You are on page 1of 3

~ ZHPCleaner v2017.2.24.

35 by Nicolas Coolman (2017/02/24)


~ Run by ashir (Administrator) (25/02/2017 16:57:25)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\ashir\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ashir\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)

---\\ Services (0)


~ No malicious or unnecessary items found.

---\\ Browser internet (4)


REPLACED Quicklaunch: C:\Users\ashir\AppData\Roaming\Microsoft\Internet Explorer
\Quick Launch\Launch Internet Explorer Browser.lnk [Bad : http://qtipr.com/](.M
icrosoft Corporation.) =>Hijacker.Browser
REPLACED TaskBar: C:\Users\ashir\AppData\Roaming\Microsoft\Internet Explorer\Qui
ck Launch\User Pinned\TaskBar\Internet Explorer.lnk [Bad : http://qtipr.com/](.
Microsoft Corporation.) =>Hijacker.Browser
REPLACED Startup\Programs: C:\Users\ashir\AppData\Roaming\Microsoft\Windows\Star
t Menu\Programs\Internet Explorer.lnk [Bad : http://qtipr.com/](.Microsoft Corp
oration.) =>Hijacker.Browser
REPLACED Desktop: C:\Users\Public\Desktop\Google Chrome.lnk [Bad : --load-exte
nsion="C:\Users\ashir\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qti
pr.com/](.Google Inc..) =>Hijacker.Browser

---\\ Hosts file (0)


~ No malicious or unnecessary items found.

---\\ Scheduled automatic tasks. (1)


DELETED task: [KuaiZip_Update] [C:\PROGRA~1\F85A~1\X86\Update.exe (Not File) ]
=>.Superfluous.ShanghaiGuangle

---\\ Explorer ( File, Folder) (8)


MOVED file: C:\Windows\System32\drivers\KuaiZipDrive.sys [WinMount International
Inc - WinMount Driver for x86] =>.Superfluous.ShanghaiGuangle
MOVED file: C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 =>
PUP.Optional.CrossRider
MOVED file: C:\Windows\System32\ssp3mci.exe [SS - SSCoInstExe] =>.Superfluous.S
wiftSearch
MOVED file: C:\ProgramData\service.exe [Copyright (C) 2015 - ] =>PUP.Optional.Z
usy
MOVED file: C:\ProgramData\WeatherMini.exe [ShenZhen Enode Techology co,.Ltd - T
he Desktop Weather mini setup] =>.Superfluous.ShenZhenEnodeTec
MOVED folder: C:\Program Files\TeraCopy =>.Superfluous.Empty
MOVED folder: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcp
Service =>PUP.Optional.LavasoftWebCompanion
MOVED folder: C:\Users\ashir\AppData\Roaming\KuaiZip =>.Superfluous.ShanghaiGua
ngle
---\\ Registry ( Key, Value, Data) (32)
DELETED data: HKLM\SOFTWARE\Classes\BaiduSparkHTML\Shell\Open\Command\\Default [
Bad : [html] "C:\Program Files\baidu\Baidu Browser\Spark.exe" -- "%1"] =>Broken
.OpenCommand
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KuaiZipDrive [C:\Windows\Sy
stem32\drivers\KuaiZipDrive.sys (Not File)] =>.Superfluous.ShanghaiGuangle
DELETED key*: HKEY_USERS\S-1-5-21-3331204106-576684371-1968528457-1000\SOFTWARE\
KuaiZip [] =>.Superfluous.ShanghaiGuangle
DELETED key*: HKEY_USERS\S-1-5-21-3331204106-576684371-1968528457-1000\SOFTWARE\
KuaiZipSFX [] =>.Superfluous.ShanghaiGuangle
DELETED key: HKCU\Software\KuaiZip [] =>.Superfluous.ShanghaiGuangle
DELETED key: HKCU\Software\KuaiZipSFX [] =>.Superfluous.ShanghaiGuangle
DELETED key*: HKCU\Software\csastats [] =>Adware.InstallCore
DELETED key*: HKCU\Software\AutoTime [] =>Adware.TopTools
DELETED key*: HKCU\Software\ProductSetup [] =>Adware.InstallCore
DELETED key*: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin [] =>.Superflu
ous.ShanghaiGuangle
DELETED key*: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin [] =>.Superfluous.S
hanghaiGuangle
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [DataCon
tainer Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [DataC
ontainer Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [DataCo
ntroller Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [Data
Controller Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [DataTable C
lass] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [DataTable
Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [DataT
ableFields Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [Dat
aTableFields Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [DataT
ableHolder Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [Dat
aTableHolder Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [LSPLogic Cla
ss] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [LSPLogic C
lass] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [ReadO
nlyManager Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [Rea
dOnlyManager Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [WFPCont
roller Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [WFPCo
ntroller Class] =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\GoogleChromeUpService [] =
>PUP.Optional.Zusy
DELETED key*: HKLM\SOFTWARE\DtsEncodeTools [] =>PUP.Optional.WeatherTool
DELETED key*: HKLM\SOFTWARE\WeatherTool [] =>PUP.Optional.WeatherTool
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.Superflu
ous.ByteFence
DELETED key*: HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.Superflu
ous.ByteFence
---\\ Summary of the elements found (13)
https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/ =>Hijacker.Browser
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Shangh
aiGuangle
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/ =>PUP.Optional
.CrossRider
https://www.nicolascoolman.com/fr/ppup-optional-swiftsearch/ =>.Superfluous.Swi
ftSearch
https://www.anti-malware.top/2016/05/17/adware-zusy/ =>PUP.Optional.Zusy
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.ShenZh
enEnodeTec
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Empty
https://www.anti-malware.top/2016/04/26/superfluous-lavasoftwebcompanion/ =>PUP
.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Broken.OpenCom
mand
https://www.anti-malware.top/2016/04/22/adware-installcore/ =>Adware.InstallCor
e
https://nicolascoolman.eu/2017/01/01/adware-toptools/ =>Adware.TopTools
https://www.nicolascoolman.com/fr/pup-optional-weathertool =>PUP.Optional.Weath
erTool
https://www.anti-malware.top/2016/04/29/superfluous-bytefence/ =>.Superfluous.B
yteFence

---\\ Other deletions. (113)


~ Registry Keys Tracing deleted (113)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair


~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 1180
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 45

~ End of clean in 00h00mn43s


~====================
ZHPCleaner-[R]-25022017-16_58_08.txt
ZHPCleaner-[S]-25022017-16_56_54.txt