Script ZHPFix EmptyFlash EmptyTemp EmptyCLSID EmptyPrefetch CreateRestorePoint O38 - TASK: {4539C825-FA1D-41DF-A4E1-7654668F4C4E} [64Bits][\ASUS GIFTBOX Update Messenger] - (.SweetLabs, Inc - Update Messenger.) -- C:\Users\LAURENSOU Maryline\AppData\Local\ASUS GIFTBOX Update Messenger\UpdateMessenger.exe [13852016] C:\WINDOWS\System32\Tasks\ASUS GIFTBOX Update Messenger - (.SweetLabs, Inc.) -- C:\Users\LAURENSOU Maryline\AppData\Local\ASUS GIFTBOX Update Messenger\UpdateMessenger.exe [/task] O4 - HKCU\..\Run: [Spotify] . (. - .) -- --minimized. O4 - HKUS\S-1-5-21-1799551430-1866351647-204559004-1001\..\Run: [Spotify] . (. - .) -- --minimized. M0 - MFSP: prefs.js [LAURENSOU Maryline - lx1oavjr.default-1493552904355] http://defaultsearch.co/homepage? IE Restricted Site Good: webcompanion.com O4 - GS\sendTo [LAURENSOU Maryline]: Dropbox.lnk . (...) C:\Users\LAURENSOU Maryline\Dropbox [Unsigned] O4 - GS\Startup [LAURENSOU Maryline]: nssyncer.lnk . (...) C:\Users\LAURENSOU Maryline\AppData\Roaming\NCH Software\DrawPad\DpEditor.exe [Unsigned] [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion [HKEY_USERS\S-1-5-21-1799551430-1866351647-204559004-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion HKU\S-1-5-21-1799551430-1866351647-204559004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com HKCU\Software\Lavasoft\Web Companion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion HKLM\SOFTWARE\Lavasoft\Web Companion HKLM\SOFTWARE\WOW6432Node\Social2S Browser Enhancer O69 - SBI: prefs.js [LAURENSOU Maryline - lx1oavjr.default-1493552904355] user_pref("browser.newtab.url", "https://defaultsearch.co/homepage?hp=1&pId=BT170702&iDate=2020-03-11 12:15:46&bName=&bitmask=0600[...] O69 - SBI: prefs.js [LAURENSOU Maryline - lx1oavjr.default-1493552904355] user_pref("browser.newtabpage.url", "https://defaultsearch.co/homepage?hp=1&pId=BT170702&iDate=2020-03-11 12:15:46&bName=&bitmask=[...] O69 - SBI: prefs.js [LAURENSOU Maryline - lx1oavjr.default-1493552904355] user_pref("browser.startup.homepage", "https://defaultsearch.co/homepage?hp=1&pId=BT170702&iDate=2020-03-11 12:15:46&bName=&bitmas[...] C:\Users\LAURENSOU Maryline\AppData\Local\ASUS GIFTBOX Update Messenger\UpdateMessenger.exe C:\WINDOWS\System32\Tasks\ASUS GIFTBOX Update Messenger C:\Users\LAURENSOU Maryline\AppData\Local\FileViewPro C:\users\laurensou maryline\appdata\roaming\settings\settings.exe [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:TCP Query User{68A70362-1FB3-4941-A6FA-FEAEF4812AA5}C:\users\laurensou maryline\appdata\roaming\settings\settings.exe [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:UDP Query User{5703FC66-738E-4BF2-9698-1629F78CA8E7}C:\users\laurensou maryline\appdata\roaming\settings\settings.exe [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:TCP Query User{7246994D-07D9-46EF-B6F9-7241CCD0D23C}C:\users\laurensou maryline\appdata\roaming\settings\settings.exe [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:UDP Query User{B0356F27-7773-473E-96BA-CED4C3D5D0BA}C:\users\laurensou maryline\appdata\roaming\settings\settings.exe ADS Présent [:com.dropbox.attrs] C:\Users\LAURENSOU Maryline\Desktop\Avoirs.xlsx:com.dropbox.attrs ADS Présent [:com.dropbox.attrs] C:\Users\LAURENSOU Maryline\Desktop\BitTorrent.lnk:com.dropbox.attrs ADS Présent [:com.dropbox.attrs] C:\Users\LAURENSOU Maryline\Desktop\myCANAL.lnk:com.dropbox.attrs ADS Présent [:com.dropbox.attrs] C:\Users\LAURENSOU Maryline\Documents\Default.rdp:com.dropbox.attrs ADS Présent [:com.dropbox.attrs] C:\Users\LAURENSOU Maryline\Documents\desktop (Nouveau).ini:com.dropbox.attrs HKU\S-1-5-21-1799551430-1866351647-204559004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com HKCU\Software\Lavasoft\Web Companion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion HKLM\SOFTWARE\Lavasoft\Web Companion [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\ProgramData\Package Cache\{51fea8cc-5bb6-4312-86f5-1802a10e030d}\hubiC-installer.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\ProgramData\Package Cache\{51fea8cc-5bb6-4312-86f5-1802a10e030d}\hubiC-installer.exe.ApplicationCompany [HKU\S-1-5-21-1799551430-1866351647-204559004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\ProgramData\Package Cache\{51fea8cc-5bb6-4312-86f5-1802a10e030d}\hubiC-installer.exe.FriendlyAppName [HKU\S-1-5-21-1799551430-1866351647-204559004-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\ProgramData\Package Cache\{51fea8cc-5bb6-4312-86f5-1802a10e030d}\hubiC-installer.exe.ApplicationCompany C:\Users\LAURENSOU Maryline\AppData\Local\Google\Update C:\Users\LAURENSOU Maryline\AppData\Roaming\Lavasoft\Web Companion C:\Program Files (x86)\Microsoft Toolkit Final C:\ProgramData\Microsoft Toolkit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion O4 - GS\Desktop [LAURENSOU Maryline]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O4 - GS\Quicklaunch [LAURENSOU Maryline]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O42 - Logiciel: BitTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- BitTorrent HKCU\SOFTWARE\BitTorrent HKCU\SOFTWARE\BitTorrentPersist HKU\S-1-5-21-1799551430-1866351647-204559004-1001\SOFTWARE\BitTorrent HKU\S-1-5-21-1799551430-1866351647-204559004-1001\SOFTWARE\BitTorrentPersist O43 - CFD: 12/08/2021 - [] D -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent O43 - CFD: 05/08/2021 - [] D -- C:\Users\LAURENSOU Maryline\AppData\Local\BitTorrentHelper O87 - FAEL: "{F58901DE-84E2-4345-8561-F110A88C3E37}" [In-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O87 - FAEL: "{41AE379B-59E5-41FE-842E-B2258C27CCF3}" [In-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O87 - FAEL: "{D6C69AEA-C326-4380-B125-9CAD8604BF86}" [Out-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O87 - FAEL: "{4857957C-189C-41D4-8C5C-831A197BB60F}" [In-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O87 - FAEL: "{07F9CDE4-9677-46FD-8D89-9D8518AD7A10}" [In-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O87 - FAEL: "{53F710F5-AD65-417F-802E-940014748FFA}" [In-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O87 - FAEL: "{AEA386C4-41E8-4E73-BCBD-7F8A64B2BCEE}" [Out-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe O87 - FAEL: "{EF27492A-279B-47AA-84DA-60FD9DBCA883}" [In-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe [6F13BCD50963D2F309439E37FD459C7C] [18/07/2021] (.BitTorrent Inc.) - C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion =>PUP.Optional.LavasoftWebCompanion \Windows\CurrentVersion\Explorer\StartupApproved\Run]:Web Companion =>PUP.Optional.LavasoftWebCompanion HKU\S-1-5-21-1799551430-1866351647-204559004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com =>PUP.Optional.LavasoftWebCompanion HKCU\Software\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com =>PUP.Optional.LavasoftWebCompanion HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion HKLM\SOFTWARE\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion HKLM\SOFTWARE\WOW6432Node\Lavasoft =>.Lavasoft HKCU\SOFTWARE\Lavasoft =>.Lavasoft HKU\S-1-5-21-1799551430-1866351647-204559004-1001\SOFTWARE\Lavasoft =>.Lavasoft O43 - CFD: 09/01/2022 - [0] D -- C:\Program Files (x86)\Lavasoft =>.Lavasoft O43 - CFD: 12/08/2017 - [0] D -- C:\Program Files (x86)\McAfee =>.McAfee O43 - CFD: 10/08/2020 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft =>.Lavasoft O43 - CFD: 09/01/2022 - [0] D -- C:\ProgramData\Lavasoft =>.Lavasoft O43 - CFD: 10/08/2017 - [] D -- C:\ProgramData\McAfee =>.McAfee O43 - CFD: 11/03/2020 - [] D -- C:\Users\LAURENSOU Maryline\AppData\Roaming\Lavasoft =>.Lavasoft O43 - CFD: 11/03/2020 - [] D -- C:\Users\LAURENSOU Maryline\AppData\Local\Lavasoft =>.Lavasoft HKU\S-1-5-21-1799551430-1866351647-204559004-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com =>PUP.Optional.LavasoftWebCompanion HKCU\Software\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com =>PUP.Optional.LavasoftWebCompanion HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion HKLM\SOFTWARE\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion C:\Users\LAURENSOU Maryline\AppData\Roaming\Lavasoft\Web Companion =>PUP.Optional.LavasoftWebCompanion C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>BitTorrent (P2P) O23 - Service: Intel Security True Key (TrueKey) . (.McAfee, Inc. - Intel Security True Key.) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe =>.McAfee, Inc.® O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) . (.McAfee, Inc. - Intel Security True Key.) - C:\Program Files\TrueKey\McTkSchedulerService.exe =>.McAfee, Inc.® O23 - Service: Intel Security True Key Helper Service (TrueKeyServiceHelper) . (.McAfee, Inc. - McAfee TrueKey Service helper EXE.) - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe =>.McAfee, Inc.® SR - Auto [26/06/2017] [ 1001920] Intel Security True Key (TrueKey) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe =>.McAfee, Inc.® SR - Auto [26/06/2017] [ 16928] Intel Security True Key Scheduler (TrueKeyScheduler) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McTkSchedulerService.exe =>.McAfee, Inc.® SR - Auto [26/06/2017] [ 87760] Intel Security True Key Helper Service (TrueKeyServiceHelper) . (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe =>.McAfee, Inc.® [MD5.767F4524AEA2EDE58DC21F653EEAA02F] - (.McAfee, Inc. - Intel Security True Key.) -- C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920] [PID.4412] =>.McAfee, Inc.® [MD5.263C411EC7DDD052B23A0F191F0E1E9A] - (.McAfee, Inc. - Intel Security True Key.) -- C:\Program Files\TrueKey\McTkSchedulerService.exe [16928] [PID.4468] =>.McAfee, Inc.® [MD5.7E64AE41715FF49D37149C32A2FB068C] - (.McAfee, Inc. - McAfee TrueKey Service helper EXE.) -- C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760] [PID.4488] =>.McAfee, Inc.® [MD5.27CE6F7CC0FA431DAD8CE501245CB02A] - (.McAfee, Inc. - Intel Security True Key.) -- C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe [105752] [PID.8292] =>.McAfee, Inc.® O2 - BHO: True Key Helper [64Bits] - {0F4B8786-5502-4803-8EBC-F652A1153BB6} . (.Intel Security - True Key Internet Explorer Extension.) -- C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll =>.McAfee, Inc.® O42 - Logiciel: Intel Security True Key - (.Intel Security.) [HKLM][64Bits] -- TrueKey =>.McAfee, Inc.® HKLM\SOFTWARE\McAfee.com =>.McAfee Inc. HKLM\SOFTWARE\McAfee =>.McAfee Inc. HKLM\SOFTWARE\WOW6432Node\McAfee =>.McAfee Inc. HKLM\SOFTWARE\WOW6432Node\McAfee.com =>.McAfee Inc. HKU\.DEFAULT\SOFTWARE\McAfee =>.McAfee Inc. O43 - CFD: 17/10/2016 - [] D -- C:\Program Files (x86)\Common Files\McAfee =>.McAfee [0732A8F76CAB52571E0277593B1DB3A5] [26/06/2017] (.McAfee, Inc..) - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll =>.McAfee, Inc. [0732A8F76CAB52571E0277593B1DB3A5] [26/06/2017] (.McAfee, Inc..) - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll =>.McAfee, Inc. [6385A608FBD858EB4471A022CCE76B8F] [26/06/2017] (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe =>.McAfee, Inc. [6385A608FBD858EB4471A022CCE76B8F] [26/06/2017] (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe =>.McAfee, Inc. [6385A608FBD858EB4471A022CCE76B8F] [26/06/2017] (.McAfee, Inc..) - C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe =>.McAfee, Inc. [6385A608FBD858EB4471A022CCE76B8F] [26/06/2017] (.McAfee, Inc..) - C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe =>.McAfee, Inc. [6385A608FBD858EB4471A022CCE76B8F] [26/06/2017] (.McAfee, Inc..) - C:\Program Files\TrueKey\McTkSchedulerService.exe =>.McAfee, Inc. O4 - GS\Desktop [LAURENSOU Maryline]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O4 - GS\Quicklaunch [LAURENSOU Maryline]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O42 - Logiciel: BitTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- BitTorrent =>BitTorrent (P2P) HKCU\SOFTWARE\BitTorrent =>.BitTorrent (P2P) HKCU\SOFTWARE\BitTorrentPersist HKU\S-1-5-21-1799551430-1866351647-204559004-1001\SOFTWARE\BitTorrent =>.BitTorrent (P2P) HKU\S-1-5-21-1799551430-1866351647-204559004-1001\SOFTWARE\BitTorrentPersist O43 - CFD: 12/08/2021 - [] D -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent O43 - CFD: 05/08/2021 - [] D -- C:\Users\LAURENSOU Maryline\AppData\Local\BitTorrentHelper O87 - FAEL: "{F58901DE-84E2-4345-8561-F110A88C3E37}" [In-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O87 - FAEL: "{41AE379B-59E5-41FE-842E-B2258C27CCF3}" [In-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O87 - FAEL: "{D6C69AEA-C326-4380-B125-9CAD8604BF86}" [Out-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming \BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O87 - FAEL: "{4857957C-189C-41D4-8C5C-831A197BB60F}" [In-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O87 - FAEL: "{07F9CDE4-9677-46FD-8D89-9D8518AD7A10}" [In-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O87 - FAEL: "{53F710F5-AD65-417F-802E-940014748FFA}" [In-None-P17-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O87 - FAEL: "{AEA386C4-41E8-4E73-BCBD-7F8A64B2BCEE}" [Out-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) O87 - FAEL: "{EF27492A-279B-47AA-84DA-60FD9DBCA883}" [In-None-P6-TRUE] .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P) ADS Présent [:com.dropbox.attrs] C:\Users\LAURENSOU Maryline\Desktop\BitTorrent.lnk:com.dropbox.attrs =>.SUP.FileADS [6F13BCD50963D2F309439E37FD459C7C] [18/07/2021] (.BitTorrent Inc.) - C:\Users\LAURENSOU Maryline\AppData\Roaming\BitTorrent\BitTorrent.exe =>BitTorrent (P2P)