~ ZHPCleaner v2015.12.30.409 by Nicolas Coolman (2015/12/30)
~ Run by Mon ordi (Administrator)  (30/12/2015 20:00:53)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : No network file
~ Type : Repair
~ Report : C:\Users\monordi\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\monordi\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (4)
DELETED task: [AutoKMS] [C:\Windows\AutoKMS\AutoKMS.exe (Not File) ]  =>HackTool.AutoKMS
DELETED task: [AutoPico Daily Restart] [C:\Program Files\KMSpico\AutoPico.exe (Not File) ]  =>HackTool.KMSpico
DELETED task: [Dregol ceme] [C:\ProgramData\{C7D22F11-9750-FE97-26D6-8E15F6545D9B}\1.17.0.1\fiber.js 433a2f50726f6772616d446174612f7b43374432324631312d393735302d464539372d323644362d3845313546363534354439427d2f312e31372e302e312f63656d652e646c6c 687474703a2f2f73616f2e72657164726,N/A,N/A,Enabled,Disabled (Not File) ]  =>PUP.Optional.Browser
DELETED task: [Run_dregol] [C:\Users\monordi\AppData\Roaming\RUN_DR~1\UPDATE~1\UPDATE~1.EXE (Not File) ]  =>PUP.Optional.Browser


---\\  Explorer ( File, Folder) (21)
MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS]  =>HackTool.AutoKMS
MOVED file: C:\Program Files\KMSpico\AutoPico.exe [ - AutoPico]  =>HackTool.KMSpico
MOVED file: C:\Users\monordi\AppData\Roaming\Run_dregol\UpdateProc\UpdateTask.exe    =>PUP.Optional.Browser
MOVED file: C:\Windows\Tasks\Run_dregol.job    =>PUP.Optional.Browser
MOVED file: C:\Users\monordi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Dregol.lnk    =>PUP.Optional.Browser
MOVED file: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico
MOVED file: C:\Windows\AutoKMS\AutoKMS.log    =>HackTool.AutoKMS
MOVED file: C:\Program Files\KMSpico\KMSELDI.exe [ - KMS GUI ELDI]  =>HackTool.KMSpico
MOVED folder: C:\Program Files (x86)\Run_Dregol  =>PUP.Optional.Browser
MOVED folder: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft Toolkit  =>HackTool.AutoKMS
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\WINDOWS\AutoKMS  =>HackTool.AutoKMS
MOVED folder: C:\Users\monordi\AppData\Roaming\Run_dregol  =>PUP.Optional.Browser
MOVED folder: C:\WINDOWS\Installer\MSI1F98.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2AF4.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2C7B.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2E22.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI2F7B.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI72B2.tmp-  =>Empty
MOVED folder: C:\WINDOWS\Installer\MSI8F05.tmp-  =>Empty


---\\  Registry ( Key, Value, Data) (18)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dstndrm_15_17&cd=2XzuyEtN2Y1L1Qzu0DtD0B0[...]] [Dregol]  =>PUP.Optional.Browser
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dstndrm_15_17&cd=2XzuyEtN2Y1L1Qzu0DtD0B0[...]] [Dregol]  =>PUP.Optional.Browser
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dstndrm_15_17&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzzyC0A0B0A0EtBtBzztDtN0D0Tzu0StCtBtDzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtBtC0E0C0DyEyEtGtC0DtAtAtG0FtB0AtAtG0B0F0AtBtGyEyDtB0EyCtC0CtB0DyE0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0DtD0EtA0FtGyBzytDyBtGyEzzyD0FtGzy0CtC0EtGyEtC0C0D0D0E0F0CzzyCtA0B2QtN0A0LzuyE&cr=1355576744&ir=]  =>PUP.Optional.Browser
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [http://www.dregol.com/results.php?f=4&q={searchTerms}&a=drg_dstndrm_15_17&cd=2XzuyEtN2Y1L1Qzu0DtD0B0Fzy0CzzyC0A0B0A0EtBtBzztDtN0D0Tzu0StCtBtDzztN1L2XzutAtFtCtDtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtBtC0E0C0DyEyEtGtC0DtAtAtG0FtB0AtAtG0B0F0AtBtGyEyDtB0EyCtC0CtB0DyE0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCyB0DtD0EtA0FtGyBzytDyBtGyEzzyD0FtGzy0CtC0EtGyEtC0C0D0D0E0F0CzzyCtA0B2QtN0A0LzuyE&cr=1355576744&ir=]  =>PUP.Optional.Browser
DELETED key*: HKEY_USERS\S-1-5-21-2170949315-2544428271-2605606912-1002\SOFTWARE\run_dregol []  =>PUP.Optional.Browser
DELETED key: HKCU\Software\run_dregol []  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\dregol.com []  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dregol.com []  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\ProductSetup []  =>Adware.InstallCore
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 [KMSpico v9.2.3]  =>HackTool.KMSpico
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DF3D07308614CB40A2BB00B74574B69 [C:\Program Files (x86)\Evernote\Evernote\NodeWebKit\present\lib\three.js\postprocessing\SavePass.js]  =>PUP.Optional.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{DF718A3C-FC34-47A9-B982-ABDC6F6AE797} [C:\Program Files\KMSpico\KMSELDI.exe]  =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{41E6E1BF-1546-43EF-A78A-9CABAF1EF962} [C:\Program Files\KMSpico\KMSELDI.exe]  =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{D42C9CF0-77C0-40CC-95BE-25EF6E9C7709} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{9C4ACF1B-2E1A-44D2-8D2E-4190137FF10C} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{F3650BCA-3861-4134-90AB-A91D3C6844B8} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{C3FB3821-7DE5-4F86-BBEF-ACE0BBF626E3} [C:\Program Files\KMSpico\AutoPico.exe]  =>HackTool.KMSpico


---\\  Summary of the elements found (6)
http://www.nicolascoolman.fr/?p=1804  =>HackTool.AutoKMS
http://www.nicolascoolman.fr/?p=989  =>HackTool.KMSpico
http://www.nicolascoolman.fr/?p=546  =>PUP.Optional.Browser
http://www.nicolascoolman.fr/?p=279  =>Adware.InstallCore
http://www.nicolascoolman.fr/?p=180  =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/?p=235  =>Toolbar.Ask


---\\  Other deletions. (34)
~ Registry Keys Tracing deleted (34)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 1008
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 43


~ End of clean in 00h01mn17s
===================
ZHPCleaner-[R]-30122015-20_02_10.txt
ZHPCleaner-[S]-30122015-19_45_23.txt
ZHPCleaner-[S]-30122015-19_58_20.txt