~ ZHPCleaner v2019.12.14.163 by Nicolas Coolman (2019/12/14)
~ Run by houakim (Administrator)  (15/12/2019 22:09:01)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\houakim\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\houakim\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 18362)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (1)
FOUND task: [Online Application V2G1] [C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe]  =>SUP.Optional.Microleaves


---\\  Explorer ( File, Folder) (32)
FOUND file: C:\Users\houakim\Desktop\µTorrent.lnk  [Bad : C:\Users\houakim\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
FOUND file: C:\Users\houakim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\houakim\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
FOUND file: C:\Program Files (x86)\Common Files\nedvmm.exe [001 - ByteDownload Microsoft 基础类应用程序]  =>Adware.Suspect
FOUND file: C:\Users\houakim\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
FOUND file: C:\Users\houakim\Desktop\µTorrent.lnk    =>BitTorrent (P2P)
FOUND file: C:\Users\houakim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk    =>BitTorrent (P2P)
FOUND file: C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [ - Application]  =>SUP.Optional.Microleaves
FOUND file: C:\Windows\Prefetch\KMSAUTO.EXE-DD29F48E.pf    =>HackTool.WinActivator
FOUND file: C:\Program Files (x86)\DreamTrips\Gadget.Xml    =>Heuristic.Wizzcaster
FOUND file: C:\Program Files (x86)\DreamTrips\seed.sfx.exe    =>Heuristic.Wizzcaster
FOUND file: C:\Program Files (x86)\DreamTrips\TrayIcon.ico    =>Heuristic.Wizzcaster
FOUND file: C:\Program Files (x86)\DreamTrips\unins000.dat    =>Heuristic.Wizzcaster
FOUND file: C:\Program Files (x86)\DreamTrips\unins000.exe [ - Setup/Uninstall]  =>Heuristic.Wizzcaster
FOUND folder: C:\Program Files (x86)\DreamTrips\images  =>Heuristic.Wizzcaster
FOUND folder: C:\Program Files (x86)\DreamTrips\lang  =>Heuristic.Wizzcaster
FOUND folder: C:\Program Files (x86)\Microleaves\Online Application  =>SUP.Optional.Microleaves
FOUND folder: C:\Program Files (x86)\DreamTrips  =>Heuristic.Wizzcaster
FOUND folder: C:\Program Files (x86)\Microleaves  =>SUP.Optional.Microleaves
FOUND file: C:\Program Files\WD04RXT9CZ\cast.config    =>Heuristic.Wizzcaster
FOUND file: C:\Program Files\WD04RXT9CZ\QSHBJ1JS7.exe [H - HJ]  =>Heuristic.Wizzcaster
FOUND file: C:\Program Files\WD04RXT9CZ\QSHBJ1JS7.exe.config    =>Heuristic.Wizzcaster
FOUND file: C:\Program Files\WD04RXT9CZ\uninstaller.exe [H - HJ]  =>Heuristic.Wizzcaster
FOUND file: C:\Program Files\WD04RXT9CZ\uninstaller.exe.config    =>Heuristic.Wizzcaster
FOUND folder: C:\Program Files\WD04RXT9CZ  =>Heuristic.Wizzcaster
FOUND folder: C:\Users\houakim\AppData\Roaming\Microleaves\Online Application 2.7.0  =>SUP.Optional.Microleaves
FOUND folder: C:\Users\houakim\AppData\Roaming\Microleaves  =>SUP.Optional.Microleaves
FOUND folder: C:\Users\houakim\AppData\Roaming\ScreenToGif  =>Heuristic.Wizzcaster
FOUND folder: C:\Users\houakim\Desktop\KMSAuto Lite Portable v1.2.1by SAIDAHMED TECH\KMSAuto Lite Portable v1.2.1 By SAIDAHMED TECH  =>HackTool.WinActivator
FOUND folder: C:\Users\houakim\Desktop\KMSAuto Lite Portable v1.2.1by SAIDAHMED TECH  =>HackTool.WinActivator
FOUND folder: C:\Documents and Settings\houakim\Desktop\KMSAuto Lite Portable v1.2.1by SAIDAHMED TECH\KMSAuto Lite Portable v1.2.1 By SAIDAHMED TECH  =>HackTool.WinActivator
FOUND folder: C:\Documents and Settings\houakim\Desktop\KMSAuto Lite Portable v1.2.1by SAIDAHMED TECH  =>HackTool.WinActivator
FOUND folder: C:\Users\houakim\AppData\Local\AdvinstAnalytics  =>.SUP.Various


---\\  Registry ( Key, Value, Data) (29)
FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare Ultimate ["C:\Program Files (x86)\IObit\Advanced SystemCare ]  =>SUP.Optional.AdvancedSystemCare
FOUND key: HKCU\Software\undefined [AdditionalScan 148]  =>.SUP.Downloader
FOUND key: HKEY_USERS\S-1-5-21-2190061228-2959031676-2612423266-1001\SOFTWARE\FastDataX []  =>Adware.FastDataX
FOUND key: HKCU\Software\FastDataX []  =>Adware.FastDataX
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net []  =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com []  =>SUP.Optional.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\kmplayer.en.softonic.com []  =>SUP.Optional.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pxlclnmdecom-a.akamaihd.net []  =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com []  =>SUP.Optional.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net []  =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com [43867]  =>SUP.Optional.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\kmplayer.en.softonic.com [45245]  =>SUP.Optional.Softonic
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pxlclnmdecom-a.akamaihd.net [42]  =>.SUP.AkamaiHD
FOUND key: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com []  =>SUP.Optional.Softonic
FOUND key: [X64] HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A [Online Application]  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4C6D00564386418B357E6097ECF3E [02:\Software\Microleaves\ (Not File)]  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2AE9B3C0743B7184F8583F011120670B [02:\Software\Microleaves\Online.io Application\Version (Not File)]  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0C677397618DB9468C2F1765D6A96BC [02:\Software\Microleaves\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\AI_IA_ENABLE (Not File)]  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D57A4440CAD48CB438325AB3183896F4 [02:\Software\Microleaves\Online Application\Version (Not File)]  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F91247D816A2A1C408834FA820DA6AC0 [C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe (Not File)]  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 []  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 []  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 []  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4 []  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5 []  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6 []  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microleaves []  =>SUP.Optional.Microleaves
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} [Microleaves]  =>SUP.Optional.Microleaves


---\\  Summary of the elements found (11)
https://nicolascoolman.eu/2017/12/24/sup-microleaves/  =>SUP.Optional.Microleaves
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/02/adware-suspect/  =>Adware.Suspect
https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/  =>HackTool.WinActivator
https://nicolascoolman.eu/2017/09/15/adware-wizzcaster/  =>Heuristic.Wizzcaster
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Various
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>SUP.Optional.AdvancedSystemCare
https://nicolascoolman.eu/2017/12/22/sup-downloader/  =>.SUP.Downloader
https://nicolascoolman.eu/2017/06/21/adware-fastdatax/  =>Adware.FastDataX
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/  =>.SUP.AkamaiHD
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>SUP.Optional.Softonic


---\\ Result of repair
~ Any repair made
~ Mozilla Firefox OK
~ Internet Explorer OK


---\\ Statistics
~ Items scanned : 93597
~ Items found : 79
~ Items cancelled : 0
~ Items options : 6/13
~ Space saving (bytes) : 0


~ End of search in 00h05mn25s

---\\  Reports (0)
ZHPCleaner-[S]-15122019-22_14_26.txt