~ ZHPCleaner v2024.5.6.15 by Nicolas Coolman (2024/05/06)
~ Run by Rafa Matos (Administrator)  (17/05/2024 13:08:11)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Repair
~ Report : F:\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Rafa Matos\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 19045)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)


---\\  Hosts file (1)
~ The hosts file is legitimate (38)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (24)
MOVED file: C:\Users\Rafa Matos\AppData\Local\Vivaldi\User Data\Default\History    =>.SUP.BrowserHistoric
MOVED file: C:\Users\Rafa Matos\AppData\Local\Microsoft\Edge\User Data\Default\History    =>.SUP.BrowserHistoric
MOVED file: C:\Users\Rafa Matos\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: C:\Users\Rafa Matos\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: C:\Users\Rafa Matos\AppData\Roaming\discord.exe [ - Quasar Client]  =>Adware.Pirrit
MOVED file: C:\Users\Rafa Matos\AppData\Roaming\dllhost.exe [ - Quasar Client]  =>Adware.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\dllhost    =>Adware.Pirrit
MOVED file: C:\Users\Rafa Matos\AppData\Roaming\microsoft.exe [ - Quasar Client]  =>Adware.Pirrit
MOVED file*: C:\Windows\System32\Tasks\microsoft    =>Adware.Pirrit
MOVED file: C:\Users\Rafa Matos\AppData\Roaming\NVIDIA.exe [ - Quasar Client]  =>Adware.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\NVIDIA    =>Adware.Pirrit
MOVED file: C:\Users\Rafa Matos\AppData\Roaming\system32.exe [ - runpe22]  =>Adware.Pirrit
MOVED file: C:\Users\Rafa Matos\AppData\Roaming\win32.exe    =>Adware.Pirrit
MOVED file: C:\WINDOWS\System32\Tasks\conhost    =>Adware.GenericTask
MOVED file: C:\ProgramData\SquirrelMachineInstalls\Discord.exe [Discord Inc. - Discord - https://discord.com/]  =>.SUP.Discord
MOVED folder: C:\Users\Rafa Matos\AppData\Local\Vivaldi\User Data\User Data\Default\Cache\Cache_Data  =>.SUP.BrowserCache
MOVED folder: C:\Users\Rafa Matos\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data  =>.SUP.BrowserCache
MOVED folder: C:\Users\Rafa Matos\AppData\Local\Opera Software\Opera Stable\User Data\Default\Cache\Cache_Data  =>.SUP.BrowserCache
MOVED folder: C:\Users\Rafa Matos\AppData\Local\Mozilla\Firefox\Profiles\8er8muu6.default\Cache2  =>.SUP.BrowserCache
MOVED folder: C:\Users\Rafa Matos\AppData\Local\Mozilla\Firefox\Profiles\g4pkzrhy.default-release\Cache2  =>.SUP.BrowserCache
MOVED folder: C:\Program Files\Scrivener3  =>Heuristic.Wizzcaster
MOVED folder: C:\Users\Rafa Matos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc  =>.SUP.Discord
MOVED folder: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


---\\  Registry ( Key, Value, Data) (18)
DELETED key*: HKCU\Software\discord []  =>Adware.Pirrit
DELETED key^: HKCU\Software\microsoft []  =>Adware.Pirrit
DELETED key*: [X64] HKLM\SOFTWARE\ca7cbbf8-0d6f-5c45-8df4-959cbc5a6e63 []  =>Adware.CrossRider
DELETED key*: [X64] HKLM\SOFTWARE\da414c81-a9fd-5732-bd5e-8acced116298 []  =>Adware.CrossRider
DELETED key**: HKEY_USERS\S-1-5-21-2175187185-3767667556-3631598756-1001\SOFTWARE\Discord []  =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-2175187185-3767667556-3631598756-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol]  =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-2175187185-3767667556-3631598756-1001\SOFTWARE\Classes\discord-375540160571637760 [URL:Run game 375540160571637760 protocol]  =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-2175187185-3767667556-3631598756-1001\SOFTWARE\Classes\discord-445956193924546560 [URL:Run game 445956193924546560 protocol]  =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-2175187185-3767667556-3631598756-1001\SOFTWARE\Classes\discord-464045794530557953 [URL:Run game 464045794530557953 protocol]  =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-2175187185-3767667556-3631598756-1001\SOFTWARE\Classes\discord-530196305138417685 [URL:Run game 530196305138417685 protocol]  =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-2175187185-3767667556-3631598756-1001\SOFTWARE\Classes\discord-846871068744089620 [URL:Run game 846871068744089620 protocol]  =>.SUP.Discord
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.]  =>.SUP.Discord
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
DELETED key*: [X64] HKLM\SOFTWARE\Classes\com.adobe.animate.flv [FLV Video for Flash Player]  =>Riskware.FlashPlayer
DELETED key*: [X64] HKLM\SOFTWARE\Classes\NCH.Switch.flv [FLV Video for Flash Player]  =>Riskware.FlashPlayer
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05B6C6C5DBD17C8588F381F8D78C5F3A [C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\Lang\ja-JP\LayerPanelToolPlugin_strings_ja-JP.xml.fx]  =>PUP.Optional.ToolPlugin
DELETED key**: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Discord ["C:\Users\Rafa Matos\AppData\Local\Discord\Update.]  =>.SUP.Discord


---\\  Summary of the elements found (12)
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/  =>.SUP.BrowserHistoric
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Préférences Chromium
https://nicolascoolman.eu/2017/02/25/adware-pirrit/  =>Adware.Pirrit
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Adware.GenericTask
https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/  =>.SUP.Discord
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/  =>.SUP.BrowserCache
https://nicolascoolman.eu/2017/09/15/adware-wizzcaster/  =>Heuristic.Wizzcaster
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/  =>Adware.CrossRider
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>PUP.Optional.Camec
https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/  =>Riskware.FlashPlayer
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>PUP.Optional.ToolPlugin


---\\  Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Vivaldi OK
~ Microsoft Edge OK
~ Mozilla Firefox OK
~ Microsoft Internet Explorer OK
~ Opera Stable OK
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 1788
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18


---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed





~ End of clean in 00h00mn56s

---\\  Reports (2)
ZHPCleaner-[S]-17052024-13_01_13.txt
ZHPCleaner-[R]-17052024-13_09_07.txt