Format du document : text/plain
Prévisualisation
~ ZHPFix v2021.1.12.268 by Nicolas Coolman (2021/01/12)
~ Run by Maurice (Administrator) (15/01/2021 15:21:09)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Report : C:\Users\Maurice\Bureau\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 19041)
---\\ SCRIPT DE L'UTILISATEUR. (32)
Script Zhpfix
SR - Boot [15/02/2019] [ 478392] 8A66EDB8 (8A66EDB8) . (.Kaspersky Lab ZAO.) - C:\WINDOWS\System32\drivers\8A66EDB8.sys =>.Kaspersky Lab®
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe =>.Wondershare Technology Co.,Ltd®
O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000 =>.SUP.Orphan
O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000 =>.SUP.Orphan
O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
[MD5.DB67E9196605D61D8278E5278777C71F] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216] [PID.8612] =>.Wondershare Technology Co.,Ltd®
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]:Wondershare Helper Compact.exe =>.Wondershare
HKLM\SOFTWARE\g3n-h@ckm@n =>.g3n-h@ckm@n
HKLM\SOFTWARE\McAfee.com =>.McAfee Inc.
HKLM\SOFTWARE\Wondershare =>.Wondershare
HKLM\SOFTWARE\WOW6432Node\Wondershare =>.Wondershare
HKCU\SOFTWARE\Wondershare =>.Wondershare
HKU\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Wondershare =>.Wondershare
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB
[HKEY_USERS\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB
O43 - CFD: 27/09/2020 - [0] D -- C:\Program Files (x86)\Lavasoft =>.Lavasoft
O43 - CFD: 24/09/2020 - [0] D -- C:\Program Files (x86)\WondershareUpdate =>.Wondershare
O43 - CFD: 27/09/2020 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft =>.Lavasoft
O43 - CFD: 27/09/2020 - [0] D -- C:\ProgramData\Lavasoft =>.Lavasoft
O43 - CFD: 26/09/2020 - [] D -- C:\ProgramData\Wondershare =>.Wondershare
O43 - CFD: 24/09/2020 - [] D -- C:\Program Files (x86)\Common Files\Wondershare =>.Wondershare
O43 - CFD: 27/09/2020 - [0] D -- C:\Users\Maurice\AppData\Roaming\Lavasoft =>.Lavasoft
O43 - CFD: 24/09/2020 - [] D -- C:\Users\Maurice\AppData\Roaming\Wondershare =>.Wondershare
O43 - CFD: 27/09/2020 - [0] D -- C:\Users\Maurice\AppData\Local\Lavasoft =>.Lavasoft
O43 - CFD: 24/09/2020 - [] D -- C:\Users\Maurice\AppData\Local\Wondershare =>.Wondershare
O69 - SBI: prefs.js [Maurice - 5ux2s2x7.default-release] user_pref('browser.newtab.url', 'https://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-09-22 05:02:15&bName=&bitmask=0600[...]
O69 - SBI: prefs.js [Maurice - 5ux2s2x7.default-release] user_pref('browser.newtabpage.url', 'https://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-09-22 05:02:15&bName=&bitmask=[...]
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx
EmptyPrefetch
EmptyClsid
---\\ LOGICIEL. (0)
---\\ SERVICE. (1)
REFUSÉ Service: HKLM\SYSTEM\CurrentControlSet\Services\8A66EDB8 [8A66EDB8.sys]
---\\ TÂCHE PLANIFIÉE. (0)
---\\ NAVIGATEUR INTERNET. (1)
DEPLACÉ Fichier Preferences: C:\Users\Maurice\AppData\Roaming\Mozilla\Firefox\Profiles\5ux2s2x7.default-release\prefs.js
---\\ EXPLORATEUR ( Dossiers, Fichiers ). (12)
REFUSÉ Fichier Service: C:\WINDOWS\System32\drivers\8A66EDB8.sys
DEPLACÉ Fichier Run: C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
SUPPRIMÉ Dossier : C:\Program Files (x86)\Lavasoft
SUPPRIMÉ Dossier : C:\Program Files (x86)\WondershareUpdate
SUPPRIMÉ Dossier : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
SUPPRIMÉ Dossier : C:\ProgramData\Lavasoft
SUPPRIMÉ Dossier : C:\ProgramData\Wondershare
SUPPRIMÉ Dossier : C:\Program Files (x86)\Common Files\Wondershare
SUPPRIMÉ Dossier : C:\Users\Maurice\AppData\Roaming\Lavasoft
SUPPRIMÉ Dossier : C:\Users\Maurice\AppData\Roaming\Wondershare
SUPPRIMÉ Dossier : C:\Users\Maurice\AppData\Local\Lavasoft
SUPPRIMÉ Dossier : C:\Users\Maurice\AppData\Local\Wondershare
---\\ REGISTRE ( Clés, Valeurs, Données ). (18)
SUPPRIMÉ Valeur Run: Wondershare Helper Compact.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\]
SUPPRIMÉ Valeur Run: OneDriveSetup [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
SUPPRIMÉ Valeur Run: OneDriveSetup [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
ABSENT Valeur Run: HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\ [0x020000000000000000000000]
ABSENT Valeur Run: HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\ [0x020000000000000000000000]
ABSENT Valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 []
ABSENT Clé: HKLM\SOFTWARE\g3n-h@ckm@n
ABSENT Clé: HKLM\SOFTWARE\McAfee.com
SUPPRIMÉ Redémarrage Clé ^: HKLM\SOFTWARE\Wondershare
SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\Wondershare [Wondershare ]
SUPPRIMÉ Clé: HKCU\SOFTWARE\Wondershare [Wondershare ]
ABSENT Clé: HKU\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Wondershare
SUPPRIMÉ Valeur : AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
ABSENT Valeur: HKEY_USERS\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run []
SUPPRIMÉ Clé: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx [ FileSyncEx]
SUPPRIMÉ Valeur: Wondershare Helper Compact.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
SUPPRIMÉ Valeur: AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
SUPPRIMÉ Valeur: AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB [HKEY_USERS\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
---\\ COMMANDE. (2)
~ EmptyPrefetch: Fichiers Prefetcher supprimés (179)
~ EmptyCSID: Dossiers CLSID vides supprimés (0)
---\\ NON TRAITÉ. (1)
[MD5.DB67E9196605D61D8278E5278777C71F] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216] [PID.8612]
~ Le système a été redémarré.
***** ~ Fin de rapport terminé en 39mn21s