~ ZHPCleaner v2016.4.25.

58 by Nicolas Coolman (2016/04/25)

~ Run by DepEd (Administrator) (26/04/2016 07:17:27)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\DepEd\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\DepEd\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 10586)
---\\ Services (0)
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (44)
---\\ Scheduled automatic tasks. (2)
DELETED task: [AfUE72NN5W] [C:\Users\DepEd\AppData\Roaming\AfUE72NN5W.exe (Not F
ile) ] =>Heuristic.Pirrit
DELETED task: [DV6LxrZ9sMOA] [C:\Users\DepEd\AppData\Roaming\DV6LxrZ9sMOA.exe (N
ot File) ] =>Heuristic.Pirrit
---\\ Explorer ( File, Folder) (76)
MOVED file: C:\Windows\Tasks\AfUE72NN5W.job
=>Heuristic.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\AfUE72NN5W
=>Heuristic.Pirrit
MOVED file: C:\Windows\Tasks\DV6LxrZ9sMOA.job
=>Heuristic.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\DV6LxrZ9sMOA
=>Heuristic.Pirrit
MOVED folder: C:\Program Files (x86)\1 =>Heuristic.Suspect
MOVED folder: C:\Program Files (x86)\predm =>PUP.Optional.Downware
MOVED folder: C:\Program Files\Windows 10 KMS Activator Ultimate 2015 v1.2 =>Ha
cktool.Office
MOVED folder: C:\ProgramData\Tencent =>.Superfluous.Tencent
MOVED folder: C:\Users\DepEd\AppData\Roaming\Tencent =>.Superfluous.Tencent
MOVED folder: C:\Users\DepEd\Downloads\KMSpico 10.1.6 FINAL + Portable (Office a
nd Windows 10 Activator) [TechTools.NET] =>HackTool.KMSpico
MOVED folder: C:\Users\DepEd\Downloads\SUPERAntiSpyware Professional 6.0.1170 Mu
ltilingual [S0ft4PC] =>PUP.Optional.EORezo
MOVED folder: C:\Users\DepEd\AppData\Local\Temp\Tencent =>.Superfluous.Tencent
MOVED folder: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
=>.Superfluous.Tencent
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\Users\DepEd\AppData\Roaming\SSN =>PUP.Optional.SaveSerpNow
MOVED folder: C:\WINDOWS\Installer\MSI146D.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI160B.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI16FC.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1884.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1A7A.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1B63.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI1D14.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2269.tmp- =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2429.tmp- =>Empty

MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED
MOVED

folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:
folder:

C:\WINDOWS\Installer\MSI261D.tmp- =>Empty
C:\WINDOWS\Installer\MSI2A11.tmp- =>Empty
C:\WINDOWS\Installer\MSI2B3.tmp- =>Empty
C:\WINDOWS\Installer\MSI2B92.tmp- =>Empty
C:\WINDOWS\Installer\MSI2C0.tmp- =>Empty
C:\WINDOWS\Installer\MSI321B.tmp- =>Empty
C:\WINDOWS\Installer\MSI3533.tmp- =>Empty
C:\WINDOWS\Installer\MSI375C.tmp- =>Empty
C:\WINDOWS\Installer\MSI3762.tmp- =>Empty
C:\WINDOWS\Installer\MSI3D1F.tmp- =>Empty
C:\WINDOWS\Installer\MSI3DD.tmp- =>Empty
C:\WINDOWS\Installer\MSI4222.tmp- =>Empty
C:\WINDOWS\Installer\MSI46D6.tmp- =>Empty
C:\WINDOWS\Installer\MSI4D11.tmp- =>Empty
C:\WINDOWS\Installer\MSI4F8C.tmp- =>Empty
C:\WINDOWS\Installer\MSI5251.tmp- =>Empty
C:\WINDOWS\Installer\MSI56.tmp- =>Empty
C:\WINDOWS\Installer\MSI586D.tmp- =>Empty
C:\WINDOWS\Installer\MSI5906.tmp- =>Empty
C:\WINDOWS\Installer\MSI5D40.tmp- =>Empty
C:\WINDOWS\Installer\MSI5E18.tmp- =>Empty
C:\WINDOWS\Installer\MSI5FBF.tmp- =>Empty
C:\WINDOWS\Installer\MSI60D9.tmp- =>Empty
C:\WINDOWS\Installer\MSI638C.tmp- =>Empty
C:\WINDOWS\Installer\MSI6FE.tmp- =>Empty
C:\WINDOWS\Installer\MSI7F56.tmp- =>Empty
C:\WINDOWS\Installer\MSI83F.tmp- =>Empty
C:\WINDOWS\Installer\MSI89AB.tmp- =>Empty
C:\WINDOWS\Installer\MSI907A.tmp- =>Empty
C:\WINDOWS\Installer\MSI993D.tmp- =>Empty
C:\WINDOWS\Installer\MSIA39F.tmp- =>Empty
C:\WINDOWS\Installer\MSIB337.tmp- =>Empty
C:\WINDOWS\Installer\MSIB849.tmp- =>Empty
C:\WINDOWS\Installer\MSIB8F.tmp- =>Empty
C:\WINDOWS\Installer\MSIBBC3.tmp- =>Empty
C:\WINDOWS\Installer\MSIC104.tmp- =>Empty
C:\WINDOWS\Installer\MSIC47F.tmp- =>Empty
C:\WINDOWS\Installer\MSICC7F.tmp- =>Empty
C:\WINDOWS\Installer\MSID366.tmp- =>Empty
C:\WINDOWS\Installer\MSIDD69.tmp- =>Empty
C:\WINDOWS\Installer\MSIDEF0.tmp- =>Empty
C:\WINDOWS\Installer\MSIEB26.tmp- =>Empty
C:\WINDOWS\Installer\MSIEBF.tmp- =>Empty
C:\WINDOWS\Installer\MSIEE9A.tmp- =>Empty
C:\WINDOWS\Installer\MSIEFCF.tmp- =>Empty
C:\WINDOWS\Installer\MSIF127.tmp- =>Empty
C:\WINDOWS\Installer\MSIF170.tmp- =>Empty
C:\WINDOWS\Installer\MSIF3EF.tmp- =>Empty
C:\WINDOWS\Installer\MSIF59E.tmp- =>Empty
C:\WINDOWS\Installer\MSIFAA1.tmp- =>Empty
C:\WINDOWS\Installer\MSIFE6.tmp- =>Empty
C:\WINDOWS\Installer\MSIFFC4.tmp- =>Empty

---\\ Registry ( Key, Value, Data) (33)

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAs
sistant [Tencent, Inc.] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr [Te
ncent] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\266a4cfe-d10e-4854-a030-66225fd799

aa [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\303609ee-b738-4c33-ab98-3b089df5f2
c8 [] =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\f27168de-3ead-43c0-8f12-5c0d03f0e8
db [] =>PUP.Optional.CrossRider
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QMUdisk [C:\Program Files (
x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys (Not File)] =>.Superfluous.Te
ncent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QQPCRTP [C:\Program Files (
x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe (Not File)] =>.Superfluous.Tenc
ent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QQRepair17eb [C:\Program Fi
les (x86)\Tencent\QQPCMGR\Plugins\QQRepair17eb (Not File)] =>.Superfluous.Tence
nt
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\QQSysMonX64 [C:\Program Fil
es (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys (Not File)] =>.Superflu
ous.Tencent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\softaal [C:\Program Files (
x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys (Not File)] =>.Superfluous.Te
ncent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\TS888x64 [C:\Program Files
(x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys (Not File)] =>.Superfluous.Te
ncent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\TSDefenseBt [C:\Program Fil
es (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys (Not File)] =>.Superf
luous.Tencent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\tsnethlpx64 [C:\Program Fil
es (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys (Not File)] =>.Superflu
ous.Tencent
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\TSSysKit [C:\Program Files
(x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys (Not File)] =>.Superfluous.
Tencent
DELETED key*: HKCU\Software\AfUE72NN5W [] =>Heuristic.Pirrit
DELETED key*: HKCU\Software\DV6LxrZ9sMOA [] =>Heuristic.Pirrit
DELETED key*: HKEY_USERS\S-1-5-21-2125870949-286909542-1051841551-1001\SOFTWARE\
DailyPcClean [] =>PUP.Optional.DailyPCClean
DELETED key*: HKEY_USERS\S-1-5-21-2125870949-286909542-1051841551-1001\SOFTWARE\
Tencent [] =>.Superfluous.Tencent
DELETED key*: HKEY_USERS\.DEFAULT\Software\Tencent [] =>.Superfluous.Tencent
DELETED key: HKCU\Software\DailyPcClean [] =>PUP.Optional.DailyPCClean
DELETED key: HKCU\Software\Tencent [] =>.Superfluous.Tencent
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoli
cy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0} [C:\Program Files (x86)\Common Files\T
encent\QQPhoneManager\2.0.201.3192 (Not File)] =>.Superfluous.Tencent
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoli
cy\{639B74F1-0594-432C-97C8-68C8C17A1E1D} [C:\Program Files (x86)\Tencent\QQPCMg
r\11.4.17339.217\Plugins\QQPCB1AndroidJmp (Not File)] =>.Superfluous.Tencent
DELETED key*: HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUni
nstall [{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}] =>.Superfluous.Tencent
DELETED key*: HKCU\Software\Microsoft\Tinstalls [] =>PUP.Optional.DesktopPlay
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96
BCB446EB8552E [globalupdate Helper] =>PUP.Optional.GlobalUpdate
DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCR
TP [service] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Use
rData\S-1-5-18\Components\0630D25DD5987F00B6A0CE8FF9637EF9 [02:\Software\Microso
ft\IpOverUsbSdk\RPCSurrogate03\LocalAddress (Not File)] =>.Superfluous.PCSpeedU
p
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Use
rData\S-1-5-18\Components\06C64C0CDFB44B5B799CB2AE94026E00 [02:\Software\Microso

ft\IpOverUsbSdk\RPCSurrogate07\DestinationAddress (Not File)] =>.Superfluous.PC

SpeedUp
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SrpnFiles [] =>.Superfluous.Sprin
gFiles
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent [] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencentdl_RASAPI
32 [] =>.Superfluous.Tencent
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Ri
ghts\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975} [C:\Program Files (x
86)\Tencent\QQPCMgr\11.4.17339.217\ (Not File)] =>.Superfluous.Tencent
---\\ Summary of the elements found (15)
http://www.nicolascoolman.fr/?p=4664 =>Heuristic.Pirrit
http://www.nicolascoolman.fr/?p=4664 =>Heuristic.Suspect
http://www.nicolascoolman.fr/?p=401 =>PUP.Optional.Downware
http://www.nicolascoolman.fr/?p=4664 =>Hacktool.Office
http://www.nicolascoolman.fr/?p=368 =>.Superfluous.Tencent
http://www.nicolascoolman.fr/?p=989 =>HackTool.KMSpico
http://www.nicolascoolman.fr/?p=182 =>PUP.Optional.EORezo
http://www.nicolascoolman.fr/http://www.nicolascoolman.info/2016/04/21/riskwarequicktime/ =>Riskware.QuickTime
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.SaveSerpNow
http://www.nicolascoolman.fr/?p=180 =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/pup-optional-dailypcclean/ =>PUP.Optional.DailyPCC
lean
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.DesktopPlay
http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate
http://www.nicolascoolman.fr/?p=1255 =>.Superfluous.PCSpeedUp
http://www.nicolascoolman.fr/http://www.nicolascoolman.com/forum/post33538.html#
p33538 =>.Superfluous.SpringFiles
---\\ Other deletions. (27)
~ Registry Keys Tracing deleted (27)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
---\\ Statistics
~ Items scanned : 1737
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 113
~ End of clean in 00h01mn35s
~====================
ZHPCleaner-[R]-26042016-07_19_02.txt
ZHPCleaner-[S]-26042016-06_16_28.txt
ZHPCleaner-[S]-26042016-07_15_06.txt