10/2015 - [] D -- C:\Users\Home\AppData\Local\temp 
O43 - CFD: 06/07/2015 - [0] SHD -- C:\Users\Home\AppData\Local\Temporary Internet Files 
O45 - LFCP:[MD5.A5F0953EB45164E7480207319E8C4220] 23/10/2015 A -- C:\Windows\Prefetch\LAVASOFT.SEARCHPROTECT.WINSER-9008E6D1.pf =>PUP.Optional.SearchProtect 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.alias", "oursurfing"); =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.Optional.SearchEngine 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.iconURL", "http://www.oursurfing.com/favicon.ico"); =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.name", "oursurfing"); =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.ptid", "amt"); =>PUP.Optional.SearchEngine 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.uid", "SAMSUNGXHD160JJXP_S0DFJ1TP115473"); =>PUP.Optional.SearchEngine 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.url", "http://www.oursurfing.com/web/?type=ds&ts=1440799809&z=e0abc42dd0ac491e841cf1eg9z5zd[...] =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("extensions.quick_start.enable_search1", false); =>PUP.Optional.QuickStart 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); =>PUP.Optional.QuickStart 
O90 - PUC: "93BAD29AC2E44034A96BCB446EB8552E" . (.globalupdate Helper.) =>PUP.Optional.GlobalUpdate 
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate 
HKLM\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair 
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair 
C:\Program Files\NixSrv =>PUP.Optional.Amonetize 
C:\ProgramData\ExtTag.quarantined =>PUP.Optional.ExtTag 
C:\ProgramData\ProductData =>PUP.Optional.Generic 
C:\Users\Home\AppData\Roaming\RHEng =>PUP.Optional.Conduit 
C:\Users\Home\AppData\Local\CrashRpt =>.Superfluous.CrashReports 
C:\Users\Home\AppData\Local\PackageAware =>PUP.Optional.BearShare 
C:\Windows\Prefetch\LAVASOFT.SEARCHPROTECT.WINSER-9008E6D1.pf =>PUP.Optional.SearchProtect 
HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate 
HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate 

---\\  SOFTWARE. (1)
UNINSTALL : {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

---\\  SERVICE. (0)

---\\  SCHEDULED TASK. (0)

---\\  INTERNET BROWSER. (1)
NOT FOUND Data  URLSearchHooks:  [\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]

---\\  EXPLORER (folders, files). (0)

---\\  REGISTRY (keys, values, data). (25)
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ©]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe ©]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\QuickTime\QTTask.exe ©]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Syncios\SynciosDeviceService.exe]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Analog Devices\Core\smax4pnp.exe ©]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\igfxtray.exe ©]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\hkcmd.exe ©]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\igfxpers.exe ©]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\ZSSnp211.exe]
NOT FOUND Value Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\Domino.exe]
NOT FOUND Value Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Internet Download Manager\IDMan.exe ©]
NOT FOUND Value Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Skype\Phone\Skype.exe ©]
NOT FOUND Value Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\CCleaner\CCleaner.exe ©]
NOT FOUND Value Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Internet Download Manager\IDMan.exe ©]
NOT FOUND Value Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Skype\Phone\Skype.exe ©]
NOT FOUND Value Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\CCleaner\CCleaner.exe ©]
REPLACED Data  TCPIP: 10.211.254.254 8.8.8.8 [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer]
NOT FOUND Key: HKLM\SOFTWARE\McAfee.com
NOT FOUND Key: HKLM\SOFTWARE\Reimage
NOT FOUND Key: HKCU\SOFTWARE\Bitdefender
NOT FOUND Key: HKCU\SOFTWARE\MCAFEE
NOT FOUND Key: HKCU\SOFTWARE\Reimage
NOT FOUND Key: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
NOT FOUND Key: HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
NOT FOUND Key: HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E

---\\  COMMAND. (0)

---\\  UNPROCESSED. (8)
Script ZHPFix 
FirewallRaz 
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe [57344] [PID.2900] 
[MD5.5603C2C8940F5E43864D4000304AB175] - (.Copyright (C) - .) -- C:\Windows\Domino.exe [49152] [PID.2912] 
Read more at http://www.cjoint.com/c/EJFrm2EXius#dPlOOQfg7wPQVUPE.99
[MD5.00000000000000000000000000000000] [APT] [MyBarStart] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [MyBarUpdate] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [Trojan Killer] (...) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (.not file.) [0] 

---\\  BALANCE. (1)
INFORMATION, this software must be deleted manually: {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

~ End of clean in 00h00mn06s