~ ZHPCleaner v2021.4.3.289 by Nicolas Coolman (2021/04/03) ~ Run by Wolf Giuliano (Administrator) (11/04/2021 17:27:54) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Scan ~ Report : C:\Users\Wolf Giuliano\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\Wolf Giuliano\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (36) FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\Wolf Giuliano\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\background.html =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\background.js =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\config.json =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\manifest.json =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\test.js =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\tr.js =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\images\chromium.svg =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\images\shadow.png =>Hijacker.Browser FOUND file: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\delenot =>PUP.Optional.WinYahoo FOUND file: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\fodati =>PUP.Optional.WinYahoo FOUND file: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove =>PUP.Optional.WinYahoo FOUND file: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\uninst.exe =>PUP.Optional.WinYahoo FOUND file: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\uninstp.dat =>PUP.Optional.WinYahoo FOUND folder: C:\ProgramData\ByteFence\RTOP =>SUP.Optional.ByteFence FOUND folder: C:\ProgramData\ByteFence =>SUP.Optional.ByteFence FOUND folder: C:\Users\Wolf Giuliano\AppData\Roaming\DiskDefrag =>SUP.Optional.AuslogicsDiskDefrag FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0 =>Hijacker.Browser FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\images =>Hijacker.Browser FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C} =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\chromium-min.jpg =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\control panel-min-min.JPG =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\down.png =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\ff menu.JPG =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\ff search engine-min.png =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\HowToRemove.html =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\hp-min ff.png =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\hp-min ie.png =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\search engine.gif =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\setup pages.gif =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\sp-min.png =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\start-min.jpg =>PUP.Optional.WinYahoo FOUND folder: C:\Users\Wolf Giuliano\AppData\Local\{61A857F4-4500-3B4C-2898-1EA40CF0E23C}\HowToRemove\up.png =>PUP.Optional.WinYahoo ---\\ Registry ( Key, Value, Data) (22) FOUND key: HKLM\SOFTWARE\Wow6432Node\ByteFence [AdditionalScan 292] =>SUP.Optional.ByteFence FOUND key: HKLM\SOFTWARE\ByteFence [AdditionalScan 406] =>SUP.Optional.ByteFence FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\.avi [Torch.avi] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\.torrent [Torch.torrent] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Magnet [Torch.torrent] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Torch.avi [avi video] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Torch.flv [flv video] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Torch.mkv [mkv video] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Torch.mp4 [mp4 video] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Torch.pdf [pdf] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Torch.torrent [] =>.SUP.Torch FOUND key: HKEY_USERS\S-1-5-21-827842777-1566831252-2564548899-1000\SOFTWARE\Classes\Torch.vob [vob video] =>.SUP.Torch FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6EF58B71-E1DD-4821-AFF2-C41EB65BAD14}\\DhcpNameServer [Bad : 181.213.132.4 181.213.132.5] =>Hijacker.Browser FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7C694CF0-3948-486C-A2F3-864F337C939C}\\DhcpNameServer [Bad : 181.213.132.4 181.213.132.5] =>Hijacker.Browser FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E7C12020-7978-4D99-9B7C-88AF00526183}\\DhcpNameServer [Bad : 181.213.132.4 181.213.132.5] =>Hijacker.Browser FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.4 181.213.132.5] =>Hijacker.Browser FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX [Adobe] =>Riskware.FlashPlayer FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI [Adobe] =>Riskware.FlashPlayer FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI [Adobe] =>Riskware.FlashPlayer FOUND key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player NPAPI Notifier [] =>Riskware.FlashPlayer FOUND key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier [] =>Riskware.FlashPlayer FOUND key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater [] =>Riskware.FlashPlayer ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/forum/Topic/winyahoo-logiciel-optionnel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.WinYahoo https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>SUP.Optional.ByteFence https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>SUP.Optional.AuslogicsDiskDefrag https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Torch https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer ---\\ Result of repair ~ Any repair made ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ Opera Stable OK ---\\ Statistics ~ Items scanned : 67860 ~ Items found : 92 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h13mn19s ---\\ Reports (2) ZHPCleaner-[S]-08042021-15_24_01.txt ZHPCleaner-[S]-11042021-17_41_13.txt