

Script ZHPFix
[MD5.00000000000000000000000000000000] [APT] [SMW_UpdateTask_Time_313936323630323437302d5537375a346c2d3232345b41] (...) -- C:\ProgramData\SearchModule\smhe.js" smu.exe (.not file.)   [324224] (.Activate.)
O4 - HKCU\..\Run: [-t0CN+Ibk&.exe] . (.Copyright Â© 2016 - .) -- C:\Users\guebe\AppData\Local\Temp\{fcd-3b-79-5d449-abb73-3701-6132b}\-t0CN+Ibk&.exe
O4 - HKCU\..\Run: [B&ZlnG_u5U.exe] . (.dshgghsd - .) -- C:\Users\guebe\AppData\Local\Temp\{fcd-3b-79-5d449-abb73-3701-6132b}\B&ZlnG_u5U.exe
O4 - HKUS\S-1-5-21-1021324154-1343330824-2002985297-1001\..\Run: [-t0CN+Ibk&.exe] . (.Copyright Â© 2016 - .) -- C:\Users\guebe\AppData\Local\Temp\{fcd-3b-79-5d449-abb73-3701-6132b}\-t0CN+Ibk&.exe
O4 - HKUS\S-1-5-21-1021324154-1343330824-2002985297-1001\..\Run: [B&ZlnG_u5U.exe] . (.dshgghsd - .) -- C:\Users\guebe\AppData\Local\Temp\{fcd-3b-79-5d449-abb73-3701-6132b}\B&ZlnG_u5U.exe
HKLM\SOFTWARE\Wow6432Node\34DFE1A552A411FFBEDA043E24178228  =>PUP.Optional.CrossRider
O39 - APT: AVG EUpdate Task - (...) -- C:\WINDOWS\System32\Tasks\AVG EUpdate Task  [324224]  (.Orphan.)  =>.Superfluous.Orphan
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbfnyn5r-srtqr4zpsplbkdkh6ceujkssdo-sjcvhigzdnm4g_reccsve6fwrzebcolfqmmnqrcpi31ydzbj3rxq2gz72domdt85gkgxkamnyqbs0j1fjidueprrg5ilxigi11qji6iyaqp9mdczmrwpblyaohuglujfzrr7dmknxw7uaidjgbruoqo&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer15.msn.com/  =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbfnyn5r-srtqr4zpsplbkdkh6ceujkssdo-sjcvhigzdnm4g_reccsve6fwrzebcolfqmmnqrcpi31ydzbj3rxq2gz72domdt85gkgxkamnyqbs0j1fjidueprrg5ilxigi11qji6iyaqp9mdczmrwpblyaohuglujfzrr7dmknxw7uaidjgbruoqo&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbfnyn5r-srtqr4zpsplbkdkh6ceujkssdo-sjcvhigzdnm4g_reccsve6fwrzebcolfqmmnqrcpi31ydzbj3rxq2gz72domdt85gkgxkamnyqbs0j1fjidueprrg5ilxigi11qji6iyaqp9mdczmrwpblyaohuglujfzrr7dmknxw7uaidjgbruoqo&q={searchterms}  =>.Superfluous.Linkury
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl,Default = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbfnyn5r-srtqr4zpsplbkdkh6ceujkssdo-sjcvhigzdnm4g_reccsve6fwrzebcolfqmmnqrcpi31ydzbj3rxq2gz72domdt85gkgxkamnyqbs0j1fjidueprrg5ilxigi11qji6iyaqp9mdczmrwpblyaohuglujfzrr7dmknxw7uaidjgbruoqo&q={searchterms}  =>.Superfluous.Linkury
R1 - HKEY_USERS\S-1-5-21-1021324154-1343330824-2002985297-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6f%6e%69%63-%73%65%61%72%63%68.%63%6f%6d/?p=mko_awfzxipyrahdgkbfnyn5r-srtqr4zpsplbkdkh6ceujkssdo-sjcvhigzdnm4g_reccsve6fwrzebcolfqmmnqrcpi31ydzbj3rxq2gz72domdt85gkgxkamnyqbs0j1fjidueprrg5ilxigi11qji6iyaqp9mdczmrwpblyaohuglujfzrr7dmknxw7uaidjgbruoqo&q={searchterms}  =>.Superfluous.Linkury
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan  =>.Microsoft Internet Explorer
HKLM\SOFTWARE\Wow6432Node\McAfee  =>.McAfee Inc.
HKCU\SOFTWARE\AVAST Software  =>.AVAST Software
HKCU\SOFTWARE\Chromium  =>.Chromium
O43 - CFD: 29/01/2017 - [] D -- C:\ProgramData\AVAST Software  =>.AVAST Software
O43 - CFD: 29/01/2017 - [] D -- C:\ProgramData\Avira  =>.Avira Software
O43 - CFD: 25/12/2015 - [] D -- C:\ProgramData\McAfee  =>.McAfee
O43 - CFD: 25/12/2015 - [] D -- C:\Program Files (x86)\Common Files\McAfee  =>.McAfee
O43 - CFD: 17/09/2016 - [] D -- C:\Users\guebe\AppData\Roaming\AVAST Software  =>.AVAST Software
O43 - CFD: 16/08/2016 - [] D -- C:\Users\guebe\AppData\Local\Chromium  =>.Chromium
O46 - SEH:ShellExecuteHooks - (no name) - [HKLM] [64Bits] - {17F3D7BA-DE42-11E6-B7E8-64006A5CFC23} . (...) --  (.not file.
O58 - SDL:2017/01/29 14:48:15 A . (.Auteurs - .) -- C:\WINDOWS\System32\drivers\NetUtils2016.sys   [324224]  =>.Superfluous.HDWallPaper
C:\WINDOWS\System32\drivers\NetUtils2016.sys  =>.Superfluous.HDWallPaper
FirewallRaz 
EmptyPrefetch 
EmptyTemp 
EmptyFlash