~ ZHPFix v2021.4.24.292 by Nicolas Coolman (2021/04/24) ~ Run by François (Administrator) (01/05/2021 15:18:01) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Report : C:\Users\François\Desktop\ZHPFix.txt ~ Quarantine : HKCU\SOFTWARE\ZHP\ZHPFix\Quarantine\ ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 19041) ---\\ SCRIPT DE L'UTILISATEUR. (89) Script ZHPFix CreateRestorePoint OPT:O4 - HKUS\S-1-5-21-3013798796-1205852533-1603031028-1001\..\Run: [CCleaner Smart Cleaning] . (.Piriform Software Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Software Ltd® OPT:O4 - HKCU\..\Run: [CCleaner Smart Cleaning] . (.Piriform Software Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Software Ltd® [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:TCP Query User{1707EA0A-A0A9-4BCF-A0EE-70CDF78C5C04}C:\program files (x86)\deluge\deluge.exe" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:UDP Query User{17B63838-2F4B-4465-A422-8531182ED703}C:\program files (x86)\deluge\deluge.exe" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:{12396CF5-E6B2-48CC-95C0-5CF65FC7B772}" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:{5A6B3E36-AB91-47DD-9A1B-B285D4BA79B1}" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules]:{B7458C77-9C20-4837-ABEA-88A0416D3780}" C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\File System\000 HKCU\SOFTWARE\BitTorrent HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\BitTorrent C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge C:\Users\François\AppData\Roaming\deluge C:\Users\François\AppData\Roaming\uTorrent HKLM\SOFTWARE\Software [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]:AvastUI.exe HKLM\SOFTWARE\WOW6432Node\AVAST Software HKCU\SOFTWARE\AvastAdSDK HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\AvastAdSDK HKLM\SYSTEM\CurrentControlSet\Services\AntivirProtectedService) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B257F90E-F8B0-4D1B-8723-3A1B526D89E6[ C:\Windows\System32\Tasks\Avira_Antivirus_Systray] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh C:\Users\François\AppData\Roaming\Mozilla\Firefox\Profiles\qdLDiHJn.default\extensions\abs@avira.com [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]:Avira SystrayStartTrigger [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]:avgnt [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]:Avira System Speedup User Starter HKLM\SOFTWARE\WOW6432Node\Avira HKLM\SOFTWARE\WOW6432Node\X-AVCSD HKCU\SOFTWARE\Avira HKU\.DEFAULT\SOFTWARE\AviraSpeedup HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\Avira C:\Program Files (x86)\Avira C:\ProgramData\Avira C:\Users\François\AppData\Local\Avira HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Shell Extension for Malware scanning HKLM\Software\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} HKLM\Software\WOW6432Node\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} C:\Program Files (x86)\Avira\Antivirus\shlext64.dll HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Shell Extension for Malware scanning HKLM\Software\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} HKLM\Software\WOW6432Node\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} C:\WINDOWS\System32\drivers\avdevprot.sys C:\WINDOWS\System32\drivers\avelam.sys C:\WINDOWS\System32\drivers\avgntflt.sys C:\WINDOWS\System32\drivers\avipbb.sys C:\WINDOWS\System32\drivers\avkmgr.sys C:\WINDOWS\System32\drivers\avnetflt.sys C:\WINDOWS\System32\drivers\avusbflt.sys HKLM\SOFTWARE\WOW6432Node\Norton HKLM\SOFTWARE\WOW6432Node\Symantec C:\Program Files (x86)\SymSilent C:\ProgramData\Norton [66660552D465B31F429F7527EA6A93BF] [06/11/2014] (.Symantec Corporation.) - C:\Program Files (x86)\SymSilent\SymSilent.exe HKLM\SOFTWARE\WOW6432Node\SOSVirus HKCU\SOFTWARE\yahooinstall HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\yahooinstall [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]:YahooMusicEngine.exe HKU\.DEFAULT\SOFTWARE\JavaSoft C:\Program Files (x86)\Spybot - Search & Destroy 2 cmd: ipconfig /flushdns cmd: netsh winsock reset Cmd: netsh advfirewall reset Cmd: Netsh advfirewall set allprofiles state on cmd: dism.exe /online /cleanup-image /restorehealth cmd: sfc /scannow EmptyCLSID EmptyFlash EmptyTemp EmptyTracing EmptyPrefetch EmptyProxy EmptyRecycle WinsockFix Fin ---\\ LOGICIEL. (0) ---\\ SERVICE. (0) ---\\ TÂCHE PLANIFIÉE. (0) ---\\ NAVIGATEUR INTERNET. (0) ---\\ EXPLORATEUR ( Dossiers, Fichiers ). (27) SUPPRIMÉ Dossier : C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\File System\000 SUPPRIMÉ Dossier : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge SUPPRIMÉ Dossier : C:\Users\François\AppData\Roaming\deluge SUPPRIMÉ Dossier : C:\Users\François\AppData\Roaming\uTorrent DEPLACÉ Fichier : C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe SUPPRIMÉ Dossier : C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll SUPPRIMÉ Dossier : C:\Users\François\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh SUPPRIMÉ Dossier : C:\Users\François\AppData\Roaming\Mozilla\Firefox\Profiles\qdLDiHJn.default\extensions\abs@avira.com REFUSÉ Dossier : C:\Program Files (x86)\Avira SUPPRIMÉ Dossier : C:\ProgramData\Avira SUPPRIMÉ Dossier : C:\Users\François\AppData\Local\Avira DEPLACÉ Fichier : C:\Program Files (x86)\Avira\Antivirus\shlext64.dll SUPPRIMÉ Dossier : C:\Program Files (x86)\SymSilent SUPPRIMÉ Dossier : C:\ProgramData\Norton SUPPRIMÉ Dossier : C:\Program Files (x86)\Spybot - Search & Destroy 2 DEPLACÉ Fichier Temp: C:\Users\FRANOI~1\AppData\Local\Temp\AdobeARM.log DEPLACÉ Fichier Temp: C:\Users\FRANOI~1\AppData\Local\Temp\aria-debug-8512.log DEPLACÉ Fichier Temp: C:\Users\FRANOI~1\AppData\Local\Temp\StructuredQuery.log DEPLACÉ Fichier Temp: C:\Users\FRANOI~1\AppData\Local\Temp\TWAIN.LOG SUPPRIMÉ Redémarrage Fichier Temp^: C:\Users\FRANOI~1\AppData\Local\Temp\2e4b5d20-cc87-4f2b-b30c-13f2022df55a.tmp SUPPRIMÉ Redémarrage Fichier Temp^: C:\Users\FRANOI~1\AppData\Local\Temp\49068866-5b78-44a1-b841-108c3d351ad5.tmp SUPPRIMÉ Redémarrage Fichier Temp^: C:\Users\FRANOI~1\AppData\Local\Temp\577111ba-94be-47a3-93cf-7e841d478ef8.tmp SUPPRIMÉ Redémarrage Fichier Temp^: C:\Users\FRANOI~1\AppData\Local\Temp\b59bed89-165b-4c35-90a6-e79a40a6059a.tmp SUPPRIMÉ Redémarrage Fichier Temp^: C:\Users\FRANOI~1\AppData\Local\Temp\is-0QNP1.tmp SUPPRIMÉ Redémarrage Fichier Temp^: C:\Users\FRANOI~1\AppData\Local\Temp\is-OGTL4.tmp SUPPRIMÉ Redémarrage Fichier Temp^: C:\Users\FRANOI~1\AppData\Local\Temp\RDR32C2.tmp DEPLACÉ Fichier Temp: C:\Users\FRANOI~1\AppData\Local\Temp\wctBED6.tmp ---\\ REGISTRE ( Clés, Valeurs, Données ). (40) SUPPRIMÉ Valeur Run: CCleaner Smart Cleaning [HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] ABSENT Valeur Run: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [C:\Program Files\CCleaner\CCleaner64.exe ] ABSENT Valeur: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules [] SUPPRIMÉ Clé: HKCU\SOFTWARE\BitTorrent [BitTorrent] ABSENT Clé: HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\BitTorrent ABSENT Clé: HKLM\SOFTWARE\Software ABSENT Valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [] SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\AVAST Software [AVAST Software] SUPPRIMÉ Clé: HKCU\SOFTWARE\AvastAdSDK [AvastAdSDK] ABSENT Clé: HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\AvastAdSDK ABSENT Clé: HKLM\SYSTEM\CurrentControlSet\Services\AntivirProtectedService) ABSENT Clé: HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B257F90E-F8B0-4D1B-8723-3A1B526D89E6[ ABSENT Valeur: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [] SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\Avira [Avira] SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\X-AVCSD [X-AVCSD] SUPPRIMÉ Clé: HKCU\SOFTWARE\Avira [Avira] SUPPRIMÉ Clé: HKU\.DEFAULT\SOFTWARE\AviraSpeedup [AviraSpeedup] ABSENT Clé: HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\Avira SUPPRIMÉ Clé: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Shell Extension for Malware scanning [Shell Extension for Malware scanning ] ABSENT Clé: HKLM\Software\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} ABSENT Clé: HKLM\Software\WOW6432Node\Classes\CLSID\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} SUPPRIMÉ Clé: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Shell Extension for Malware scanning [Shell Extension for Malware scanning ] SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\Norton [Norton] SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\Symantec [Symantec] SUPPRIMÉ Clé: HKLM\SOFTWARE\WOW6432Node\SOSVirus [SOSVirus] SUPPRIMÉ Clé: HKCU\SOFTWARE\yahooinstall [yahooinstall] ABSENT Clé: HKU\S-1-5-21-3013798796-1205852533-1603031028-1001\SOFTWARE\yahooinstall SUPPRIMÉ Valeur : YahooMusicEngine.exe [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] SUPPRIMÉ Clé: HKU\.DEFAULT\SOFTWARE\JavaSoft [JavaSoft] ~ EmptyProxy: Aucune modification. SUPPRIMÉ Valeur: TCP Query User{1707EA0A-A0A9-4BCF-A0EE-70CDF78C5C04}C:\program files (x86)\deluge\deluge.exe" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules] SUPPRIMÉ Valeur: UDP Query User{17B63838-2F4B-4465-A422-8531182ED703}C:\program files (x86)\deluge\deluge.exe" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules] SUPPRIMÉ Valeur: {12396CF5-E6B2-48CC-95C0-5CF65FC7B772}" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules] SUPPRIMÉ Valeur: {5A6B3E36-AB91-47DD-9A1B-B285D4BA79B1}" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules] SUPPRIMÉ Valeur: {B7458C77-9C20-4837-ABEA-88A0416D3780}" [HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules] SUPPRIMÉ Valeur: AvastUI.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] SUPPRIMÉ Valeur: Avira SystrayStartTrigger [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] SUPPRIMÉ Valeur: avgnt [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] SUPPRIMÉ Valeur: Avira System Speedup User Starter [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] SUPPRIMÉ Valeur: YahooMusicEngine.exe [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] ---\\ COMMANDE. (14) CreateRestorePoint: OK ~ Command spéciale exécutée avec succès: ipconfig /flushdns ~ Command spéciale exécutée avec succès: netsh winsock reset ~ Command spéciale exécutée avec succès: netsh advfirewall reset ~ Command spéciale exécutée avec succès: Netsh advfirewall set allprofiles state on ~ Command spéciale exécutée avec succès: dism.exe /online /cleanup-image /restorehealth ~ Command spéciale exécutée avec succès: sfc /scannow ~ EmptyCSID: Dossiers CLSID vides supprimés (0) ~ EmptyFlash: Dossier FlashPlayer vide. ~ EmptyTemp: Dossier Local temp partiellement vidé (12) ~ EmptyTracing: Clés tracing supprimées (7) ~ EmptyPrefetch: Fichiers Prefetcher supprimés (431) ~ EmptyRecycle: Corbeille vide. ~ Command spéciale exécutée avec succès: Winsock ---\\ NON TRAITÉ. (1) [66660552D465B31F429F7527EA6A93BF] [06/11/2014] (.Symantec Corporation.) - C:\Program Files (x86)\SymSilent\SymSilent.exe ~ Le système a été redémarré. ***** ~ Fin de rapport terminé en 00mn00s