Format du document : text/plain
Prévisualisation
Script ZHPFix
[MD5.00000000000000000000000000000000] [APT] [YourFile DownloaderUpdate] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
O42 - Logiciel: MovieDownloader - (.1clickmoviedownloader.com.) [HKLM][64Bits] -- 1ClickDownload =>PUP.1ClickDownloader
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\AppDataLow\Software\Smart Suggestor] =>Adware.SmartSuggestor
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager
[HKCU\Software\YourFileDownloader]
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\Vittalia] =>Adware.Vittalia
[HKLM\Software\Wow6432Node\YourFileDownloader]
O43 - CFD: 2014-04-24 - 10:33:08 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 2014-04-17 - 09:49:59 - [] ----D C:\ProgramData\ParetoLogic =>PUP.Paretologic
O43 - CFD: 2013-01-06 - 01:03:29 - [] ----D C:\ProgramData\Tarma Installer =>PUP.Tarma
O43 - CFD: 2013-10-25 - 00:44:36 - [] ----D C:\Users\win7\AppData\Roaming\DriverCure =>PUP.DriverCure
O43 - CFD: 2012-09-20 - 12:12:27 - [] ----D C:\Users\win7\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 2013-10-25 - 00:44:36 - [] ----D C:\Users\win7\AppData\Roaming\ParetoLogic =>PUP.Paretologic
O43 - CFD: 2013-03-04 - 21:25:09 - [0] ----D C:\Users\win7\AppData\Roaming\YourFileDownloader
O43 - CFD: 2013-12-21 - 00:31:19 - [] ----D C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine
O51 - MPSK:{22211d6f-fe94-11e1-90e0-806e6f6e6963}\AutoRun\command. (...) -- D:\Bin\ASSETUP.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com =>Spyware.VMNToolbar
[MD5.B9DD25E962EBAF270D77820FD0B02781] [WIS][2014-02-20] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\12d4c.msi [813568] =>Adware.Bandoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\1ClickDownloader_RASAPI32 =>PUP.1ClickDownloader
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\1ClickDownloader_RASMANCS =>PUP.1ClickDownloader
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BetterInstaller_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DomaIQ10_RASAPI32 =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\DomaIQ10_RASMANCS =>Adware.DomaIQ
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBetterBrowse_RASAPI32 =>PUP.BetterBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBetterBrowse_RASMANCS =>PUP.BetterBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBetterBrowse_RASAPI32 =>PUP.BetterBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBetterBrowse_RASMANCS =>PUP.BetterBrowse
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-10B0_RASAPI32 =>Adware.Yontoo
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-S-10B0_RASMANCS =>Adware.Yontoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader^
[HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}] =>PUP.Funmoods
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}] =>Adware.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] =>Adware.Yontoo
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKLM\Software\Wow6432Node\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] =>Adware.CDNHelper
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}] =>Adware.IncrediBar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader
[HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco] =>PUP.1ClickDownloader
[HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Tarma Installer] =>PUP.Tarma
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload] =>PUP.1ClickDownloader
[HKLM\Software\Classes\oneclick] =>PUP.1ClickDownloader
[HKLM\Software\Classes\oneclickmg] =>PUP.1ClickDownloader
[HKLM\Software\Classes\1ClicktorrentFile] =>PUP.1ClickDownloader
[HKLM\Software\Classes\1ClicktorrentFile1] =>PUP.1ClickDownloader
[HKCU\Software\ParetoLogic] =>PUP.Paretologic
[HKLM\Software\Wow6432Node\ParetoLogic] =>PUP.Paretologic
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\ParetoLogic =>PUP.Paretologic^
C:\ProgramData\Tarma Installer =>PUP.Tarma^
C:\Users\win7\AppData\Roaming\DriverCure =>PUP.DriverCure^
C:\Users\win7\AppData\Roaming\OpenCandy =>Adware.OpenCandy^
C:\Users\win7\AppData\Roaming\ParetoLogic =>PUP.Paretologic^
C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com =>PUP.SoftwareEngine^
C:\Users\win7\AppData\Roaming\yourfiledownloader =>PUP.YourFileDownloader
[HKCU\Software\AppDataLow\Software\Smart Suggestor] =>Adware.SmartSuggestor^
[HKCU\Software\AppDataLow\Software\SmartBar] =>Hijacker.SmartBar^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
[HKLM\Software\Wow6432Node\Vittalia] =>Adware.Vittalia^
C:\Windows\Installer\12d4c.msi =>Adware.Bandoo^
[MD5.00000000000000000000000000000000] [APT] [{0ED77AF1-E39B-43D8-8F44-7CF93C323DA8}] (...) -- J:\install.exe (.not file.) [0]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
[MD5.4B96654025B28EEB1E5D8F001E5D1B8A] - (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160] [PID.2632] =>Toolbar.Ask
[MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.1792] =>Toolbar.Ask
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
O2 - BHO: Avira SearchFree Toolbar BHO [64Bits] - {41564952-412D-5637-4300-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (.not file.) =>Toolbar.Avira
O2 - BHO: Avira SearchFree Toolbar [64Bits] - {41564952-412D-5637-4300-7A786E7484D7} . (...) -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (.not file.) =>Toolbar.Avira
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O23 - Service: Service de mise � jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O42 - Logiciel: Avira SearchFree Toolbar v12.10.3.4488 - (.APN, LLC.) [HKLM][64Bits] -- {41564952-412D-5637-4300-A758B70C0A03} =>Toolbar.Avira
[HKCU\Software\APN PIP]
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\PIP]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\wscontb]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\PIP]
O43 - CFD: 2014-01-04 - 10:37:56 - [] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 2013-07-14 - 01:10:09 - [] ----D C:\ProgramData\APN
O43 - CFD: 2012-10-27 - 20:52:23 - [] ----D C:\ProgramData\Ask
O43 - CFD: 2014-01-04 - 10:37:56 - [] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 2012-12-24 - 00:09:21 - [0] ----D C:\Users\win7\AppData\Local\Conduit
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} [DefaultScope] - (Conduit Search) - http://search.conduit.com
O90 - PUC: "25946514D214736534007A857BC0A030" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Avira
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_audio-video-converter_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_audio-video-converter_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_format-factory_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_pour_format-factory_RASMANCS =>Toolbar.Conduit
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira
SR - | Auto 2014-02-13 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41564952-412D-5637-4300-A758B70C0A03}] =>Toolbar.Avira^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKLM\Software\Classes\S] =>Toolbar.Agent
[HKCU\Software\APN PIP] =>Toolbar.Ask
[HKCU\Software\PIP] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\wscontb] =>Toolbar.Agent
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\win7\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\win7\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask^
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] (Avira SearchFree Toolbar) =>Toolbar.Avira^
http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
[HKCU\Software\MCAFEE]
O43 - CFD: 2012-11-11 - 22:22:18 - [] ----D C:\ProgramData\McAfee
EmptyPrefetch
FirewallRaz
PROXYFix
EmptyTemp
EmptyFlash
EmptyClsid
SysRestore