~ ZHPFix v2020.4.5.190 by Nicolas Coolman (2020/04/05)
~ Run by ilyes (Administrator)  (15/04/2020 18:21:42)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Certificate ZHPFix: Legal
~ State version : Version OK
~ Report : C:\Users\ilyes\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)



---\\  SCRIPT DE L'UTILISATEUR.  (73)
Script ZHPFix 
FirewallRaz 
EmptyPrefetch 
EmptyTemp 
EmptyFlash 

[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe [57344] [PID.2900] 
[MD5.5603C2C8940F5E43864D4000304AB175] - (.Copyright (C) - .) -- C:\Windows\Domino.exe [49152] [PID.2912] 
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphean =>.Microsoft Internet Explorer 
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe © 
O4 - HKLM\..\Run: [AdobeCEPServiceManager] . (.Adobe Systems Incorporated - Adobe CEP Service Manager.) -- C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe © 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe © 
O4 - HKLM\..\Run: [Syncios device service] . (...) -- C:\Program Files\Syncios\SynciosDeviceService.exe 
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe © 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe © 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe © 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe © 
O4 - HKLM\..\Run: [ZSSnp211] . (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe 
O4 - HKLM\..\Run: [Domino] . (.Copyright (C) - .) -- C:\Windows\Domino.exe 
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe © 
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © 
Read more at http://www.cjoint.com/c/EJFrm2EXius#dPlOOQfg7wPQVUPE.99
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe © 
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe © 
O4 - HKUS\S-1-5-21-2536906684-2532996388-3794283676-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe © 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8 
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: DhcpNameServer = 10.211.254.254 8.8.8.8 
[MD5.00000000000000000000000000000000] [APT] [MyBarStart] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [MyBarUpdate] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [Trojan Killer] (...) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (.not file.) [0] 
O42 - Logiciel: globalupdate Helper - (.globalupdate Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate
HKLM\SOFTWARE\McAfee.com
HKLM\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair 
HKCU\SOFTWARE\Bitdefender
HKCU\SOFTWARE\MCAFEE
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair
O43 - CFD: 25/10/2015 - [] D -- C:\Program Files\NixSrv =>PUP.Optional.Amonetize 
O43 - CFD: 30/08/2015 - [] D -- C:\ProgramData\ExtTag.quarantined =>PUP.Optional.ExtTag 
O43 - CFD: 06/07/2015 - [] D -- C:\ProgramData\IObit
O43 - CFD: 13/07/2015 - [] D -- C:\ProgramData\McAfee
O43 - CFD: 06/07/2015 - [] D -- C:\ProgramData\ProductData =>PUP.Optional.Generic
O43 - CFD: 06/07/2015 - [] D -- C:\Users\Home\AppData\Roaming\IObit
O43 - CFD: 29/07/2015 - [] D -- C:\Users\Home\AppData\Roaming\RHEng =>PUP.Optional.Conduit 
O43 - CFD: 25/07/2015 - [] D -- C:\Users\Home\AppData\Local\CrashRpt =>.Superfluous.CrashReports
O43 - CFD: 14/09/2015 - [0] D -- C:\Users\Home\AppData\Local\PackageAware =>PUP.Optional.BearShare 
O43 - CFD: 31/10/2015 - [] D -- C:\Users\Home\AppData\Local\temp 
O43 - CFD: 06/07/2015 - [0] SHD -- C:\Users\Home\AppData\Local\Temporary Internet Files 
O45 - LFCP:[MD5.A5F0953EB45164E7480207319E8C4220] 23/10/2015 A -- C:\Windows\Prefetch\LAVASOFT.SEARCHPROTECT.WINSER-9008E6D1.pf =>PUP.Optional.SearchProtect 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.alias", "oursurfing"); =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); =>PUP.Optional.SearchEngine 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.iconURL", "http://www.oursurfing.com/favicon.ico"); =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.name", "oursurfing"); =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.ptid", "amt"); =>PUP.Optional.SearchEngine 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.uid", "SAMSUNGXHD160JJXP_S0DFJ1TP115473"); =>PUP.Optional.SearchEngine 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("browser.search.searchengine.url", "http://www.oursurfing.com/web/?type=ds&ts=1440799809&z=e0abc42dd0ac491e841cf1eg9z5zd[...] =>PUP.Optional.OurSurfing 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("extensions.quick_start.enable_search1", false); =>PUP.Optional.QuickStart 
O69 - SBI: prefs.js [Home - 88lrblnz.default] user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); =>PUP.Optional.QuickStart 
O90 - PUC: "93BAD29AC2E44034A96BCB446EB8552E" . (.globalupdate Helper.) =>PUP.Optional.GlobalUpdate 
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Optional.GlobalUpdate 
HKLM\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair 
HKCU\SOFTWARE\Reimage =>PUP.Optional.ReImageRepair 
C:\Program Files\NixSrv =>PUP.Optional.Amonetize 
C:\ProgramData\ExtTag.quarantined =>PUP.Optional.ExtTag 
C:\ProgramData\ProductData =>PUP.Optional.Generic 
C:\Users\Home\AppData\Roaming\RHEng =>PUP.Optional.Conduit 
C:\Users\Home\AppData\Local\CrashRpt =>.Superfluous.CrashReports 
C:\Users\Home\AppData\Local\PackageAware =>PUP.Optional.BearShare 
C:\Windows\Prefetch\LAVASOFT.SEARCHPROTECT.WINSER-9008E6D1.pf =>PUP.Optional.SearchProtect 
HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate 
HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E =>PUP.Optional.GlobalUpdate 


---\\  LOGICIEL.  (1)
DESINSTALLER : {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}


---\\  SERVICE.  (0)


---\\  TÂCHE PLANIFIÉE.  (0)


---\\  NAVIGATEUR INTERNET.  (2)
ABSENT Donnée  URLSearchHooks:  [\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ABSENT Donnée  PhishingFilter: 0 [HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\\Enabled]


---\\  EXPLORATEUR ( Dossiers, Fichiers ).  (3)
SUPPRIMÉ Redémarrage  Dossier ^: C:\ProgramData\IObit
SUPPRIMÉ Redémarrage  Dossier ^: C:\ProgramData\McAfee
SUPPRIMÉ Redémarrage  Dossier ^: C:\ProgramData\ProductData 


---\\  REGISTRE ( Clés, Valeurs, Données ).  (25)
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\QuickTime\QTTask.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Syncios\SynciosDeviceService.exe]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Analog Devices\Core\smax4pnp.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\igfxtray.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\hkcmd.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\System32\igfxpers.exe ©]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\ZSSnp211.exe]
ABSENT Valeur Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Windows\Domino.exe]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Internet Download Manager\IDMan.exe ©]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Skype\Phone\Skype.exe ©]
ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\CCleaner\CCleaner.exe ©]
ABSENT Valeur Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Internet Download Manager\IDMan.exe ©]
ABSENT Valeur Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\Skype\Phone\Skype.exe ©]
ABSENT Valeur Run: HKU\S-1-5-21-2536906684-2532996388-3794283676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\CCleaner\CCleaner.exe ©]
REMPLACÉ Donnée  TCPIP: 10.211.254.254 8.8.8.8 [HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer]
ABSENT Clé: HKLM\SOFTWARE\McAfee.com
ABSENT Clé: HKLM\SOFTWARE\Reimage
ABSENT Clé: HKCU\SOFTWARE\Bitdefender
ABSENT Clé: HKCU\SOFTWARE\MCAFEE
ABSENT Clé: HKCU\SOFTWARE\Reimage
ABSENT Clé: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
ABSENT Clé: HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
SUPPRIMÉ Clé: HKLM\Software\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E [93BAD29AC2E44034A96BCB446EB8552E ]


---\\  COMMANDE.  (0)


---\\  NON TRAITÉ.  (8)
Script ZHPFix 
FirewallRaz 
[MD5.0560B36A9A58DCF6698545F9521EABF2] - (.ZSMCSNAP - ZSMCSNAP.) -- C:\Windows\ZSSnp211.exe [57344] [PID.2900] 
[MD5.5603C2C8940F5E43864D4000304AB175] - (.Copyright (C) - .) -- C:\Windows\Domino.exe [49152] [PID.2912] 
Read more at http://www.cjoint.com/c/EJFrm2EXius#dPlOOQfg7wPQVUPE.99
[MD5.00000000000000000000000000000000] [APT] [MyBarStart] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [MyBarUpdate] (...) -- C:\Program Files\MyBar\mbs.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [Trojan Killer] (...) -- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (.not file.) [0] 

~ Le système a été redémarré.

***** ~ Fin de rapport terminé en 00h00mn16s