~ ZHPCleaner v2018.7.25.153 by Nicolas Coolman (2018/07/25)
~ Run by Maple Bear (Administrator)  (27/07/2018 06:47:09)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Maple Bear\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Maple Bear\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17134)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (1)
CLOSED : KMSEmulator  =>HackTool.WinActivator


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (37)
MOVED file: C:\Users\Maple Bear\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ÂµTorrent.lnk  [Bad : C:\Users\Maple Bear\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Users\Maple Bear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent.lnk  [Bad : C:\Users\Maple Bear\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\ProgramData\KMSAutoS\bin\KMSSS.exe [MDL Forum, mod by Ratiborus - KMS Server Emulator Service (XP)]  =>HackTool.WinActivator
MOVED file: C:\WINDOWS\System32\drivers\powzip.sys    =>PUP.Optional.Powzip
MOVED file: C:\Program Files\ZTUzZWM3NDExNGQ0ZWU\YjZjZWFiYjljMDE3.exe    =>PUP.Optional.Wajam
MOVED file: C:\ProgramData\KMSAutoS\KMSAuto Net.exe [MSFree Inc. - KMSAuto Net]  =>HackTool.WinActivator
MOVED file: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico
MOVED file^: C:\Windows\SysWOW64\SSL    =>Trojan.Agent
MOVED folder: C:\Program Files (x86)\Powzip  =>PUP.Optional.Powzip
MOVED folder: C:\Program Files (x86)\publicHotsp  =>.SUP.Tuto4PC
MOVED folder: C:\Program Files\0OHMFYB6MA  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\0R2FMMGO2K  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\5S6YIMOOLV  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\A949NS6C3O  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\D3YPSE3AM8  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\FXGNA9PN30  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\K1YIWLVSU3  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\K7BMDM64GL  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder: C:\Program Files\NNPQZSCWCG  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\THZ1V89HI1  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\U7QH33N86O  =>Heuristic.Wizzcaster
MOVED folder: C:\Program Files\V1OBNIOUTS  =>Heuristic.Wizzcaster
MOVED folder: C:\ProgramData\a1e1d860-3303-0  =>.SUP.Polluteware
MOVED folder: C:\ProgramData\a1e1d860-46b7-1  =>.SUP.Polluteware
MOVED folder: C:\ProgramData\KMSAutoS  =>HackTool.WinActivator
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\5ytpwjxdug4  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\gzz1uzfnff0  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\hjjtnhr3eko  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\ifhcspx2ikc  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\mplwzptjvre  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\pttczbotijo  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\t2rvsfmayfl  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Roaming\zlolaxqabgi  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Maple Bear\AppData\Local\MSfree Inc  =>HackTool.WinActivator
MOVED folder: C:\ProgramData\PrefsSecure  =>PUP.Optional.LogicHandler
MOVED folder: C:\ProgramData\Logic Cramble  =>PUP.Optional.LogicHandler


---\\  Registry ( Key, Value, Data) (34)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuLH2byhe[...]] [Search the web]  =>PUP.Optional.IMBooster
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch [https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuLH2byhe[...]] [Search the web]  =>PUP.Optional.IMBooster
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuLH2byhed3g02SoNi4QVwBEebRpqZKmL_uily4GbZLL5c-S2_83jfzjLCAmslX9v8De2p5UnTR7OZrqAUl5oA_ue9MzCBuSLwL1DlNXSVcG90YL-2yIJZX4Sswdk_vLMu9IVABAQ0j4HcDatBJ1d2V25xmG_Gr&q={searchTerms}]  =>PUP.Optional.IMBooster
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch [https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuLH2byhed3g02SoNi4QVwBEebRpqZKmL_uily4GbZLL5c-S2_83jfzjLCAmslX9v8De2p5UnTR7OZrqAUl5oA_ue9MzCBuSLwL1DlNXSVcG90YL-2yIJZX4Sswdk_vLMu9IVABAQ0j4HcDatBJ1d2V25xmG_Gr&q={searchTerms}]  =>PUP.Optional.IMBooster
DELETED key*: HKCU\Software\WajIEnhance []  =>PUP.Optional.Wajam
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\KMSEmulator [C:\ProgramData\KMSAutoS\bin\KMSSS.exe (Not File)]  =>HackTool.WinActivator
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\powzip [C:\WINDOWS\System32\drivers\powzip.sys (Not File)]  =>PUP.Optional.Powzip
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\ZTUzZWM3NDExNGQ0ZWU [C:\Program Files\ZTUzZWM3NDExNGQ0ZWU\YjZjZWFiYjljMDE3.exe (Not File)]  =>PUP.Optional.Wajam
DELETED key*: HKEY_USERS\S-1-5-21-4216877997-3920459586-2356809368-1001\SOFTWARE\mtApService []  =>PUP.Optional.Salus
DELETED key: HKEY_USERS\S-1-5-21-4216877997-3920459586-2356809368-1001\SOFTWARE\WajIEnhance []  =>PUP.Optional.WaEnhance
DELETED key: HKCU\Software\mtApService []  =>PUP.Optional.Salus
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net []  =>.SUP.AkamaiHD
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\convert2mp3.net []  =>PUP.Optional.ConvertMe
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\onesystemcare.com []  =>PUP.Optional.OneSystemCare
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\savefrom.net []  =>PUP.Optional.SaverOn
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\studiosolsolr-a.akamaihd.net []  =>.SUP.AkamaiHD
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.onesystemcare.com []  =>PUP.Optional.OneSystemCare
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yt-adblocker.com []  =>PUP.Optional.Adblocker
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yt-adblocker.com []  =>PUP.Optional.Adblocker
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net []  =>.SUP.AkamaiHD
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\convert2mp3.net [109]  =>PUP.Optional.ConvertMe
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\onesystemcare.com []  =>PUP.Optional.OneSystemCare
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\savefrom.net []  =>PUP.Optional.SaverOn
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\studiosolsolr-a.akamaihd.net []  =>.SUP.AkamaiHD
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.onesystemcare.com [545]  =>PUP.Optional.OneSystemCare
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yt-adblocker.com [94]  =>PUP.Optional.Adblocker
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yt-adblocker.com []  =>PUP.Optional.Adblocker
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 []  =>PUP.Optional.Wajam
DELETED key*: [X64] HKLM\SOFTWARE\SrcAAAesom Browser Enhancer []  =>PUP.Optional.Wajam
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09E7DB5DFD393BFC24F638CD98CC350E [C:\Program Files (x86)\Samsung\Settings\CmdServer\CommandSystemPowerEvent.dll]  =>PUP.Optional.Multiplug
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\mtApService []  =>PUP.Optional.Salus
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\SrcAAAesom Browser Enhancer []  =>PUP.Optional.Wajam
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 []  =>PUP.Optional.Wajam


---\\  Summary of the elements found (19)
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2018/07/07/pup-optional-powzip/  =>PUP.Optional.Powzip
https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/  =>PUP.Optional.Wajam
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Trojan.Agent
https://nicolascoolman.eu/2017/01/01/adware-tuto4pc-publichotspot/  =>.SUP.Tuto4PC
https://nicolascoolman.eu/2017/09/15/adware-wizzcaster/  =>Heuristic.Wizzcaster
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Polluteware
https://nicolascoolman.eu/2017/01/04/pup-optional-logichandler/  =>PUP.Optional.LogicHandler
https://nicolascoolman.eu/2017/09/08/adware-imbooster/  =>PUP.Optional.IMBooster
https://nicolascoolman.eu/2017/09/07/pup-optional-salus/  =>PUP.Optional.Salus
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.WaEnhance
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/  =>.SUP.AkamaiHD
https://www.nicolascoolman.com/fr/pup-convertme/  =>PUP.Optional.ConvertMe
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.OneSystemCare
https://www.nicolascoolman.com/fr/pup-saveron/  =>PUP.Optional.SaverOn
https://nicolascoolman.eu/2017/01/28/adware-adblocker/  =>PUP.Optional.Adblocker
https://www.anti-malware.top/2016/04/28/pup-optional-multiplug/  =>PUP.Optional.Multiplug


---\\  Other deletions. (50)
~ Registry Keys Tracing deleted (50)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 505
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h01mn00s

---\\  Reports (2)
ZHPCleaner-[S]-27072018-06_46_01.txt
ZHPCleaner-[R]-27072018-06_48_09.txt