~ ZHPCleaner v2017.8.25.143 by Nicolas Coolman (2017/08/25)
~ Run by Sonia & Jasper (Administrator)  (27/08/2017 09:58:11)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\Sonia & Jasper\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Sonia & Jasper\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (64)
FOUND file: C:\ProgramData\InstallMate\{85B9ED48-58D2-4957-ABBC-10F05E5ACFBE}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup]  =>.SUP.Tarma
FOUND file: C:\ProgramData\InstallMate\{85B9ED48-58D2-4957-ABBC-10F05E5ACFBE}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library]  =>.SUP.Tarma
FOUND file: C:\ProgramData\InstallMate\{1DA1B109-1665-4AA5-A84E-5E47C64293FF}\Setup.exe [Tarma Software Research Pty Ltd - InstallMate® Setup]  =>.SUP.Tarma
FOUND file: C:\ProgramData\InstallMate\{1DA1B109-1665-4AA5-A84E-5E47C64293FF}\TsuDll.dll [Tarma Software Research Pty Ltd - InstallMate® Setup Library]  =>.SUP.Tarma
FOUND file: C:\Users\Sonia & Jasper\Downloads\FLVPlayerSetup-cy5TH9I.exe [ - Powered by BetterInstaller]  =>PUP.Optional.FLVPlayer
FOUND file: C:\Users\Sonia & Jasper\Downloads\iLividSetup (1).exe [Bandoo Media Inc - iLivid Install]  =>Adware.Bandoo
FOUND file: C:\Users\Sonia & Jasper\Downloads\iLividSetup-r1109-n-bc.exe [Bandoo Media Inc - iLivid Install]  =>Adware.Bandoo
FOUND file: C:\Users\Sonia & Jasper\Downloads\iLividSetup.exe [Bandoo Media Inc - iLivid Install]  =>Adware.Bandoo
FOUND file: C:\Users\Sonia & Jasper\Downloads\Popcorn-Time-0.3.4-Setup.exe [Popcorn Official - Popcorn Time v0.3.4 Installer]  =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\Downloads\Welcome to Torch Browser.flv    =>.SUP.Torch
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Temp\etilqs_2r0buKkP6WvW3It    =>.SUP.W3i
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3jdlwnuo8nsnr.cloudfront.net_0.localstorage-journal    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal    =>.SUP.CloudfrontNet
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage    =>.SUP.Atwola
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal    =>.SUP.Atwola
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage    =>PUP.Optional.Generic
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal    =>PUP.Optional.Generic
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage    =>.SUP.AkamaiHD
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal    =>.SUP.AkamaiHD
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wix-instantsearchplus-ssl.akamaized.net_0.localstorage    =>.SUP.AkamaiHD
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_wix-instantsearchplus-ssl.akamaized.net_0.localstorage-journal    =>.SUP.AkamaiHD
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_articulos.softonic.com_0.localstorage    =>.SUP.Softonic
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_articulos.softonic.com_0.localstorage-journal    =>.SUP.Softonic
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage    =>PUP.Optional.Chatango
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal    =>PUP.Optional.Chatango
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage    =>PUP.Optional.AddLyrics
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal    =>PUP.Optional.AddLyrics
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\app    =>Adware.CrossRider
FOUND folder: C:\ProgramData\InstallMate\3FC63FC2  =>.SUP.Tarma
FOUND folder: C:\ProgramData\InstallMate\BBE4D08E  =>.SUP.Tarma
FOUND folder: C:\ProgramData\InstallMate\{1DA1B109-1665-4AA5-A84E-5E47C64293FF}  =>.SUP.Tarma
FOUND folder: C:\ProgramData\InstallMate\{85B9ED48-58D2-4957-ABBC-10F05E5ACFBE}  =>.SUP.Tarma
FOUND folder: C:\ProgramData\InstallMate  =>.SUP.Tarma
FOUND file: C:\Users\Sonia & Jasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk    =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk    =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time  =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time\.git.json    =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time\package.json    =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time\Popcorn Time.lnk    =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time\Uninstall.exe [Popcorn Official - Popcorn Time v0.3.4 Installer]  =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\cookies    =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\cookies-journal    =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\QuotaManager    =>.SUP.PopcornTime
FOUND file: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\QuotaManager-journal    =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time\node-webkit  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time\node_modules  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time\src  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\Cache  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\data  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\databases  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\GPUCache  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\IndexedDB  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time\Local Storage  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn Time  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Popcorn-Time  =>.SUP.PopcornTime
FOUND folder: C:\Users\Sonia & Jasper\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ


---\\  Registry ( Key, Value, Data) (40)
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97 [Avast Software]  =>PUM.Misplaced.Certificate
FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\atwola.com []  =>.SUP.Atwola
FOUND key: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ol.at.atwola.com [123]  =>.SUP.Atwola
FOUND key: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
FOUND key: [X64] HKLM\SOFTWARE\Classes\Applications\iLividSetup (1).exe []  =>Adware.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 []  =>Toolbar.Ask
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS []  =>Toolbar.Ask
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASAPI32 []  =>Adware.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup (1)_RASMANCS []  =>Adware.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASAPI32 []  =>Adware.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetup_RASMANCS []  =>Adware.Bandoo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASAPI32 []  =>.SUP.Softonic
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASMANCS []  =>.SUP.Softonic


---\\  Summary of the elements found (18)
https://www.nicolascoolman.com/fr/pup-tarma/  =>.SUP.Tarma
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.FLVPlayer
https://nicolascoolman.eu/2017/02/23/adware-bandoo/  =>Adware.Bandoo
https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/  =>.SUP.PopcornTime
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Torch
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.W3i
https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/  =>.SUP.CloudfrontNet
https://nicolascoolman.eu/2017/02/04/superfluous-atwola/  =>.SUP.Atwola
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.AkamaiHD
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Softonic
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Chatango
https://nicolascoolman.eu/2017/02/24/pup-optional-addlyrics/  =>PUP.Optional.AddLyrics
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/  =>Adware.CrossRider
https://www.nicolascoolman.com/fr/adware-domaiq/  =>PUP.Optional.DomaIQ
https://nicolascoolman.eu/2017/06/26/trojan-certlock/  =>PUM.Misplaced.Certificate
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Camec
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask


---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 79209
~ Items found : 108
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h24mn43s
~====================
ZHPCleaner-[S]-27082017-10_22_54.txt