~ ZHPCleaner v2018.11.7.193 by Nicolas Coolman (2018/11/07) ~ Run by walbe (Administrator) (10/11/2018 14:56:32) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\walbe\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\walbe\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Education, 64-bit (Build 17134) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;] =>Hijacker.Proxy ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) MOVED file: C:\Users\walbe\Desktop\µTorrent.lnk [Bad : C:\Users\walbe\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\walbe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\walbe\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Windows\KMS-R@1n.exe =>HackTool.WinActivator MOVED file^: C:\Windows\SysWOW64\SSL =>Trojan.Agent MOVED file: C:\program files (x86)\common files\Tencent\qqdownload\125\tencentdl.exe [Tencent - 腾讯高速下载引擎] =>.SUP.Tencent MOVED folder: C:\Program Files (x86)\Common Files\Tencent =>.SUP.Tencent MOVED folder: C:\ProgramData\Tencent =>.SUP.Tencent MOVED folder: C:\Users\walbe\AppData\Roaming\Tencent =>.SUP.Tencent MOVED folder: C:\Users\walbe\AppData\Local\XService =>Adware.Razy MOVED folder: C:\Users\walbe\AppData\Roaming\IObit\Advanced SystemCare =>.SUP.AdvancedSystemCare ---\\ Registry ( Key, Value, Data) (9) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key*: HKCU\Software\csastats [] =>Adware.InstallCore DELETED key*: HKCU\Software\ProductSetup [] =>Adware.InstallCore DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam DELETED key*: [X64] HKLM\SOFTWARE\Classes\bi [bi] =>Adware.FilesFrog DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{E3A4AE6F-AE74-4084-85E7-94FA7E42E08B} [C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe] =>.SUP.Tencent DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{DCC9F5A3-0C9C-4BC4-8719-0C06DE64708D} [C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe] =>.SUP.Tencent DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{B7209608-8AED-42FE-A57A-BF65A89F8356} [C:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe] =>.SUP.Tencent ---\\ Summary of the elements found (10) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.Agent https://nicolascoolman.eu/2017/02/23/tencentadressbar/ =>.SUP.Tencent https://www.anti-malware.top/2016/11/04/adware-razy/ =>Adware.Razy https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/ =>.SUP.AdvancedSystemCare https://nicolascoolman.eu/2017/09/19/adware-installcore-3/ =>Adware.InstallCore https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/ =>PUP.Optional.Wajam https://nicolascoolman.eu/2017/10/13/adware-filesfrog/ =>Adware.FilesFrog ---\\ Other deletions. (45) ~ Registry Keys Tracing deleted (45) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Google Chrome) ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 477 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn23s ---\\ Reports (2) ZHPCleaner-[S]-10112018-14_54_35.txt ZHPCleaner-[R]-10112018-14_56_55.txt