~ ZHPFix v2021.1.12.268 by Nicolas Coolman (2021/01/12)
~ Run by Maurice (Administrator)  (15/01/2021 15:21:09)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Report : C:\Users\Maurice\Bureau\ZHPFix.txt
~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 19041)



---\\  SCRIPT DE L'UTILISATEUR.  (32)
Script Zhpfix
SR - Boot   [15/02/2019] [  478392]  8A66EDB8 (8A66EDB8) . (.Kaspersky Lab ZAO.) - C:\WINDOWS\System32\drivers\8A66EDB8.sys  =>.Kaspersky LabÂ®
O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe  =>.Wondershare Technology Co.,LtdÂ®
O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000  =>.SUP.Orphan
O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000  =>.SUP.Orphan
O4 - HKUS\S-1-5-19\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
O4 - HKUS\S-1-5-20\..\StartupApproved\Run: [OneDriveSetup] . (. - .) -- 0x020000000000000000000000
[MD5.DB67E9196605D61D8278E5278777C71F] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216] [PID.8612]  =>.Wondershare Technology Co.,LtdÂ®
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]:Wondershare Helper Compact.exe  =>.Wondershare
HKLM\SOFTWARE\g3n-h@ckm@n  =>.g3n-h@ckm@n
HKLM\SOFTWARE\McAfee.com  =>.McAfee Inc.
HKLM\SOFTWARE\Wondershare  =>.Wondershare
HKLM\SOFTWARE\WOW6432Node\Wondershare  =>.Wondershare
HKCU\SOFTWARE\Wondershare  =>.Wondershare
HKU\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Wondershare  =>.Wondershare
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB
[HKEY_USERS\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB
O43 - CFD: 27/09/2020 - [0] D -- C:\Program Files (x86)\Lavasoft  =>.Lavasoft
O43 - CFD: 24/09/2020 - [0] D -- C:\Program Files (x86)\WondershareUpdate  =>.Wondershare
O43 - CFD: 27/09/2020 - [0] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft  =>.Lavasoft
O43 - CFD: 27/09/2020 - [0] D -- C:\ProgramData\Lavasoft  =>.Lavasoft
O43 - CFD: 26/09/2020 - [] D -- C:\ProgramData\Wondershare  =>.Wondershare
O43 - CFD: 24/09/2020 - [] D -- C:\Program Files (x86)\Common Files\Wondershare  =>.Wondershare
O43 - CFD: 27/09/2020 - [0] D -- C:\Users\Maurice\AppData\Roaming\Lavasoft  =>.Lavasoft
O43 - CFD: 24/09/2020 - [] D -- C:\Users\Maurice\AppData\Roaming\Wondershare  =>.Wondershare
O43 - CFD: 27/09/2020 - [0] D -- C:\Users\Maurice\AppData\Local\Lavasoft  =>.Lavasoft
O43 - CFD: 24/09/2020 - [] D -- C:\Users\Maurice\AppData\Local\Wondershare  =>.Wondershare
O69 - SBI: prefs.js [Maurice - 5ux2s2x7.default-release] user_pref('browser.newtab.url', 'https://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-09-22 05:02:15&bName=&bitmask=0600[...]
O69 - SBI: prefs.js [Maurice - 5ux2s2x7.default-release] user_pref('browser.newtabpage.url', 'https://defaultsearch.co/homepage?hp=1&pId=IC150206&iDate=2020-09-22 05:02:15&bName=&bitmask=[...]
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx
EmptyPrefetch
EmptyClsid


---\\  LOGICIEL.  (0)


---\\  SERVICE.  (1)
REFUSÃ Service: HKLM\SYSTEM\CurrentControlSet\Services\8A66EDB8 [8A66EDB8.sys]


---\\  TÃCHE PLANIFIÃE.  (0)


---\\  NAVIGATEUR INTERNET.  (1)
DEPLACÃ Fichier  Preferences: C:\Users\Maurice\AppData\Roaming\Mozilla\Firefox\Profiles\5ux2s2x7.default-release\prefs.js


---\\  EXPLORATEUR ( Dossiers, Fichiers ).  (12)
REFUSÃ Fichier  Service: C:\WINDOWS\System32\drivers\8A66EDB8.sys
DEPLACÃ Fichier  Run: C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
SUPPRIMÃ Dossier : C:\Program Files (x86)\Lavasoft  
SUPPRIMÃ Dossier : C:\Program Files (x86)\WondershareUpdate  
SUPPRIMÃ Dossier : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft  
SUPPRIMÃ Dossier : C:\ProgramData\Lavasoft  
SUPPRIMÃ Dossier : C:\ProgramData\Wondershare  
SUPPRIMÃ Dossier : C:\Program Files (x86)\Common Files\Wondershare  
SUPPRIMÃ Dossier : C:\Users\Maurice\AppData\Roaming\Lavasoft  
SUPPRIMÃ Dossier : C:\Users\Maurice\AppData\Roaming\Wondershare  
SUPPRIMÃ Dossier : C:\Users\Maurice\AppData\Local\Lavasoft  
SUPPRIMÃ Dossier : C:\Users\Maurice\AppData\Local\Wondershare  


---\\  REGISTRE ( ClÃ©s, Valeurs, DonnÃ©es ).  (18)
SUPPRIMÃ Valeur  Run: Wondershare Helper Compact.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\]
SUPPRIMÃ Valeur  Run: OneDriveSetup [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
SUPPRIMÃ Valeur  Run: OneDriveSetup [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\]
ABSENT Valeur Run: HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\ [0x020000000000000000000000]
ABSENT Valeur Run: HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\ [0x020000000000000000000000]
ABSENT Valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 []
ABSENT ClÃ©: HKLM\SOFTWARE\g3n-h@ckm@n 
ABSENT ClÃ©: HKLM\SOFTWARE\McAfee.com 
SUPPRIMÃ RedÃ©marrage  ClÃ© ^: HKLM\SOFTWARE\Wondershare 
SUPPRIMÃ ClÃ©: HKLM\SOFTWARE\WOW6432Node\Wondershare  [Wondershare  ]
SUPPRIMÃ ClÃ©: HKCU\SOFTWARE\Wondershare  [Wondershare  ]
ABSENT ClÃ©: HKU\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Wondershare 
SUPPRIMÃ Valeur : AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
ABSENT Valeur: HKEY_USERS\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run []
SUPPRIMÃ ClÃ©: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ FileSyncEx [ FileSyncEx]
SUPPRIMÃ Valeur: Wondershare Helper Compact.exe   [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
SUPPRIMÃ Valeur: AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
SUPPRIMÃ Valeur: AvastBrowserAutoLaunch_261B3FBC3687CEB392319CABD77CAAEB [HKEY_USERS\S-1-5-21-2409110266-3714157966-41505699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]


---\\  COMMANDE.  (2)
~ EmptyPrefetch: Fichiers Prefetcher supprimÃ©s (179)
~ EmptyCSID: Dossiers CLSID vides supprimÃ©s  (0)


---\\  NON TRAITÃ.  (1)
[MD5.DB67E9196605D61D8278E5278777C71F] - (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216] [PID.8612]  

~ Le systÃ¨me a Ã©tÃ© redÃ©marrÃ©.

***** ~ Fin de rapport terminÃ© en 39mn21s