Scribd
Upload
193 views4 pages

ZHP Cleaner

The document summarizes the results of a scan run by ZHPCleaner on a Windows 10 system. The scan found and removed potential threats and unnecessary files/programs including adware, PUPs, hacktools, and Tencent software. Over 80 files, folders, registry keys and scheduled tasks were moved to quarantine. The system was determined to be cleaned with no malicious or unnecessary items remaining after the repair.

Uploaded by

Julimar Buquing
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
193 views4 pages

ZHP Cleaner

The document summarizes the results of a scan run by ZHPCleaner on a Windows 10 system. The scan found and removed potential threats and unnecessary files/programs including adware, PUPs, hacktools, and Tencent software. Over 80 files, folders, registry keys and scheduled tasks were moved to quarantine. The system was determined to be cleaned with no malicious or unnecessary items remaining after the repair.

Uploaded by

Julimar Buquing
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

~ ZHPCleaner v2016.4.25.

58 by Nicolas Coolman (2016/04/25)


~ Run by DepEd (Administrator) (26/04/2016 07:17:27)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\DepEd\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\DepEd\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 10586)
---\\ Services (0)
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (44)
---\\ Scheduled automatic tasks. (2)
DELETED task: [AfUE72NN5W] [C:\Users\DepEd\AppData\Roaming\AfUE72NN5W.exe (Not F
ile) ] =>Heuristic.Pirrit
DELETED task: [DV6LxrZ9sMOA] [C:\Users\DepEd\AppData\Roaming\DV6LxrZ9sMOA.exe (N
ot File) ] =>Heuristic.Pirrit
---\\ Explorer ( File, Folder) (76)
MOVED file: C:\Windows\Tasks\AfUE72NN5W.job
=>Heuristic.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\AfUE72NN5W
=>Heuristic.Pirrit
MOVED file: C:\Windows\Tasks\DV6LxrZ9sMOA.job
=>Heuristic.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\DV6LxrZ9sMOA
=>Heuristic.Pirrit
MOVED folder: C:\Program Files (x86)\1 =>Heuristic.Suspect
MOVED folder: C:\Program Files (x86)\predm =>PUP.Optional.Downware
MOVED folder: C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2 =>Ha
cktool.Office
MOVED folder: C:\ProgramData\Tencent =>.Superfluous.Tencent
MOVED folder: C:\Users\DepEd\AppData\Roaming\Tencent =>.Superfluous.Tencent
MOVED folder: C:\Users\DepEd\Downloads\KMSpico 10.1.6 FINAL + Portable (Office a
nd Windows 10 Activator) [TechTools.NET] =>HackTool.KMSpico
MOVED folder: C:\Users\DepEd\Downloads\SUPERAntiSpyware Professional 6.0.1170 Mu
ltilingual [S0ft4PC] =>PUP.Optional.EORezo
MOVED folder: C:\Users\DepEd\AppData\Local\Temp\Tencent =>.Superfluous.Tencent
MOVED folder: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
=>.Superfluous.Tencent
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\DepEd\AppData\Roaming\SSN =>PUP.Optional.SaveSerpNow
MOVED folder: C:\WINDOWS\Installer\MSI146D.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI160B.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI16FC.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1884.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1A7A.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1B63.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1D14.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2269.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2429.tmp- =>Empty

MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED

folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:

C:\WINDOWS\Installer\MSI261D.tmp- =>Empty
C:\WINDOWS\Installer\MSI2A11.tmp- =>Empty
C:\WINDOWS\Installer\MSI2B3.tmp- =>Empty
C:\WINDOWS\Installer\MSI2B92.tmp- =>Empty
C:\WINDOWS\Installer\MSI2C0.tmp- =>Empty
C:\WINDOWS\Installer\MSI321B.tmp- =>Empty
C:\WINDOWS\Installer\MSI3533.tmp- =>Empty
C:\WINDOWS\Installer\MSI375C.tmp- =>Empty
C:\WINDOWS\Installer\MSI3762.tmp- =>Empty
C:\WINDOWS\Installer\MSI3D1F.tmp- =>Empty
C:\WINDOWS\Installer\MSI3DD.tmp- =>Empty
C:\WINDOWS\Installer\MSI4222.tmp- =>Empty
C:\WINDOWS\Installer\MSI46D6.tmp- =>Empty
C:\WINDOWS\Installer\MSI4D11.tmp- =>Empty
C:\WINDOWS\Installer\MSI4F8C.tmp- =>Empty
C:\WINDOWS\Installer\MSI5251.tmp- =>Empty
C:\WINDOWS\Installer\MSI56.tmp- =>Empty
C:\WINDOWS\Installer\MSI586D.tmp- =>Empty
C:\WINDOWS\Installer\MSI5906.tmp- =>Empty
C:\WINDOWS\Installer\MSI5D40.tmp- =>Empty
C:\WINDOWS\Installer\MSI5E18.tmp- =>Empty
C:\WINDOWS\Installer\MSI5FBF.tmp- =>Empty
C:\WINDOWS\Installer\MSI60D9.tmp- =>Empty
C:\WINDOWS\Installer\MSI638C.tmp- =>Empty
C:\WINDOWS\Installer\MSI6FE.tmp- =>Empty
C:\WINDOWS\Installer\MSI7F56.tmp- =>Empty
C:\WINDOWS\Installer\MSI83F.tmp- =>Empty
C:\WINDOWS\Installer\MSI89AB.tmp- =>Empty
C:\WINDOWS\Installer\MSI907A.tmp- =>Empty
C:\WINDOWS\Installer\MSI993D.tmp- =>Empty
C:\WINDOWS\Installer\MSIA39F.tmp- =>Empty
C:\WINDOWS\Installer\MSIB337.tmp- =>Empty
C:\WINDOWS\Installer\MSIB849.tmp- =>Empty
C:\WINDOWS\Installer\MSIB8F.tmp- =>Empty
C:\WINDOWS\Installer\MSIBBC3.tmp- =>Empty
C:\WINDOWS\Installer\MSIC104.tmp- =>Empty
C:\WINDOWS\Installer\MSIC47F.tmp- =>Empty
C:\WINDOWS\Installer\MSICC7F.tmp- =>Empty
C:\WINDOWS\Installer\MSID366.tmp- =>Empty
C:\WINDOWS\Installer\MSIDD69.tmp- =>Empty
C:\WINDOWS\Installer\MSIDEF0.tmp- =>Empty
C:\WINDOWS\Installer\MSIEB26.tmp- =>Empty
C:\WINDOWS\Installer\MSIEBF.tmp- =>Empty
C:\WINDOWS\Installer\MSIEE9A.tmp- =>Empty
C:\WINDOWS\Installer\MSIEFCF.tmp- =>Empty
C:\WINDOWS\Installer\MSIF127.tmp- =>Empty
C:\WINDOWS\Installer\MSIF170.tmp- =>Empty
C:\WINDOWS\Installer\MSIF3EF.tmp- =>Empty
C:\WINDOWS\Installer\MSIF59E.tmp- =>Empty
C:\WINDOWS\Installer\MSIFAA1.tmp- =>Empty
C:\WINDOWS\Installer\MSIFE6.tmp- =>Empty
C:\WINDOWS\Installer\MSIFFC4.tmp- =>Empty

---\\ Registry ( Key, Value, Data) (33)


DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAs
sistant [Tencent, Inc.] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr [Te
ncent] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\266a4cfe-d10e-4854-a030-66225fd799

aa [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\303609ee-b738-4c33-ab98-3b089df5f2
c8 [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\f27168de-3ead-43c0-8f12-5c0d03f0e8
db [] =>PUP.Optional.CrossRider
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk [C:\Program Files (
x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys (Not File)] =>.Superfluous.Te
ncent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QQPCRTP [C:\Program Files (
x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe (Not File)] =>.Superfluous.Tenc
ent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QQRepair17eb [C:\Program Fi
les (x86)\Tencent\QQPCMGR\Plugins\QQRepair17eb (Not File)] =>.Superfluous.Tence
nt
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QQSysMonX64 [C:\Program Fil
es (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys (Not File)] =>.Superflu
ous.Tencent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\softaal [C:\Program Files (
x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys (Not File)] =>.Superfluous.Te
ncent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\TS888x64 [C:\Program Files
(x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys (Not File)] =>.Superfluous.Te
ncent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\TSDefenseBt [C:\Program Fil
es (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys (Not File)] =>.Superf
luous.Tencent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\tsnethlpx64 [C:\Program Fil
es (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys (Not File)] =>.Superflu
ous.Tencent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit [C:\Program Files
(x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys (Not File)] =>.Superfluous.
Tencent
DELETED key*: HKCU\Software\AfUE72NN5W [] =>Heuristic.Pirrit
DELETED key*: HKCU\Software\DV6LxrZ9sMOA [] =>Heuristic.Pirrit
DELETED key*: HKEY_USERS\S-1-5-21-2125870949-286909542-1051841551-1001\SOFTWARE\
DailyPcClean [] =>PUP.Optional.DailyPCClean
DELETED key*: HKEY_USERS\S-1-5-21-2125870949-286909542-1051841551-1001\SOFTWARE\
Tencent [] =>.Superfluous.Tencent
DELETED key*: HKEY_USERS\.DEFAULT\Software\Tencent [] =>.Superfluous.Tencent
DELETED key: HKCU\Software\DailyPcClean [] =>PUP.Optional.DailyPCClean
DELETED key: HKCU\Software\Tencent [] =>.Superfluous.Tencent
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoli
cy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0} [C:\Program Files (x86)\Common Files\T
encent\QQPhoneManager\2.0.201.3192 (Not File)] =>.Superfluous.Tencent
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoli
cy\{639B74F1-0594-432C-97C8-68C8C17A1E1D} [C:\Program Files (x86)\Tencent\QQPCMg
r\11.4.17339.217\Plugins\QQPCB1AndroidJmp (Not File)] =>.Superfluous.Tencent
DELETED key*: HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUni
nstall [{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}] =>.Superfluous.Tencent
DELETED key*: HKCU\Software\Microsoft\Tinstalls [] =>PUP.Optional.DesktopPlay
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96
BCB446EB8552E [globalupdate Helper] =>PUP.Optional.GlobalUpdate
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCR
TP [service] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Use
rData\S-1-5-18\Components\0630D25DD5987F00B6A0CE8FF9637EF9 [02:\Software\Microso
ft\IpOverUsbSdk\RPCSurrogate03\LocalAddress (Not File)] =>.Superfluous.PCSpeedU
p
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Use
rData\S-1-5-18\Components\06C64C0CDFB44B5B799CB2AE94026E00 [02:\Software\Microso

ft\IpOverUsbSdk\RPCSurrogate07\DestinationAddress (Not File)] =>.Superfluous.PC


SpeedUp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SrpnFiles [] =>.Superfluous.Sprin
gFiles
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent [] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencentdl_RASAPI
32 [] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Ri
ghts\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975} [C:\Program Files (x
86)\Tencent\QQPCMgr\11.4.17339.217\ (Not File)] =>.Superfluous.Tencent
---\\ Summary of the elements found (15)
http://www.nicolascoolman.fr/?p=4664 =>Heuristic.Pirrit
http://www.nicolascoolman.fr/?p=4664 =>Heuristic.Suspect
http://www.nicolascoolman.fr/?p=401 =>PUP.Optional.Downware
http://www.nicolascoolman.fr/?p=4664 =>Hacktool.Office
http://www.nicolascoolman.fr/?p=368 =>.Superfluous.Tencent
http://www.nicolascoolman.fr/?p=989 =>HackTool.KMSpico
http://www.nicolascoolman.fr/?p=182 =>PUP.Optional.EORezo
http://www.nicolascoolman.fr/http://www.nicolascoolman.info/2016/04/21/riskwarequicktime/ =>Riskware.QuickTime
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.SaveSerpNow
http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-optional-dailypcclean/ =>PUP.Optional.DailyPCC
lean
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.DesktopPlay
http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate
http://www.nicolascoolman.fr/?p=1255 =>.Superfluous.PCSpeedUp
http://www.nicolascoolman.fr/http://www.nicolascoolman.com/forum/post33538.html#
p33538 =>.Superfluous.SpringFiles
---\\ Other deletions. (27)
~ Registry Keys Tracing deleted (27)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
---\\ Statistics
~ Items scanned : 1737
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 113
~ End of clean in 00h01mn35s
~====================
ZHPCleaner-[R]-26042016-07_19_02.txt
ZHPCleaner-[S]-26042016-06_16_28.txt
ZHPCleaner-[S]-26042016-07_15_06.txt

You might also like