Script ZHPFix [MD5.00000000000000000000000000000000] [APT] [YourFile DownloaderUpdate] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader O42 - Logiciel: MovieDownloader - (.1clickmoviedownloader.com.) [HKLM][64Bits] -- 1ClickDownload =>PUP.1ClickDownloader [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\AppDataLow\Software\Smart Suggestor] =>Adware.SmartSuggestor [HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\WeDlMngr] =>PUP.weDownloadManager [HKCU\Software\YourFileDownloader] [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Wow6432Node\Vittalia] =>Adware.Vittalia [HKLM\Software\Wow6432Node\YourFileDownloader] O43 - CFD: 2014-04-24 - 10:33:08 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma O43 - CFD: 2014-04-17 - 09:49:59 - [] ----D C:\ProgramData\ParetoLogic =>PUP.Paretologic O43 - CFD: 2013-01-06 - 01:03:29 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma O43 - CFD: 2013-10-25 - 00:44:36 - [] ----D C:\Users\win7\AppData\Roaming\DriverCure =>PUP.DriverCure O43 - CFD: 2012-09-20 - 12:12:27 - [] ----D C:\Users\win7\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 2013-10-25 - 00:44:36 - [] ----D C:\Users\win7\AppData\Roaming\ParetoLogic =>PUP.Paretologic O43 - CFD: 2013-03-04 - 21:25:09 - [0] ----D C:\Users\win7\AppData\Roaming\YourFileDownloader O43 - CFD: 2013-12-21 - 00:31:19 - [] ----D C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine O51 - MPSK:{22211d6f-fe94-11e1-90e0-806e6f6e6963}\AutoRun\command. (...) -- D:\Bin\ASSETUP.exe (.not file.) O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com =>Spyware.VMNToolbar [MD5.B9DD25E962EBAF270D77820FD0B02781] [WIS][2014-02-20] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\12d4c.msi [813568] =>Adware.Bandoo HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\1ClickDownloader_RASAPI32 =>PUP.1ClickDownloader HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\1ClickDownloader_RASMANCS =>PUP.1ClickDownloader HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASAPI32 =>Adware.MegaSearch HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASMANCS =>Adware.MegaSearch HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBetterBrowse_RASAPI32 =>PUP.BetterBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBetterBrowse_RASMANCS =>PUP.BetterBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBetterBrowse_RASAPI32 =>PUP.BetterBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBetterBrowse_RASMANCS =>PUP.BetterBrowse HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-10B0_RASAPI32 =>Adware.Yontoo HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-10B0_RASMANCS =>Adware.Yontoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader^ [HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco] =>PUP.1ClickDownloader [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader [HKLM\Software\Classes\oneclick] =>PUP.1ClickDownloader [HKLM\Software\Classes\oneclickmg] =>PUP.1ClickDownloader [HKLM\Software\Classes\1ClicktorrentFile] =>PUP.1ClickDownloader [HKLM\Software\Classes\1ClicktorrentFile1] =>PUP.1ClickDownloader [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic C:\ProgramData\InstallMate =>PUP.Tarma^ C:\ProgramData\ParetoLogic =>PUP.Paretologic^ C:\ProgramData\Tarma Installer =>PUP.Tarma^ C:\Users\win7\AppData\Roaming\DriverCure =>PUP.DriverCure^ C:\Users\win7\AppData\Roaming\OpenCandy =>Adware.OpenCandy^ C:\Users\win7\AppData\Roaming\ParetoLogic =>PUP.Paretologic^ C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine^ C:\Users\win7\AppData\Roaming\yourfiledownloader =>PUP.YourFileDownloader [HKCU\Software\AppDataLow\Software\Smart Suggestor] =>Adware.SmartSuggestor^ [HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar^ [HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^ [HKLM\Software\Wow6432Node\Vittalia] =>Adware.Vittalia^ C:\Windows\Installer\12d4c.msi =>Adware.Bandoo^ [MD5.00000000000000000000000000000000] [APT] [{0ED77AF1-E39B-43D8-8F44-7CF93C323DA8}] (...) -- J:\install.exe (.not file.) [0] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 [MD5.4B96654025B28EEB1E5D8F001E5D1B8A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160] [PID.2632] =>Toolbar.Ask [MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.1792] =>Toolbar.Ask R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com O2 - BHO: Avira SearchFree Toolbar BHO [64Bits] - {41564952-412D-5637-4300-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (.not file.) =>Toolbar.Avira O2 - BHO: Avira SearchFree Toolbar [64Bits] - {41564952-412D-5637-4300-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (.not file.) =>Toolbar.Avira O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask O42 - Logiciel: Avira SearchFree Toolbar v12.10.3.4488 - (.APN, LLC.) [HKLM][64Bits] -- {41564952-412D-5637-4300-A758B70C0A03} =>Toolbar.Avira [HKCU\Software\APN PIP] [HKCU\Software\AskPartnerNetwork] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\PIP] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\wscontb] [HKLM\Software\AskPartnerNetwork] [HKLM\Software\Wow6432Node\AskPartnerNetwork] [HKLM\Software\Wow6432Node\PIP] O43 - CFD: 2014-01-04 - 10:37:56 - [] ----D C:\Program Files (x86)\AskPartnerNetwork O43 - CFD: 2013-07-14 - 01:10:09 - [] ----D C:\ProgramData\APN O43 - CFD: 2012-10-27 - 20:52:23 - [] ----D C:\ProgramData\Ask O43 - CFD: 2014-01-04 - 10:37:56 - [] ----D C:\ProgramData\AskPartnerNetwork O43 - CFD: 2012-12-24 - 00:09:21 - [0] ----D C:\Users\win7\AppData\Local\Conduit O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com O90 - PUC: "25946514D214736534007A857BC0A030" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Avira HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS =>Toolbar.Bing HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_audio-video-converter_RASAPI32 =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_audio-video-converter_RASMANCS =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_format-factory_RASAPI32 =>Toolbar.Conduit HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_format-factory_RASMANCS =>Toolbar.Conduit [HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira SR - | Auto 2014-02-13 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}] =>Toolbar.Avira^ [HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41564952-412D-5637-4300-A758B70C0A03}] =>Toolbar.Avira^ [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\S] =>Toolbar.Agent [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\PIP] =>Toolbar.Ask [HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKCU\Software\wscontb] =>Toolbar.Agent [HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^ C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask C:\Users\win7\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\win7\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^ C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^ [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira^ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit [HKCU\Software\MCAFEE] O43 - CFD: 2012-11-11 - 22:22:18 - [] ----D C:\ProgramData\McAfee EmptyPrefetch FirewallRaz PROXYFix EmptyTemp EmptyFlash EmptyClsid SysRestore