~ ZHPFix v2020.9.2.227 by Nicolas Coolman (2020/09/02)
~ Run by Florian (Administrator)  (04/09/2020 21:34:24)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Report : C:\Users\Florian\Desktop\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 18362)



---\\  SCRIPT DE L'UTILISATEUR.  (34)
Script ZHPFix
CreateRestorePoint
EmptyPrefetch
Emptytemp
EmptyCLSID
EmptyFlash
EmptyProxy
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32  =>.SUP.Orphan
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}  =>.SUP.Orphan
HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32  =>.SUP.Orphan
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32  =>.SUP.Orphan
C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
HKU\S-1-5-21-97555643-2867532121-1221499364-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com  =>PUP.Optional.LavasoftWebCompanion
HKCU\Software\Lavasoft
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com  =>PUP.Optional.LavasoftWebCompanion
HKLM\SOFTWARE\Wow6432Node\Lavasoft
HKLM\SOFTWARE\Lavasoft
HKU\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\Lavasoft
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion  =>PUP.Optional.LavasoftWebCompanion
[HKEY_USERS\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion  =>PUP.Optional.LavasoftWebCompanion
O69 - SBI: prefs.js [Florian - f0dnf5qn.default] user_pref("browser.newtab.url", "https://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2020-04-26 10:20:22&bName=&bitmask=0600[...]  =>SUP.Optional.DefaultSearch
O69 - SBI: prefs.js [Florian - f0dnf5qn.default] user_pref("browser.newtabpage.url", "https://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2020-04-26 10:20:22&bName=&bitmask=[...]  =>SUP.Optional.DefaultSearch
O69 - SBI: prefs.js [Florian - ocme19r3.default-release] user_pref("browser.newtab.url", "https://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2020-04-26 10:20:22&bName=&bitmask=0600[...]  =>SUP.Optional.DefaultSearch
O69 - SBI: prefs.js [Florian - ocme19r3.default-release] user_pref("browser.newtabpage.url", "https://defaultsearch.co/homepage?hp=1&pId=BT170603&iDate=2020-04-26 10:20:22&bName=&bitmask=[...]  =>SUP.Optional.DefaultSearch
O4 - GS\Quicklaunch [Florian]: Avast Secure Browser.lnk . (...) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --check-run=src=quicklaunch  [Unsigned]
HKLM\SOFTWARE\Avast Software  =>.AVAST Software
HKLM\SOFTWARE\WOW6432Node\Avast Software  =>.AVAST Software
HKCU\SOFTWARE\Avast Software  =>.AVAST Software
HKCU\SOFTWARE\AvastAdSDK  =>.Avast Software s.r.o
HKU\.DEFAULT\SOFTWARE\AVAST Software  =>.AVAST Software
HKU\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\Avast Software  =>.AVAST Software
HKU\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\AvastAdSDK  =>.Avast Software s.r.o
O43 - CFD: 03/09/2020 - [] D -- C:\ProgramData\Avast Software  =>.AVAST Software
O43 - CFD: 03/09/2020 - [] D -- C:\Users\Florian\AppData\Local\AVAST Software  =>.AVAST Software


---\\  LOGICIEL.  (0)


---\\  SERVICE.  (0)


---\\  TÂCHE PLANIFIÉE.  (0)


---\\  NAVIGATEUR INTERNET.  (2)
DEPLACÉ Fichier  Preferences: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\f0dnf5qn.default\prefs.js
DEPLACÉ Fichier  Preferences: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\ocme19r3.default-release\prefs.js


---\\  EXPLORATEUR ( Dossiers, Fichiers ).  (22)
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\MBAMInstallerService.exe
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\sqlite3.exe
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\aria-debug-15440.log
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\AvastBrowser_installer.log
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\mbsetup.log
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\restoro-downloader.log
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\StructuredQuery.log
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\a56d7bce-c989-463e-9c2f-19db2711157a.tmp
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\bc50167a-5fb1-40fc-8300-f2d55fc5bdf9.tmp
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\dbd7536f-0f5f-4951-a55c-18657f184bdf.tmp
SUPPRIMÉ Redémarrage  Fichier Temp^: C:\Users\Florian\AppData\Local\Temp\nslD9C9.tmp
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\wct1258.tmp
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\wct1518.tmp
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\wct7B7E.tmp
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\ack.txt
SUPPRIMÉ Redémarrage  Fichier Temp^: C:\Users\Florian\AppData\Local\Temp\FXSAPIDebugLogFile.txt
DEPLACÉ Fichier Temp: C:\Users\Florian\AppData\Local\Temp\log.txt
SUPPRIMÉ Redémarrage  Fichier Temp^: C:\Users\Florian\AppData\Local\Temp\scoped_dir4612_1368614388
SUPPRIMÉ Dossier : C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\File System\000  
SUPPRIMÉ Redémarrage  Fichier  Shortcut^: C:\Users\Florian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
SUPPRIMÉ Dossier : C:\ProgramData\Avast Software  
SUPPRIMÉ Dossier : C:\Users\Florian\AppData\Local\AVAST Software  


---\\  REGISTRE ( Clés, Valeurs, Données ).  (22)
SUPPRIMÉ Clé: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32  [WinRAR32  ]
SUPPRIMÉ Redémarrage  Clé ^: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} 
SUPPRIMÉ Clé: HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32  [WinRAR32  ]
SUPPRIMÉ Clé: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32  [WinRAR32  ]
SUPPRIMÉ Clé: HKU\S-1-5-21-97555643-2867532121-1221499364-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com  [webcompanion.com  ]
SUPPRIMÉ Clé: HKCU\Software\Lavasoft [Lavasoft]
ABSENT Clé: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com 
SUPPRIMÉ Clé: HKLM\SOFTWARE\Wow6432Node\Lavasoft [Lavasoft]
ABSENT Clé: HKLM\SOFTWARE\Lavasoft
ABSENT Clé: HKU\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\Lavasoft
VERROUILLÉ Valeur : Web Companion  [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
VERROUILLÉ Valeur : Web Companion  [HKEY_USERS\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
SUPPRIMÉ Clé: HKLM\SOFTWARE\Avast Software  [Avast Software  ]
ABSENT Clé: HKLM\SOFTWARE\WOW6432Node\Avast Software 
SUPPRIMÉ Clé: HKCU\SOFTWARE\Avast Software  [Avast Software  ]
SUPPRIMÉ Clé: HKCU\SOFTWARE\AvastAdSDK  [AvastAdSDK  ]
SUPPRIMÉ Clé: HKU\.DEFAULT\SOFTWARE\AVAST Software  [AVAST Software  ]
ABSENT Clé: HKU\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\Avast Software 
ABSENT Clé: HKU\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\AvastAdSDK 
~ EmptyProxy: Aucune modification.
SUPPRIMÉ Valeur: Web Companion   [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
SUPPRIMÉ Valeur: Web Companion   [HKEY_USERS\S-1-5-21-97555643-2867532121-1221499364-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]


---\\  COMMANDE.  (5)
CreateRestorePoint: OK
~ EmptyPrefetch: Fichiers Prefetcher supprimés (215)
~ EmptyTemp: Dossier Local temp partiellement vidé  (18)
~ EmptyCSID: Dossiers CLSID vides supprimés  (0)
~ EmptyFlash: Fichiers Temporaires supprimés. (2)


---\\  NON TRAITÉ.  (0)

~ Le système a été redémarré.

***** ~ Fin de rapport terminé en 00mn00s