Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre : 
Run by ahmed at 01/02/2017 07:44:36 PM
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Recycle Bin emptied (08mn AMs)
Prefetcher emptied

========== Software ==========
ABSENT Uninstall Process: c:\program files\pc faster\5.1.0.0\uninstall.exe
ABSENT Uninstall Process: c:\program files\tencent\qqplayer\uninst.exe
ABSENT Uninstall Process: c:\progra~1\difx\344ea35f06a6ec55\dpinst32.exe
ABSENT Uninstall Process: c:\program files\avast software\avast\setup\instup.exe

========== Process memory ==========
REMOVES Reboot: Memory Process: C:\Program Files\Baidu Security\MoboMarket\1.2.8.4379\bas_helper.exe
REMOVES Reboot: Memory Process: C:\Program Files\AVAST Software\Avast\AvastSvc.exe
REMOVES Reboot: Memory Process: C:\Program Files\AVAST Software\Avast\afwServ.exe
REMOVES Reboot: Memory Process: C:\Program Files\AVAST Software\Avast\avastui.exe

========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu PC Faster 5.1.0.0]
REMOVES Logiciel Key: [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPlayer]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast]
REMOVES: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C935DDA0-269E-11E4-9235-78C81D5D46B0}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C935DDA0-269E-11E4-9235-78C81D5D46B0}
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
REMOVES: Service: BASSVC
REMOVES: Service: PCFasterSvc_{PCFaster_5.1.0.0}
REMOVES: HKLM\SOFTWARE\Baidu Security
REMOVES: HKLM\SOFTWARE\Baidu_Drp_pos
REMOVES: HKCU\SOFTWARE\Baidu
REMOVES: HKCU\SOFTWARE\yahoo
REMOVES:  StartupReg: Adobe Reader Speed Launcher
REMOVES:  StartupReg: avgnt
REMOVES:  StartupReg: IDMan
REMOVES:  StartupReg: Messenger (Yahoo!)
REMOVES:  StartupReg: RTHDCPL
REMOVES:  StartupReg: Skype
REMOVES:  StartupReg: SunJavaUpdateSched
REMOVES:  StartupReg: VNT
REMOVES: HKLM\SOFTWARE\ESET
REMOVES: HKCU\SOFTWARE\ESET
REMOVES: HKLM\SOFTWARE\Adguard
REMOVES: HKLM\SOFTWARE\BitDefender Parental Control
REMOVES:Â³ Service: avast! Antivirus
REMOVES:Â³ Service: avast! Firewall
REMOVES: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
REMOVES: [HKLM\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
REMOVES:Â³ HKLM\SOFTWARE\AVAST Software
REMOVES:Â³ HKCU\SOFTWARE\Avast Software
REMOVES: SearchScopes :{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9}

========== Registry values ==========
REMOVES: FirewallRaz (SP) : C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
REMOVES: FirewallRaz (SP) : D:\ÃÃ¡ÃÃÃ\New Folder\Moto GP3 by kudo kun + startimes\Moto GP 3 - By AllTypeHacks.exe
REMOVES: FirewallRaz (SP) : D:\ÃÃ¡ÃÃÃ\Moto GP3 by kudo kun + startimes\Moto GP 3 - By AllTypeHacks.exe
REMOVES: FirewallRaz (SP) : D:\ÃÃ¡ÃÃÃ\MotoGP2 by lmodni\motogp2_demo.exe
REMOVES: FirewallRaz (SP) : C:\Documents and Settings\ahmed\Local Settings\Application Data\Torch\Application\torch.exe
REMOVES: FirewallRaz (SP) : C:\Documents and Settings\ahmed\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe
REMOVES: FirewallRaz (SP) : C:\Documents and Settings\ahmed\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe
REMOVES: FirewallRaz (SP) : C:\Documents and Settings\ahmed\Local Settings\Temp\recinstalldl\RecInst.exe
REMOVES: FirewallRaz (SP) : C:\Documents and Settings\ahmed\Local Settings\Temp\nsz4DF.tmp\QQPCDetector.exe
REMOVES: FirewallRaz (SP) : C:\Documents and Settings\ahmed\Local Settings\Temp\nsl4E3.tmp\QQPCDetector.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Tencent\QQPlayer\QQDeskUpdate.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Tencent\QQPlayer\QQPlayer.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Tencent\QQPlayer\QPToolbox.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Tencent\QQPlayer\QPUp.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Common Files\Tencent\QQDownload\118\Tencentdl.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Tencent\QQPlayer\Statistics.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Tencent\QQPlayer\loader\QQLiveDownloader.exe
REMOVES: FirewallRaz (SP) : C:\Program Files\Tencent\QQPlayer\loader\QQPCDownload8880463.exe
REMOVES: FirewallRaz (DP) : C:\Documents and Settings\ahmed\Local Settings\Application Data\Torch\Application\torch.exe
REMOVES: FirewallRaz (DP) : C:\Documents and Settings\ahmed\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin.exe
REMOVES: FirewallRaz (DP) : C:\Documents and Settings\ahmed\Local Settings\Application Data\Torch\Plugins\Hola\hola_plugin_x64.exe
No value present in the exception of registry key (FirewallRaz)
REMOVES: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
REMOVES RunValue: Baidu PC Faster 5.1.0.0
REMOVES RunValue: Baidu PC Faster 4.0.0.0
REMOVES RunValue: Qsocial
REMOVES RunValue: AvastUI.exe

========== Preferences browser ==========
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://b.top4top.net
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://i.imgur.com
REMOVES Chrome Site: http://i.imgur.com
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://im67.gulfup.com
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://up.graaam.com
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://www.google-analytics.com
REMOVES Chrome Site: http://www.google-analytics.com
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
REMOVES Chrome Site: http://www.startimes.com
REMOVES Chrome Site: http://www.startimes.com
REMOVES Chrome Site: http://www.startimes.com
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://stats.g.doubleclick.net
NOW Chrome File: C:\Documents and Settings\ahmed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.google.com.eg

========== Folders ==========
Deletes temporary Windows (54)
REMOVES: C:\Program Files\Baidu Security
REMOVES: C:\Documents and Settings\All Users\Start Menu\Programs\Baidu PC Faster
REMOVES: C:\Documents and Settings\All Users\Application Data\Baidu
REMOVES: C:\Documents and Settings\All Users\Application Data\Baidu Security
REMOVES: C:\Documents and Settings\ahmed\Application Data\baidu
REMOVES: C:\Documents and Settings\ahmed\Application Data\Baidu Security
REMOVES: C:\Documents and Settings\ahmed\Start Menu\Programs\Baidu PC Faster
REMOVES: C:\WINDOWS\System32\Config\systemprofile\Start Menu\Programs\Baidu PC Faster
REMOVES: C:\Documents and Settings\ahmed\Application Data\QuickScan
REMOVES: C:\Documents and Settings\ahmed\Start Menu\Programs\QQPlayer
REMOVES: C:\Program Files\ESET
REMOVES: C:\Documents and Settings\ahmed\Application Data\ESET
REMOVES: C:\Documents and Settings\ahmed\Local Settings\Application Data\ESET
REMOVES: C:\Documents and Settings\All Users\Application Data\Adguard
REMOVES: C:\Documents and Settings\All Users\Application Data\BDLogging
REMOVES: C:\Program Files\Common Files\Bitdefender
REMOVES: C:\Documents and Settings\ahmed\Application Data\Yahoo!
REMOVES: C:\Program Files\Yahoo!
REMOVES Reboot:** C:\Program Files\AVAST Software
REMOVES: C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
REMOVES Reboot:** C:\Documents and Settings\All Users\Application Data\AVAST Software
REMOVES Reboot:** C:\Documents and Settings\ahmed\Application Data\AVAST Software

========== Files ==========
Deletes temporary Windows (245) (203,881,392 octets)
REMOVES: c:\windows\tasks\adobe flash player updater.job
REMOVES: c:\windows\tasks\avast emergency update.job
REMOVES: c:\windows\tasks\avast! emergency update.job
REMOVES: c:\windows\tasks\baidu pc faster update.job
REMOVES: c:\windows\tasks\googleupdatetaskmachinecore.job
REMOVES: c:\windows\tasks\googleupdatetaskmachineua.job
REMOVES: c:\windows\tasks\microsoft windows xp end of service notification logon.job
REMOVES: c:\windows\tasks\microsoft windows xp end of service notification monthly.job
REMOVES: c:\documents and settings\ahmed\my documents\downloads\qqplayer_setup_english.exe
REMOVES: c:\program files\baidu security\mobomarket\1.2.8.4379\bassvc.exe
REMOVES: c:\windows\system32\drivers\bhbase.sys
REMOVES: c:\windows\system32\drivers\bprotectex.sys
REMOVES: c:\program files\avast software\avast\avastsvc.exe
REMOVES: c:\program files\avast software\avast\afwserv.exe
REMOVES: c:\program files\avast software\avast\avastui.exe
REMOVES: c:\program files\avast software\avast\aswwebrepie.dll
REMOVES: c:\program files\avast software\avast\ashshell.dll
REMOVES Reboot: c:\program files\avast software\avast\ashshell.dll
REMOVES: c:\windows\system32\drivers\aswhwid.sys
REMOVES: c:\windows\system32\drivers\aswmonflt.sys
REMOVES: c:\windows\system32\drivers\aswndis.sys
REMOVES: c:\windows\system32\drivers\aswndis2.sys
REMOVES: c:\windows\system32\drivers\aswrdr.sys
REMOVES: c:\windows\system32\drivers\aswrvrt.sys
REMOVES: c:\windows\system32\drivers\aswsnx.sys
REMOVES: c:\windows\system32\drivers\aswsp.sys
REMOVES: c:\windows\system32\drivers\aswstmxp.sys
REMOVES: c:\windows\system32\drivers\aswtdi.sys
REMOVES: c:\windows\system32\drivers\aswvmm.sys

========== Other ==========
NON-TREATY [MD5.00000000000000000000000000000000] [APT] [Avast Emergency Update] (...) -- C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (.not file.) [0] (.Activate.)
NON-TREATY [MD5.8E06998A4ED01F1289D00F3EF0527409] - (.Baidu, Inc. - Baidu MoboMarket Service.) -- C:\Program Files\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe [208928] [PID.504]
NON-TREATY Read more at http://www.cjoint.com/c/GBbx7reeM56#zj6D7zHkXat5S6Ks.99


========== Summary ==========
4 : Process memory
31 : Registry keys
27 : Registry values
23 : Folders
30 : Files
4 : Software
20 : Preferences browser
3 : Other


End of clean in 17mn AMs

========== Path to file report ==========
C:\Documents and Settings\ahmed\Application Data\ZHP\ZHPFix[R1].txt - 01/02/2017 07:44:45 PM [10745]