Script ZHPFix [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [MD5.E9986E9ADB8D65B6CA30D80103F1F53C] - (.Cherished Technololgy LIMITED - WPM Service.) -- C:\ProgramData\WPM\wprotectmanager.exe [499856] [PID.1444] =>PUP.WpManager R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =>Hijacker.NationZoom R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com =>Hijacker.NationZoom R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com =>Hijacker.NationZoom R3 - URLSearchHook: (no name) [64Bits] - {f9bbf004-6e40-4019-8214-c43a37e1d058} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) R3 - URLSearchHook: (no name) [64Bits] - {ef79f67a-6ad7-4715-a0f8-932fca442023} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) R3 - URLSearchHook: (no name) [64Bits] - {739df940-c5ee-4bab-9d7e-270894ae687a} . (.Microsoft Corporation - Navigateur Internet.) (No version) -- (.not file.) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{F9BBF004-6E40-4019-8214-C43A37E1D058} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EF79F67A-6AD7-4715-A0F8-932FCA442023} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{739DF940-C5EE-4BAB-9D7E-270894AE687A} Clé orpheline O4 - GS\Desktop [Public]: Skype.lnk . (...) -- C:\Program Files (x86)\Preload\Skype\SkypeSetup.exe (.not file.) O4 - GS\QuickLaunch [Nicolas]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\Program [Nicolas]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - GS\SystemTools [Nicolas]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] Clé orpheline =>Toolbar.Conduit O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] Clé orpheline =>Toolbar.Conduit O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager O23 - Service: Yontoo Desktop Updater (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (.not file.) =>Adware.Yontoo [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask O42 - Logiciel: BittorrentBar_FR Toolbar - (.BittorrentBar_FR.) [HKLM][64Bits] -- BittorrentBar_FR Toolbar =>P2P.BitTorrent O42 - Logiciel: DMUninstaller - (...) [HKLM][64Bits] -- DMUninstaller O42 - Logiciel: Savings Addon - (.Innovative Apps.) [HKLM][64Bits] -- Savings Addon =>Adware.SavingsAddon O42 - Logiciel: Vgrabber1 Toolbar - (.Vgrabber1.) [HKLM][64Bits] -- Vgrabber1 Toolbar =>PUP.vGrabber O42 - Logiciel: WPM17.8.0.3159 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager O42 - Logiciel: WhiteSmoke New Toolbar - (.WhiteSmoke New.) [HKLM][64Bits] -- WhiteSmoke_New Toolbar =>PUP.WhiteSmoke O42 - Logiciel: Yontoo 2.052 - (.Yontoo LLC.) [HKLM][64Bits] -- {889DF117-14D1-44EE-9F31-C5FB5D47F68B} =>Adware.Yontoo [HKCU\Software\AppDataLow\Software\Savings Addon] =>Adware.SavingsAddon [HKCU\Software\AppDataLow\Software\Vgrabber1] =>PUP.vGrabber [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] [HKCU\Software\Mixi.DJ] [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKLM\Software\Wow6432Node\WhiteSmoke_New] =>PUP.WhiteSmoke [HKLM\Software\Wow6432Node\nationzoomSoftware] =>Hijacker.NationZoom [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager O43 - CFD: 2013-06-25 - 20:55:19 - [4,043] ----D C:\Program Files (x86)\Savings Addon =>Adware.SavingsAddon O43 - CFD: 2014-01-16 - 21:59:22 - [0,055] ----D C:\Program Files (x86)\vGrabber-software =>PUP.vGrabber O43 - CFD: 2014-01-16 - 21:59:23 - [0,477] ----D C:\ProgramData\WPM =>PUP.WpManager O45 - LFCP:[MD5.CA8005C195AED51C625B84F5625EC707] - 2014-01-20 - 08:47:53 ---A- - C:\Windows\Prefetch\YONTOODESKTOP.EXE-37770389.pf =>Adware.Yontoo O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom [MD5.9FB9D49C2DB7EDD1084AB765D619F5C6] [SPRF][2013-12-03] (.Conduit - Search Protect by conduit.) -- C:\Users\Nicolas\AppData\Local\Temp\utt5CA2.tmp.exe [66368] =>Toolbar.Conduit SS - | Auto 1658-07-10 0 | (Yontoo Desktop Updater) . (...) - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe =>Adware.Yontoo SR - | Auto 2013-12-03 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager [HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^ [HKLM\SYSTEM\CurrentControlSet\Services\Yontoo Desktop Updater] =>Adware.Yontoo^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Addon] =>Adware.SavingsAddon^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber1 Toolbar] =>PUP.vGrabber^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar] =>PUP.WhiteSmoke^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo^ [HKLM\Software\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software [HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}] =>PUP.Software.Updater [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask [HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch [HKCU\Software\AppDataLow\Software\BittorrentBar_FR] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\BittorrentBar_FR] =>Toolbar.Conduit [HKLM\Software\Tarma Installer] =>PUP.Tarma [HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_FR Toolbar] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask [HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk] =>Spyware.GophotoIt [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje] =>Hijacker.TornTV [HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ C:\Program Files (x86)\BittorrentBar_FR =>P2P.BitTorrent^ C:\Program Files (x86)\Savings Addon =>Adware.SavingsAddon^ C:\Program Files (x86)\vGrabber-software =>PUP.vGrabber^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\Nicolas\AppData\Roaming\BitTorrent =>P2P.BitTorrent^ C:\Users\Nicolas\AppData\LocalLow\BittorrentBar_FR =>Toolbar.Conduit C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi =>Spyware.GophotoIt C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager^ [HKCU\Software\AppDataLow\Software\Savings Addon] =>Adware.SavingsAddon^ [HKCU\Software\AppDataLow\Software\Vgrabber1] =>PUP.vGrabber^ [HKLM\Software\Wow6432Node\WhiteSmoke_New] =>PUP.WhiteSmoke^ [HKLM\Software\Wow6432Node\nationzoomSoftware] =>Hijacker.NationZoom^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ C:\Users\Nicolas\AppData\Local\Temp\utt5CA2.tmp.exe =>Toolbar.Conduit^ FirewallRaz EmptyTemp ShortcutFix EmptyPrefetch