~ ZHPCleaner v2019.9.30.146 by Nicolas Coolman (2019/09/30)
~ Run by tatyr (Administrator) (02/10/2019 02:19:18)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Nettoyer
~ Report : C:\Users\tatyr\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\tatyr\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)


---\\ ALTERNATE DATA STREAM (ADS). (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\ SERVICE. (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\ NAVIGATEUR INTERNET. (0)
~ Aucun élément malicieux ou superflu trouvé.


---\\ FICHIER HÔTE. (1)
~ Le fichier hôte est corrompu avec des lignes vides. (1048590)


---\\ TÂCHE PLANIFIÉE. (1)
SUPPRIMÉ tâche: [AutoKMS] [C:\Windows\AutoKMS\AutoKMS.exe (Not File) ] =>HackTool.AutoKMS


---\\ EXPLORATEUR ( Dossiers, Fichiers ). (29)
DEPLACÉ fichier: C:\Users\tatyr\Desktop\BitTorrent.lnk [Bad : C:\Users\tatyr\AppData\Roaming\BitTorrent\BitTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
DEPLACÉ fichier: C:\Users\tatyr\Desktop\µTorrent.lnk [Bad : C:\Users\tatyr\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
DEPLACÉ fichier: C:\Users\tatyr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [Bad : C:\Users\tatyr\AppData\Roaming\BitTorrent\BitTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
DEPLACÉ fichier: C:\Users\tatyr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\tatyr\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P)
DEPLACÉ fichier: C:\Users\tatyr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk [Bad : C:\Users\tatyr\AppData\Local\Host App Service\Engine\HostAppService.exe](.SweetLabs, Inc.) =>SUP.Optional.SweetLabs
DEPLACÉ fichier: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] =>HackTool.AutoKMS
DEPLACÉ fichier: C:\Windows\Prefetch\WINDOWS KMS ACTIVATOR ULTIMAT-2C0BE72F.pf =>Hacktool.Office
DEPLACÉ fichier: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSCore.dll [SweetLabs, Inc. - SLSCore] =>SUP.Optional.SweetLabs
DEPLACÉ fichier: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSLib.dll [SweetLabs, Inc. - SLSLib] =>SUP.Optional.SweetLabs
DEPLACÉ fichier: C:\Users\tatyr\AppData\Local\Temp\cne2ovsm3fv.exe [MAL - ShutdownTime Setup] =>Adware.ICLoader
DEPLACÉ fichier: C:\Documents and Settings\tatyr\Local Settings\Application Data\Temp\csrss\cloudnet.exe [EpicNet Inc. - Cloud Net] =>Adware.MSIL
DEPLACÉ fichier: C:\Documents and Settings\tatyr\Local Settings\Application Data\Temp\191271093\ic-0.1b8ca537c03e64.exe [Microleaves - This installer database contains the logic] =>SUP.Optional.Microleaves
DEPLACÉ fichier: C:\Documents and Settings\tatyr\Local Settings\Application Data\Temp\191271093\ic-0.5032c1a985730c.exe [NA - NA] =>SUP.Optional.Linkury
DEPLACÉ fichier*: C:\Program Files (x86)\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ fichier: C:\Windows\rss\csrss.exe =>Trojan.Dropper
DEPLACÉ fichier: C:\Windows\windefender.exe =>Trojan.Agent
DEPLACÉ fichier: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS
DEPLACÉ fichier: C:\Users\tatyr\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [SweetLabs, Inc - Host App Service Updater] =>SUP.Optional.SweetLabs
DEPLACÉ fichier*: C:\ProgramData\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\Program Files (x86)\Microleaves =>SUP.Optional.Microleaves
DEPLACÉ dossier: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS
DEPLACÉ dossier: C:\Windows\AutoKMS =>HackTool.AutoKMS
DEPLACÉ dossier: C:\Users\tatyr\AppData\Roaming\EpicNet Inc =>Adware.MSIL
DEPLACÉ dossier: C:\Users\tatyr\AppData\Roaming\Microleaves =>SUP.Optional.Microleaves
DEPLACÉ dossier: C:\Users\tatyr\AppData\Local\AdvinstAnalytics =>.SUP.Various
DEPLACÉ dossier: C:\Program Files (x86)\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Application Data\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion
DEPLACÉ dossier: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion =>PUP.Optional.LavasoftWebCompanion


---\\ BASE DE REGISTRES ( Clés, Valeurs, Données ). (37)
SUPPRIMÉ donnée: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1bd63e1a-6440-46ca-8e85-d018733d237a}\\DhcpNameServer [Bad : 160.119.161.33 160.119.160.33] =>Hijacker.Browser
SUPPRIMÉ donnée: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3c3e0800-3898-4a15-9932-7846e5520256}\\DhcpNameServer [Bad : 160.119.161.33 160.119.160.33] =>Hijacker.Browser
SUPPRIMÉ donnée: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 160.119.161.33 160.119.160.33] =>Hijacker.Browser
SUPPRIMÉ clé*: HKEY_USERS\.DEFAULT\Software\Lavasoft\Web Companion [AdditionalScan 26] =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÉ clé**: HKEY_USERS\S-1-5-18\Software\Lavasoft\Web Companion [AdditionalScan 28] =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÉ clé*: HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion [AdditionalScan 298] =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÉ clé**: HKLM\SOFTWARE\Lavasoft\Web Companion [AdditionalScan 414] =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÉ clé*: HKEY_USERS\S-1-5-21-345721236-1066375672-1796325985-1003\SOFTWARE\EpicNet Inc. [] =>Adware.MSIL
SUPPRIMÉ clé**: HKCU\Software\EpicNet Inc. [] =>Adware.MSIL
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent [BitTorrent Inc.] =>BitTorrent (P2P)
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudNet [EpicNet Inc.] =>Adware.MSIL
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service [SweetLabs for Lenovo] =>SUP.Optional.SweetLabs
SUPPRIMÉ clé*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P)
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akamaihd.net [] =>.SUP.AkamaiHD
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pxlgnpgecom-a.akamaihd.net [] =>.SUP.AkamaiHD
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com [] =>SUP.Optional.Solvusoft
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com [] =>SUP.Optional.Solvusoft
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akamaihd.net [] =>.SUP.AkamaiHD
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pxlgnpgecom-a.akamaihd.net [42] =>.SUP.AkamaiHD
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com [] =>SUP.Optional.Solvusoft
SUPPRIMÉ clé*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com [] =>SUP.Optional.Solvusoft
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A [Online Application] =>SUP.Optional.Microleaves
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4C6D00564386418B357E6097ECF3E [02:\Software\Microleaves\ (Not File)] =>SUP.Optional.Microleaves
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 [] =>SUP.Optional.Microleaves
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 [] =>SUP.Optional.Microleaves
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 [] =>SUP.Optional.Microleaves
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4 [] =>SUP.Optional.Microleaves
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5 [] =>SUP.Optional.Microleaves
SUPPRIMÉ clé^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6 [] =>SUP.Optional.Microleaves
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microleaves [] =>SUP.Optional.Microleaves
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Windows KMS Activator Ultimate 2019 4_RASAPI32 [] =>Hacktool.Office
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Windows KMS Activator Ultimate 2019 4_RASMANCS [] =>Hacktool.Office
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} [Microleaves] =>SUP.Optional.Microleaves
SUPPRIMÉ clé*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d555a43a-e861-4631-897b-cb5fdaf19129} [Lavasoft] =>PUP.Optional.LavasoftWebCompanion
SUPPRIMÉ valeur: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CloudNet ["C:\Users\tatyr\AppData\Roaming\EpicNet Inc\CloudN] =>Adware.MSIL
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\TCP Query User{22ABC5A5-899E-4C4A-A6D6-C8545B05F8B9}C:\users\taty raoul sylvain\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\taty raoul sylvain\appdata\roaming\cacaow] =>.SUP.CacaoWeb
SUPPRIMÉ valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\UDP Query User{6E8891A8-11C9-4EA3-8BA1-CE7635E467A7}C:\users\taty raoul sylvain\appdata\roaming\cacaoweb\cacaoweb.exe [C:\users\taty raoul sylvain\appdata\roaming\cacaow] =>.SUP.CacaoWeb


---\\ RÉCAPITULATIF DES ÉLÉMENTS TROUVÉS SUR VOTRE STATION. (16)
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>SUP.Optional.SweetLabs
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Hacktool.Office
https://nicolascoolman.eu/2018/06/12/adware-icloader/ =>Adware.ICLoader
https://nicolascoolman.eu/2017/09/13/adware-msil/ =>Adware.MSIL
https://nicolascoolman.eu/2017/12/24/sup-microleaves/ =>SUP.Optional.Microleaves
https://nicolascoolman.eu/2017/09/07/pup-optional-salus/ =>SUP.Optional.Linkury
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.Dropper
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.Agent
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Various
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/ =>.SUP.AkamaiHD
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>SUP.Optional.Solvusoft
https://nicolascoolman.eu/2017/01/15/superfluous-cacaoweb/ =>.SUP.CacaoWeb


---\\ NETTOYAGE ADDITIONNEL. (68)
~ Suppression des Clés de registre Tracing. (68)
~ Suppression des anciens rapports ZHPCleaner. (0)


---\\ BILAN DE LA REPARATION
~ Réparation réalisée avec succès.
~ Google Chrome OK
~ Internet Explorer OK
~ Le système a été redémarré.


---\\ STATISTIQUES
~ Items scannés : 1242
~ Items trouvés : 1
~ Items annulés : 0
~ Items options : 6/13
~ Gain de place (Octets) : 0


~ End of clean in 00h02mn04s

---\\ LISTE DES RAPPORTS (2)
ZHPCleaner-[S]-02102019-02_07_08.txt
ZHPCleaner-[R]-02102019-02_21_22.txt