~ ZHPCleaner v2024.1.26.4 by Nicolas Coolman (2024/01/26) ~ Run by rafae (Administrator) (04/02/2024 12:46:38) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\rafae\OneDrive\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\rafae\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 11, 64-bit (Build 23620) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (10) MOVED file: C:\Users\rafae\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: C:\Users\rafae\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: C:\Users\rafae\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\rafae\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Windows\Prefetch\KERNEL_PNP-OUTBYTE-PC-REPAIR.-A116C10B.pf =>SUP.Optional.Outbyte MOVED file: C:\ProgramData\SquirrelMachineInstalls\Discord.exe [Discord Inc. - Discord - https://discord.com/] =>.SUP.Discord MOVED folder: C:\Users\rafae\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\rafae\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\rafae\AppData\Local\Opera Software\Opera GX Stable\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\rafae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc =>.SUP.Discord ---\\ Registry ( Key, Value, Data) (10) DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86db7be1-8317-4cc0-b32b-904a8e99ba7e}\\DhcpNameServer [Bad : 181.213.132.4 181.213.132.5] =>Hijacker.Browser DELETED key*: [X64] HKLM\SOFTWARE\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 [] =>Adware.CrossRider DELETED key*: [X64] HKLM\SOFTWARE\81bfc699-f883-50c7-b674-2483b6baae23 [] =>Adware.CrossRider DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\1D0EC6DE-4A80-4CC3-A335-E6E41C951198 [] =>Adware.CrossRider DELETED key*: HKEY_USERS\S-1-5-21-366692056-171916002-775530353-1001\SOFTWARE\Discord [] =>.SUP.Discord DELETED key*: HKEY_USERS\S-1-5-21-366692056-171916002-775530353-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo DELETED key*: HKEY_USERS\S-1-5-21-366692056-171916002-775530353-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol] =>.SUP.Discord DELETED key**: HKCU\Software\Discord [] =>.SUP.Discord DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.] =>.SUP.Discord DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Outbyte [] =>SUP.Optional.Outbyte ---\\ Summary of the elements found (8) https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/forum/Topic/-logiciel-potentiellement-superflu-lps/ =>SUP.Optional.Outbyte https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/ =>.SUP.Discord https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo ---\\ Other deletions. (5) ~ Registry Keys Tracing deleted (5) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Microsoft Edge OK ~ Microsoft Internet Explorer OK ~ Opera GX Stable OK ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1129 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 10/18 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h00mn22s ---\\ Reports (2) ZHPCleaner-[S]-04022024-12_44_36.txt ZHPCleaner-[R]-04022024-12_47_00.txt