~ ZHPFix v2021.3.5.284 by Nicolas Coolman (2021/03/05) ~ Run by cami4 (Administrator) (08/01/2023 18:51:16) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Certificate ZHPFix: Illegal ~ State version : Version OK ~ Report : C:\Users\cami4\OneDrive\Bureau\ZHPFix.txt ~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\ ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 22621) ---\\ SCRIPT DE L'UTILISATEUR. (25) start:: CloseProcesses: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-12-10] <==== ATTENTION (Pointe vers un fichier *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-12-10] <==== ATTENTION Task: {DEC35F17-4D2C-4A21-924B-0338581A2561} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Pas de fichier) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Pas de fichier) Task: {E5068A90-EF52-4966-B271-4ADC3DC8E0DE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Pas de fichier) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] CustomCLSID: HKU\S-1-5-21-3432772670-649158547-2544002816-1001_Classes\CLSID\{4B599490-B253-4667-868A-6D2EE7E75B27}\localserver32 -> "C:\Users\cami4\AppData\Local\Vivaldi\Application\5.5.2805.35\notification_helper.exe" => Pas de fichier CustomCLSID: HKU\S-1-5-21-3432772670-649158547-2544002816-1001_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> "C:\Program Files\InPixio\Photo Studio 11\PhotoStudioIPS11.exe" -ToastActivated => Pas de fichier ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> Pas de fichier AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [218] BHO: Pas de nom -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> Pas de fichier BHO-x32: Pas de nom -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> Pas de fichier HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PDFCreator.ShellContextMenu [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.ApplicationCompany [HKU\S-1-5-21-3432772670-649158547-2544002816-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.FriendlyAppName [HKU\S-1-5-21-3432772670-649158547-2544002816-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]:C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.ApplicationCompany End: ---\\ LOGICIEL. (0) ---\\ SERVICE. (0) ---\\ TÂCHE PLANIFIÉE. (0) ---\\ NAVIGATEUR INTERNET. (0) ---\\ EXPLORATEUR ( Dossiers, Fichiers ). (0) ---\\ REGISTRE ( Clés, Valeurs, Données ). (10) ABSENT Clé: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION ABSENT Clé: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION SUPPRIMÉ Clé: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} [{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] SUPPRIMÉ Clé: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} [{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] SUPPRIMÉ Clé: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} [{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}] SUPPRIMÉ Clé: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\PDFCreator.ShellContextMenu [PDFCreator.ShellContextMenu] SUPPRIMÉ Valeur: C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.FriendlyAppName [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] SUPPRIMÉ Valeur: C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.ApplicationCompany [HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] SUPPRIMÉ Valeur: C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.FriendlyAppName [HKU\S-1-5-21-3432772670-649158547-2544002816-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] SUPPRIMÉ Valeur: C:\Users\cami4\OneDrive\Bureau\FRST-OlderVersion\FRST64-2.1.exe.ApplicationCompany [HKU\S-1-5-21-3432772670-649158547-2544002816-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] ---\\ COMMANDE. (0) ---\\ NON TRAITÉ. (11) CloseProcesses: FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-12-10] <==== ATTENTION (Pointe vers un fichier *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-12-10] <==== ATTENTION S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys CustomCLSID: HKU\S-1-5-21-3432772670-649158547-2544002816-1001_Classes\CLSID\{4B599490-B253-4667-868A-6D2EE7E75B27}\localserver32 -> "C:\Users\cami4\AppData\Local\Vivaldi\Application\5.5.2805.35\notification_helper.exe" CustomCLSID: HKU\S-1-5-21-3432772670-649158547-2544002816-1001_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> "C:\Program Files\InPixio\Photo Studio 11\PhotoStudioIPS11.exe" -ToastActivated ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 BHO: Pas de nom -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> Pas de fichier BHO-x32: Pas de nom -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> Pas de fichier End: ***** ~ Fin de rapport terminé en 00h00mn09s