Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ ZHPFix v2019.8.20.123 by Nicolas Coolman (2019/08/20)
~ Run by Cha (Administrator) (21/08/2019 19:18:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Certificate ZHPFix: Legal
~ State version : Version OK
~ Report : C:\Users\Cha\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)
---\\ SCRIPT DE L'UTILISATEUR. (90)
Script Zhpfix
O38 - TASK: {DABF2B61-0488-43C8-BD87-31BB7E511C44} [64Bits][\WebDiscover Browser Update Task] - (.DESKTOP-UBDNRUU\Cha - Browser.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe [918240]
C:\Windows\System32\Tasks\WebDiscover Browser Update Task - (.DESKTOP-UBDNRUU\Cha.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe [--update]
O4 - HKCU\..\Run: [WebDiscoverBrowser] . (. - Browser.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] . (. - .) -- /q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe (.Not File.)
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] . (. - .) -- /q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe (.Not File.)
O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
G2 - GCE: Preference [Cha][User Data\Default\Extensions] [ehlceeijggpdgfcefmipcmdelickjgfg] Hermes Tab
G2 - GCE: Preference [Cha][User Data\Default\Extensions] [nahhmpbckpgdidfnmfkfgiflpjijilce] Search Manager
G2 - GCE: Preference [Cha][User Data\Default\Extensions] [pilplloabdedfmialnfchjomjmpjcoej] Search Manager
O4 - GS\Programs [Cha]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\Programs [defaultuser0]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\Programs [Family]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\Programs [Public]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\ProgramsCommon [Public]: HowToRemove.html.lnk . (...) C:\Users\Cha\AppData\Local\{CB9AFDC6-EF32-917E-82AA-B496A6C2480E}\HowToRemove\HowToRemove.html
O4 - GS\ProgramsCommon [Public]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{CB9AFDC6-EF32-917E-82AA-B496A6C2480E}\HowToRemove\HowToRemove.html
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:WebDiscoverBrowser
HKU\.DEFAULT\Software\ByteFence
HKU\S-1-5-18\Software\ByteFence
HKCU\Software\WebDiscoverBrowser
HKCU\Software\csastats
HKCU\Software\ProductSetup
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
HKCU\SOFTWARE\nuevos-programas.com
O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH2: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:ByteFence.exe
C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe
C:\Windows\System32\Tasks\WebDiscover Browser Update Task
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej
C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg
C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
C:\ProgramData\ByteFence
C:\Users\Cha\AppData\Local\WebDiscoverBrowser
C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf
C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASMANCS
HKLM\SOFTWARE\McAfee.com =>.McAfee Inc.
HKLM\SOFTWARE\WOW6432Node\McAfee NGI =>.McAfee Inc.
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\003
O43 - CFD: 24/02/2018 - [] D -- C:\ProgramData\ByteFence =>.SUP.ByteFence
O43 - CFD: 12/08/2019 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 03/02/2018 - [] DC -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser =>Adware.WebDiscoverBrowser
O45 - LFCP:[MD5.B0787130850307265713E9A92D351C49] 12/08/2019 A -- C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf =>.SUP.ByteFence
O45 - LFCP:[MD5.ECACB5A22E6F003AAF7E468A68CCE155] 12/08/2019 A -- C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf =>.SUP.ByteFence
O69 - SBI: SearchScopes [HKCU] [64Bits]{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC} - (Surf Live) - http://www.surf-live.com/ =>.SUP.SurfLiveCom
O87 - FAEL: "{B1123E8D-76FF-48C5-B823-DA8B679C3966}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan
O87 - FAEL: "{DF5098DD-28CD-4376-829F-D45914333BCA}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan
HKU\.DEFAULT\Software\ByteFence
HKU\S-1-5-18\Software\ByteFence
HKCU\Software\WebDiscoverBrowser
HKU\S-1-5-21-4241389643-2301839562-2191970874-1000\SOFTWARE\McAfee =>.McAfee Inc.
HKCU\Software\csastats
HKCU\Software\ProductSetup
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\ByteFence\ByteFenceScan.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\ByteFence\ByteFenceScan.exe.ApplicationCompany
EmptyPrefetch
EmptyClsid
---\\ LOGICIEL. (0)
---\\ SERVICE. (0)
---\\ TÂCHE PLANIFIÉE. (2)
SUPPRIMÉ Redémarrage Clé Tasks^: HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABF2B61-0488-43C8-BD87-31BB7E511C44}
SUPPRIMÉ Redémarrage Clé Tasks^: HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DABF2B61-0488-43C8-BD87-31BB7E511C44}
---\\ NAVIGATEUR INTERNET. (0)
---\\ EXPLORATEUR ( Dossiers, Fichiers ). (11)
SUPPRIMÉ Redémarrage Dossier ^: C:\Users\Cha\AppData\Local\WebDiscoverBrowser
DEPLACÉ Fichier : C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf
DEPLACÉ Fichier : C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\000
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\001
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\002
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\003
SUPPRIMÉ Dossier : C:\ProgramData\McAfee
SUPPRIMÉ Redémarrage Dossier ^: C:\Users\Cha\AppData\Local\WebDiscoverBrowser
SUPPRIMÉ Dossier EmptyCLSID: C:\ProgramData\{00C23CFE-28EA-4486-70B2-6CAE985AB476}
SUPPRIMÉ Dossier EmptyCLSID: C:\Users\Cha\AppData\Local\{19422F1E-3DEA-43A6-5072-664E741A9AD6}
---\\ REGISTRE ( Clés, Valeurs, Données ). (46)
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ [/q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe (.Not File.)]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ [/q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe (.Not File.)]
SUPPRIMÉ Valeur Run: OneDriveSetup [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
SUPPRIMÉ Valeur Run: OneDriveSetup [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
ABSENT Clé: HKU\.DEFAULT\Software\ByteFence
ABSENT Clé: HKU\S-1-5-18\Software\ByteFence
ABSENT Clé: HKCU\Software\WebDiscoverBrowser
ABSENT Clé: HKCU\Software\csastats
ABSENT Clé: HKCU\Software\ProductSetup
ABSENT Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
ABSENT Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
ABSENT Clé: HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
ABSENT Clé: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
ABSENT Clé: HKCU\SOFTWARE\nuevos-programas.com
ABSENT Clé CMH: HKLM64\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
ABSENT Clé CMH: HKLM64\SOFTWARE\Classes\CLSID\B41DB860-8EE4-11D2-9906-E49FADC173CA}
ABSENT Clé CMH: HKLM64\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
ABSENT Clé CMH: HKLM64\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASMANCS
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS
ABSENT Clé: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
ABSENT Clé: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
ABSENT Clé: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
ABSENT Clé: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
ABSENT Clé: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
SUPPRIMÉ Clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC} [{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC}]
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASMANCS
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASMANCS
SUPPRIMÉ Clé: HKLM\SOFTWARE\McAfee.com [McAfee.com ]
SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\McAfee NGI [McAfee NGI ]
SUPPRIMÉ Valeur FirewallRules: {B1123E8D-76FF-48C5-B823-DA8B679C3966} [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Valeur FirewallRules: {DF5098DD-28CD-4376-829F-D45914333BCA} [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Clé: HKU\S-1-5-21-4241389643-2301839562-2191970874-1000\SOFTWARE\McAfee [McAfee ]
SUPPRIMÉ Valeur: WebDiscoverBrowser [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
SUPPRIMÉ Valeur: ByteFence.exe [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\Program Files\ByteFence\ByteFenceScan.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\Program Files\ByteFence\ByteFenceScan.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
---\\ COMMANDE. (2)
~ EmptyPrefetch: Fichiers Prefetcher supprimés (329)
~ EmptyCSID: Dossiers CLSID vides supprimés (2)
---\\ NON TRAITÉ. (0)
~ Le système a été redémarré.
***** ~ Fin de rapport terminé en 00h00mn50s
~ Run by Cha (Administrator) (21/08/2019 19:18:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Certificate ZHPFix: Legal
~ State version : Version OK
~ Report : C:\Users\Cha\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)
---\\ SCRIPT DE L'UTILISATEUR. (90)
Script Zhpfix
O38 - TASK: {DABF2B61-0488-43C8-BD87-31BB7E511C44} [64Bits][\WebDiscover Browser Update Task] - (.DESKTOP-UBDNRUU\Cha - Browser.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe [918240]
C:\Windows\System32\Tasks\WebDiscover Browser Update Task - (.DESKTOP-UBDNRUU\Cha.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe [--update]
O4 - HKCU\..\Run: [WebDiscoverBrowser] . (. - Browser.) -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] . (. - .) -- /q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe (.Not File.)
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] . (. - .) -- /q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe (.Not File.)
O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
G2 - GCE: Preference [Cha][User Data\Default\Extensions] [ehlceeijggpdgfcefmipcmdelickjgfg] Hermes Tab
G2 - GCE: Preference [Cha][User Data\Default\Extensions] [nahhmpbckpgdidfnmfkfgiflpjijilce] Search Manager
G2 - GCE: Preference [Cha][User Data\Default\Extensions] [pilplloabdedfmialnfchjomjmpjcoej] Search Manager
O4 - GS\Programs [Cha]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\Programs [defaultuser0]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\Programs [Family]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\Programs [Public]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{06E230BE-224A-5C06-4FD2-79EE6BBA8576}\HowToRemove\HowToRemove.html
O4 - GS\ProgramsCommon [Public]: HowToRemove.html.lnk . (...) C:\Users\Cha\AppData\Local\{CB9AFDC6-EF32-917E-82AA-B496A6C2480E}\HowToRemove\HowToRemove.html
O4 - GS\ProgramsCommon [Public]: HowToRemove.lnk . (...) C:\Users\Cha\AppData\Local\{CB9AFDC6-EF32-917E-82AA-B496A6C2480E}\HowToRemove\HowToRemove.html
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:WebDiscoverBrowser
HKU\.DEFAULT\Software\ByteFence
HKU\S-1-5-18\Software\ByteFence
HKCU\Software\WebDiscoverBrowser
HKCU\Software\csastats
HKCU\Software\ProductSetup
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
HKCU\SOFTWARE\nuevos-programas.com
O108 - CMH1: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH2: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
O108 - CMH6: WinRAR32 [64Bits] - {B41DB860-8EE4-11D2-9906-E49FADC173CA} . (.Orphan.)
HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]:ByteFence.exe
C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe
C:\Windows\System32\Tasks\WebDiscover Browser Update Task
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej
C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg
C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce
C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
C:\ProgramData\ByteFence
C:\Users\Cha\AppData\Local\WebDiscoverBrowser
C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf
C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASMANCS
HKLM\SOFTWARE\McAfee.com =>.McAfee Inc.
HKLM\SOFTWARE\WOW6432Node\McAfee NGI =>.McAfee Inc.
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\001
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\002
C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\003
O43 - CFD: 24/02/2018 - [] D -- C:\ProgramData\ByteFence =>.SUP.ByteFence
O43 - CFD: 12/08/2019 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 03/02/2018 - [] DC -- C:\Users\Cha\AppData\Local\WebDiscoverBrowser =>Adware.WebDiscoverBrowser
O45 - LFCP:[MD5.B0787130850307265713E9A92D351C49] 12/08/2019 A -- C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf =>.SUP.ByteFence
O45 - LFCP:[MD5.ECACB5A22E6F003AAF7E468A68CCE155] 12/08/2019 A -- C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf =>.SUP.ByteFence
O69 - SBI: SearchScopes [HKCU] [64Bits]{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC} - (Surf Live) - http://www.surf-live.com/ =>.SUP.SurfLiveCom
O87 - FAEL: "{B1123E8D-76FF-48C5-B823-DA8B679C3966}" [In-None-P6-TRUE] .(...) -- C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan
O87 - FAEL: "{DF5098DD-28CD-4376-829F-D45914333BCA}" [In-None-P6-TRUE] .(...) -- C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (.not file.) =>.SUP.Orphan
HKU\.DEFAULT\Software\ByteFence
HKU\S-1-5-18\Software\ByteFence
HKCU\Software\WebDiscoverBrowser
HKU\S-1-5-21-4241389643-2301839562-2191970874-1000\SOFTWARE\McAfee =>.McAfee Inc.
HKCU\Software\csastats
HKCU\Software\ProductSetup
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\ByteFence\ByteFenceScan.exe.FriendlyAppName
[HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Program Files\ByteFence\ByteFenceScan.exe.ApplicationCompany
EmptyPrefetch
EmptyClsid
---\\ LOGICIEL. (0)
---\\ SERVICE. (0)
---\\ TÂCHE PLANIFIÉE. (2)
SUPPRIMÉ Redémarrage Clé Tasks^: HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABF2B61-0488-43C8-BD87-31BB7E511C44}
SUPPRIMÉ Redémarrage Clé Tasks^: HKLM64\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DABF2B61-0488-43C8-BD87-31BB7E511C44}
---\\ NAVIGATEUR INTERNET. (0)
---\\ EXPLORATEUR ( Dossiers, Fichiers ). (11)
SUPPRIMÉ Redémarrage Dossier ^: C:\Users\Cha\AppData\Local\WebDiscoverBrowser
DEPLACÉ Fichier : C:\Windows\Prefetch\BYTEFENCE.EXE-C79121AD.pf
DEPLACÉ Fichier : C:\Windows\Prefetch\BYTEFENCESERVICE.EXE-B68A323A.pf
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\000
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\001
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\002
SUPPRIMÉ Dossier : C:\Users\Cha\AppData\Local\Google\Chrome\User Data\Default\File System\003
SUPPRIMÉ Dossier : C:\ProgramData\McAfee
SUPPRIMÉ Redémarrage Dossier ^: C:\Users\Cha\AppData\Local\WebDiscoverBrowser
SUPPRIMÉ Dossier EmptyCLSID: C:\ProgramData\{00C23CFE-28EA-4486-70B2-6CAE985AB476}
SUPPRIMÉ Dossier EmptyCLSID: C:\Users\Cha\AppData\Local\{19422F1E-3DEA-43A6-5072-664E741A9AD6}
---\\ REGISTRE ( Clés, Valeurs, Données ). (46)
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Users\Cha\AppData\Local\WebDiscoverBrowser\3.210.2\browser.exe]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ [/q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe (.Not File.)]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ [/q /c del /q "C:\Users\Cha\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe (.Not File.)]
SUPPRIMÉ Valeur Run: OneDriveSetup [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
SUPPRIMÉ Valeur Run: OneDriveSetup [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
ABSENT Clé: HKU\.DEFAULT\Software\ByteFence
ABSENT Clé: HKU\S-1-5-18\Software\ByteFence
ABSENT Clé: HKCU\Software\WebDiscoverBrowser
ABSENT Clé: HKCU\Software\csastats
ABSENT Clé: HKCU\Software\ProductSetup
ABSENT Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
ABSENT Clé: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
ABSENT Clé: HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe
ABSENT Clé: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
ABSENT Clé: HKCU\SOFTWARE\nuevos-programas.com
ABSENT Clé CMH: HKLM64\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
ABSENT Clé CMH: HKLM64\SOFTWARE\Classes\CLSID\B41DB860-8EE4-11D2-9906-E49FADC173CA}
ABSENT Clé CMH: HKLM64\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
ABSENT Clé CMH: HKLM64\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASMANCS
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS
ABSENT Clé: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
ABSENT Clé: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
ABSENT Clé: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
ABSENT Clé: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32
ABSENT Clé: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
SUPPRIMÉ Clé: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC} [{E0CFC9BD-7D0B-4D09-8715-5E018AA285AC}]
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceService_RASMANCS
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASAPI32
ABSENT Clé Tracing: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFence_RASMANCS
SUPPRIMÉ Clé: HKLM\SOFTWARE\McAfee.com [McAfee.com ]
SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\McAfee NGI [McAfee NGI ]
SUPPRIMÉ Valeur FirewallRules: {B1123E8D-76FF-48C5-B823-DA8B679C3966} [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Valeur FirewallRules: {DF5098DD-28CD-4376-829F-D45914333BCA} [HKLM\SYSTEM\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]
SUPPRIMÉ Clé: HKU\S-1-5-21-4241389643-2301839562-2191970874-1000\SOFTWARE\McAfee [McAfee ]
SUPPRIMÉ Valeur: WebDiscoverBrowser [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
SUPPRIMÉ Valeur: ByteFence.exe [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.70.388.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\program files\windowsapps\spotifyab.spotifymusic_1.73.345.0_x86__zpdnekdrzrea0\spotify.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\Program Files\ByteFence\ByteFenceScan.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
SUPPRIMÉ Valeur: C:\Program Files\ByteFence\ByteFenceScan.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
---\\ COMMANDE. (2)
~ EmptyPrefetch: Fichiers Prefetcher supprimés (329)
~ EmptyCSID: Dossiers CLSID vides supprimés (2)
---\\ NON TRAITÉ. (0)
~ Le système a été redémarré.
***** ~ Fin de rapport terminé en 00h00mn50s