start::
CreateRestorePoint:
cmd: Net stop wuauserv
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\...\RunOnce: [ZHPCleaner_File1] => CMD /c DEL "C:\Users\Christian\AppData\Local\Microsoft\Edge\User Data\Default\History" /F /Q (Pas de fichier)
HKLM\...\RunOnce: [ZHPCleaner_Folder1] => CMD /c DEL "C:\Users\Christian\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data" /F /Q (Pas de fichier)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-391919261-1031863267-3254308310-1001\...\Run: [cp.exe] => C:\Users\CHRIST~1\AppData\Local\Temp\1000067001\cp.exe (Pas de fichier) <==== ATTENTION
HKU\S-1-5-21-391919261-1031863267-3254308310-1001\...\Run: [XRJNZC] => C:\ProgramData\pinterests\XRJNZC.exe\pinterests\XRJNZC.exe (Pas de fichier)
Task: {7E180693-99B8-4244-9A5F-AE963BE95905} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe  /SetSchedule false (Pas de fichier)
Task: {542E9BC6-A116-4986-B831-866DACE214C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  /taskrestart (Pas de fichier)
Task: {57308AF3-D33D-4694-9BCB-FD931CBC9D7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe  /send (Pas de fichier)
Task: {A2F90296-AD7A-43BE-B879-9325161F4080} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe  /u (Pas de fichier)
Task: {55EF3FF0-A590-46D9-BD56-8E883AD421AE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe  /SetTaskbarTask (Pas de fichier)
Task: {0022A7FC-F1CC-4F14-9F3C-5895A6D48E42} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe  /noreport (Pas de fichier)
Task: {7F0B33AA-2FFB-4A84-A482-8E5855CEE263} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-391919261-1031863267-3254308310-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (Pas de fichier)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [366488 2023-11-18] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\RunOnce: [ZHPCleaner] => C:\Users\Christian\AppData\Roaming\ZHP\ZHPCleaner.txt [4530 2023-11-27] () [Fichier non signé]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\119.0.6045.160\Installer\chrmstp.exe [2023-11-17] (Google LLC -> Google LLC)
Task: {7E5F52DA-28B7-488C-9A1D-7EE0CDC20C5C} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5043608 2023-11-18] (Avast Software s.r.o. -> AVAST Software)
Task: {A0F611F3-5DC3-4518-B322-111E6F1DA472} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-11-18] (Avast Software s.r.o. -> Avast Software)
Task: {8BCE2B30-6149-455A-8DBC-4A2334C72EB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-31] (Google LLC -> Google LLC)
Task: {FAFE9AED-9E4D-4BD3-BC30-58E9132CCA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-31] (Google LLC -> Google LLC)
Task: {237DBE80-0521-4B39-A5F4-1F7E2BF23961} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674208 2023-11-23] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {7FCBBFDF-3BC1-49EE-9C5B-3F192CB75B1E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-11-23] (Mozilla Corporation -> Mozilla Foundation)
FF Extension: (Pas de nom) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [non trouvé(e)]
FF Notifications: Mozilla\Firefox\Profiles\p6mqd273.default-release -> hxxps://web2.humanverification.co.in
FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.19 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
CHR DefaultSearchURL: Default -> hxxps://fr.search.yahoo.com/search?fr=mcafee&type=E210FR91082G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://fr.search.yahoo.com/sugg/gossip/gossip-fr-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
2022-06-01 11:02 - 2022-06-01 11:03 - 000979600 _____ () C:\Users\Christian\AppData\Roaming\AvidLink_Install.log
2023-11-10 20:22 - 2023-11-10 20:22 - 000000359 _____ () C:\Users\Christian\AppData\Local\wle.log
CustomCLSID: HKU\S-1-5-21-391919261-1031863267-3254308310-1001_Classes\CLSID\{1a329cc3-33e3-44c8-b51a-c64b07fc1e8a}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Pas de fichier
FirewallRules: [{387FFB82-7784-4CB9-A5DC-8E50472B2814}] => (Allow) C:\Program Files (x86)\iBoysoft Software\iBoysoft Data Recovery\iBoysoftDataRecovery.exe => Pas de fichier
FirewallRules: [{27A656A9-2663-42CA-9867-C5FC2F50F21D}] => (Allow) C:\Program Files (x86)\iBoysoft Software\iBoysoft Data Recovery\iBoysoftDataRecovery.exe => Pas de fichier
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
FirewallRules: [{D9963B84-EF43-4968-856D-ECBE8CFC2715}] => (Allow) LPort=57209
FirewallRules: [{7F2FE309-CE1E-497D-9B4C-6F3E83C15E4E}] => (Allow) LPort=57210
FirewallRules: [{788D9357-1814-40BF-9380-70506422119F}] => (Allow) LPort=57211
FirewallRules: [{8424F690-D210-4A9A-9BD7-11C26A42E7CC}] => (Allow) LPort=57212
FirewallRules: [{7DD951D1-1D07-4EC3-91F0-5D58E8A62E50}] => (Allow) LPort=57213
FirewallRules: [{8866043D-ABC2-457E-9A1A-E3936607E972}] => (Allow) LPort=57214
FirewallRules: [{0129DA58-02DC-4CC7-9525-E884342C204D}] => (Allow) LPort=57215
FirewallRules: [{A7AF93F5-3302-46C1-B1A2-36138EBC4F9C}] => (Allow) LPort=57216
FirewallRules: [{F94AE947-8035-4E56-9256-9033EB86FB5B}] => (Allow) LPort=57217
FirewallRules: [{A648A21E-202A-4029-BCA7-7C3D50002D02}] => (Allow) LPort=57218
FirewallRules: [{AC85D208-4594-416C-8717-BA78C9E71C9E}] => (Allow) LPort=57209
FirewallRules: [{EDA78B48-8BD5-4664-9F27-09AB765BF35C}] => (Allow) LPort=57210
FirewallRules: [{CCFE791A-7874-40C5-987E-4A4BD173D25C}] => (Allow) LPort=57211
FirewallRules: [{BBC95C95-3D87-44E1-BF63-35DF9AD3288C}] => (Allow) LPort=57212
FirewallRules: [{81C02DC6-1D87-4AFC-9F42-6284C962B007}] => (Allow) LPort=57213
FirewallRules: [{E1F95DF5-F7C0-435A-956C-1B7A60315DE3}] => (Allow) LPort=57214
FirewallRules: [{E5B19BFE-0115-499F-91D7-7E84E1266D5C}] => (Allow) LPort=57215
FirewallRules: [{C92F709F-F3BF-4611-8C3F-0398C8382F26}] => (Allow) LPort=57216
FirewallRules: [{99523C06-2DBB-4C47-A586-6C47B70E0108}] => (Allow) LPort=57217
FirewallRules: [{E3A9E9E4-7B66-47C2-8E16-D2EE9A83E525}] => (Allow) LPort=57218
FirewallRules: [{D957AC88-8CCA-4067-8113-CF0486F24E43}] => (Allow) LPort=23007
FirewallRules: [{D0CCC944-A467-4BB6-9C8D-2C02BA8A0543}] => (Allow) LPort=23008
FirewallRules: [{073B5BD8-56A8-4CE9-BBFC-95DFE79C61EF}] => (Allow) LPort=33009
FirewallRules: [{01A83F5F-F67E-4788-8919-6B4516AC457F}] => (Allow) LPort=33010
FirewallRules: [{A36A005F-69EA-44C8-A0EB-784753A221C8}] => (Allow) LPort=33011
FirewallRules: [{35853BA2-255D-4E74-9CD7-B6C28EB7BB90}] => (Allow) LPort=43012
FirewallRules: [{BDF39C23-3E97-4A92-8EAA-068FBCEED4F5}] => (Allow) LPort=43013
FirewallRules: [{88DC0FCB-4279-4A4D-8CA3-240157FA2B8C}] => (Allow) LPort=53014
FirewallRules: [{3B476D0F-4F3A-4DBD-93FB-9D585CA232C6}] => (Allow) LPort=53015
FirewallRules: [{46787264-742D-4BA7-8B75-1CC15239801D}] => (Allow) LPort=53016
FirewallRules: [{AD6C6091-375C-4426-A0C1-58D170FA0FAA}] => (Allow) LPort=23007
FirewallRules: [{46143075-54C3-440E-97EE-0B1B0CE48B5B}] => (Allow) LPort=23008
FirewallRules: [{86624069-FFDE-457E-BD19-3971F31092D7}] => (Allow) LPort=33009
FirewallRules: [{C7C2643B-DEEA-4D1E-B930-7595D3A1FD7C}] => (Allow) LPort=33010
FirewallRules: [{13D0170A-87E9-4FDA-925D-24E105327E1F}] => (Allow) LPort=33011
FirewallRules: [{DA879C82-1B42-43A6-AE77-F6039F4B6840}] => (Allow) LPort=43012
FirewallRules: [{DB4BCA87-04FB-4FED-B7E9-E3EAC681D827}] => (Allow) LPort=43013
FirewallRules: [{6C03665C-3A26-4220-9B11-892241216554}] => (Allow) LPort=53014
FirewallRules: [{74F9BAE2-6C53-4933-8CC2-8D1BAF425750}] => (Allow) LPort=53015
FirewallRules: [{2115DF5F-3203-4976-90B3-5AEC74A874C9}] => (Allow) LPort=53016
FirewallRules: [{CBD56618-2DC4-447C-9C18-3AB23D825999}] => (Allow) LPort=50053
FirewallRules: [{9CDDF100-C320-428A-A2A4-71890392FDB9}] => (Allow) LPort=50053
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrar Registry Manager\Registrar Registry Manager Command Line Edition Help.lnk 
C:\Users\Christian\Downloads\nobels odr-1 overdrive plugin [win].exe.lnk
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cp.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XRJNZC
DeleteValue: HKU\S-1-5-21-391919261-1031863267-3254308310-1001\\Software\Microsoft\Windows\CurrentVersion\Run|cp.exe]
DeleteValue: HKU\S-1-5-21-391919261-1031863267-3254308310-1001\\Software\Microsoft\Windows\CurrentVersion\Run|XRJNZC]
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_F2D0F7F831E29679DC9261B53F3BAA14
DeleteValue: HKEY_USERS\S-1-5-21-391919261-1031863267-3254308310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_F2D0F7F831E29679DC9261B53F3BAA14
C:\Users\CHRIST~1\AppData\Local\Temp\tmp-evh.xpi
C:\Users\Christian\AppData\Local\BitTorrentHelper
C:\Users\Christian\Downloads\uTorrent-3.5.5 build 45952.exe   
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Applogon
C:\ProgramData\Key-Base
DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}
DeleteKey: HKLM\SOFTWARE\Avast Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKCU\SOFTWARE\AVAST Software
DeleteKey: HKU\.DEFAULT\SOFTWARE\AVAST Software
DeleteKey: HKU\S-1-5-21-391919261-1031863267-3254308310-1001\SOFTWARE\AVAST Software
C:\Program Files (x86)\AVAST Software
C:\ProgramData\Avast Software
C:\Users\Christian\AppData\Local\Avast Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Wondershare
DeleteKey: HKCU\SOFTWARE\Wondershare
DeleteKey: HKU\S-1-5-21-391919261-1031863267-3254308310-1001\SOFTWARE\Wondershare
C:\Program Files\Wondershare
C:\ProgramData\Wondershare
C:\Users\Christian\AppData\Roaming\Wondershare
DeleteKey: HKCU\SOFTWARE\JavaSoft
DeleteKey: HKU\S-1-5-21-391919261-1031863267-3254308310-1001\SOFTWARE\JavaSoft
Comment: Les commandes suivantes supprimeront les fichiers temporaraires. 
C:\Windows\Temp\*.* 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\CurrentUserName\Appdata\Local\Temp\*.*
C:\Windows\SoftwareDistribution\Download\*
C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.*
Comment: La commande suivante videra les caches et historiques.
StartBatch:
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\*.*"
del /s /q "%userprofile%\AppData\LocalLow\Microsoft\CryptnetUrlCache\Metada\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\History\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*"
del /s /q "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.lnk"
For /D %%d In ("%userprofile%\AppData\Local\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
For /D %%d In ("%userprofile%\AppData\Local\Thunderbird\Profiles\*") Do (If Exist "%%d\Cache2" Del /s /q "%%d\Cache2\*.*")
For /D %%d In ("%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\*") Do (If Exist "%%d\Places.Sqlite" Del /s /q "%%d\Places.Sqlite")
del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\History"
del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\History"
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
netsh winsock reset
netsh advfirewall reset 
netsh advfirewall set allprofiles state on
netsh winhttp reset proxy
dism.exe /online /cleanup-image /restorehealth
sfc /scannow
Endbatch:
EmptyTemp:
EmptyEventLogs:
cmd: Net start wuauserv
Reboot:
end::