~ ZHPCleaner v2018.6.10.133 by Nicolas Coolman (2018/06/10)
~ Run by Mohamed (Administrator)  (12/06/2018 07:19:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Mohamed\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Mohamed\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (1)
CLOSED : Service KMSELDI  =>HackTool.KMSpico


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
DELETED task: [AutoPico Daily Restart] [C:\Program Files\KMSpico\AutoPico.exe (Not File) ]  =>HackTool.KMSpico


---\\  Explorer ( File, Folder) (21)
MOVED file: C:\Users\Mohamed\Desktop\ÂµTorrent.lnk  [Bad : C:\Users\Mohamed\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Users\Mohamed\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ÂµTorrent.lnk  [Bad : C:\Users\Mohamed\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Program Files\KMSpico\Service_KMS.exe [@ByELDI - Service_KMS]  =>HackTool.KMSpico
MOVED file: C:\Program Files\KMSpico\AutoPico.exe [@ByELDI - AutoPico]  =>HackTool.KMSpico
MOVED file: C:\Users\Mohamed\Downloads\KMSpico 10 1 8 2 FINAL   Portable (Office and Windows 10 Activator) [TechTools]-[rarbg.to].torrent    =>HackTool.KMSpico
MOVED file: C:\Users\Mohamed\Downloads\KMSPico 10.2.2.iso    =>HackTool.KMSpico
MOVED file: C:\Users\Mohamed\Downloads\Programs\uTorrent.exe [BitTorrent Inc. - ÂµTorrent]  =>BitTorrent (P2P)
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_adjustlaptopbrightness.en.softonic.com_0.localstorage    =>.SUP.Softonic
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_adjustlaptopbrightness.en.softonic.com_0.localstorage-journal    =>.SUP.Softonic
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_en.softonic.com_0.localstorage    =>.SUP.Softonic
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_en.softonic.com_0.localstorage-journal    =>.SUP.Softonic
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystartab.com_0.localstorage    =>.SUP.MyStartab
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystartab.com_0.localstorage-journal    =>.SUP.MyStartab
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mystartabsearch.com_0.localstorage    =>.SUP.MyStartab
MOVED file: C:\Users\Mohamed\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mystartabsearch.com_0.localstorage-journal    =>.SUP.MyStartab
MOVED file: C:\Windows\SECOH-QAD.dll    =>HackTool.KMSpico
MOVED file: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico
MOVED folder: C:\Program Files (x86)\KMSPico  =>HackTool.KMSpico
MOVED folder: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\Users\Mohamed\Downloads\KMSpico 10.1.8.2 FINAL + Portable (Office and Windows 10 Activator) [TechTools.NET]  =>HackTool.KMSpico


---\\  Registry ( Key, Value, Data) (6)
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe (Not File)]  =>HackTool.KMSpico
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1 [KMSpico]  =>HackTool.KMSpico
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_AB1F151C5559B7EAF179528929D24797 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5]  =>PUP.Optional.MyBrowser
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{77217732-64C2-42A2-A968-DC13E566C98D} [C:\Program Files\KMSpico\Service_KMS.exe]  =>HackTool.KMSpico
DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{930DF735-2D6A-4016-A037-8DA31AE386A0} [C:\Program Files\KMSpico\Service_KMS.exe]  =>HackTool.KMSpico


---\\  Summary of the elements found (5)
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Softonic
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.MyStartab
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser


---\\  Other deletions. (12)
~ Registry Keys Tracing deleted (12)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 513
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h00mn20s

---\\  Reports (2)
ZHPCleaner-[S]-12062018-07_15_17.txt
ZHPCleaner-[R]-12062018-07_20_16.txt