Probleme de connexion internet(virus)
Résolu
Fiaistaflo
Messages postés
177
Date d'inscription
Statut
Membre
Dernière intervention
-
Fiaistaflo Messages postés 177 Date d'inscription Statut Membre Dernière intervention -
Fiaistaflo Messages postés 177 Date d'inscription Statut Membre Dernière intervention -
Bonjour à tous,
Depuis hier je n'arrive plus à me connecter avec mon adresse ip.
Mais avec hotspot shield(les virus pas de ce logiciel) j'arrive à me connecter.
Ce matin j'ai télécharger comodo internet security premium.
Et il a détecté des virus(des chevaux de troies et droppers).
Comodo me demande si je veux que quelqu un technicien aillent sur mon ordi pour supprimer le virus.(j'ai télécharger sur ce site).
Je vais lancé une analyse avec comodo.
J'ai aussi avast sur mon ordi.
Merci beaucoup d'avance.
Fiaistaflo
Depuis hier je n'arrive plus à me connecter avec mon adresse ip.
Mais avec hotspot shield(les virus pas de ce logiciel) j'arrive à me connecter.
Ce matin j'ai télécharger comodo internet security premium.
Et il a détecté des virus(des chevaux de troies et droppers).
Comodo me demande si je veux que quelqu un technicien aillent sur mon ordi pour supprimer le virus.(j'ai télécharger sur ce site).
Je vais lancé une analyse avec comodo.
J'ai aussi avast sur mon ordi.
Merci beaucoup d'avance.
Fiaistaflo
A voir également:
- Ie activex interface marshaling library
- Gmail connexion - Guide
- D'où peut venir un problème de connexion internet sur un ordinateur ? - Guide
- Arcep ma connexion internet - Accueil - Box & Connexion Internet
- Comment savoir si quelqu'un utilise ma connexion internet - Guide
- Virus mcafee - Accueil - Piratage
54 réponses
Hello
Bon c'est dans la quarantaine de Comodo
Refais moi un zhpdiag et désinstalles comodo puisque tu possèdes Avast
Bon c'est dans la quarantaine de Comodo
Refais moi un zhpdiag et désinstalles comodo puisque tu possèdes Avast
Si je désinstalle comodo j'aurais plus de pare feu.
Sauf celui de windows qui est nul.
Je ne paye pour avast donc je n'ai le pare feu de avast.
J'ai l'a version gratuite d'avast.
Sauf celui de windows qui est nul.
Je ne paye pour avast donc je n'ai le pare feu de avast.
J'ai l'a version gratuite d'avast.
Hello
Je vais te dire une chose ne dis pas que le parefeu de 7 est nul il est très simple d'utilisation et on ne se prend pas la tête avec des réglages compliqués
Je respecte ton choix mais étant ancienne utilisatrice de Comodo je l'ai quitté à cause des faux positifs
Bref que fait on?
Si tu gardes comodo il faudra désinstaller avast(ce qui est dommage)
Si tu gardes avast on désinstalle comodo
Je vais te dire une chose ne dis pas que le parefeu de 7 est nul il est très simple d'utilisation et on ne se prend pas la tête avec des réglages compliqués
Je respecte ton choix mais étant ancienne utilisatrice de Comodo je l'ai quitté à cause des faux positifs
Bref que fait on?
Si tu gardes comodo il faudra désinstaller avast(ce qui est dommage)
Si tu gardes avast on désinstalle comodo
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Hello
Comme tu l'as dit il reste des choses :)
Merci juju de ton intervention
Pas la peine de me proposer une licence gratuite je la possède déjà x)
Je vais regarder ton rapport
Ps sois patient s'il te plaît
Si problème il y a il existe toujours une solution
N'oubliez pas de mettre votre sujet en résolu :)
Comme tu l'as dit il reste des choses :)
Merci juju de ton intervention
Pas la peine de me proposer une licence gratuite je la possède déjà x)
Je vais regarder ton rapport
Ps sois patient s'il te plaît
Si problème il y a il existe toujours une solution
N'oubliez pas de mettre votre sujet en résolu :)
Oui je me sert de clownfish.
J'ai désinstaller advanced system care.
Avast m'a afficher une fenetre comme quoi il analysait un programme qui pour lui etait suspect.
Mais il n'a pas trouvez de virus.
J'ai désinstaller advanced system care.
Avast m'a afficher une fenetre comme quoi il analysait un programme qui pour lui etait suspect.
Mais il n'a pas trouvez de virus.
Pour avast Zhp diag est programme suspect.
Parce qu'il n'y a pas beaucoup d'utilisateurs qui l'utilise selon lui.
Mais il n'a détecter aucun virus.
Parce qu'il n'y a pas beaucoup d'utilisateurs qui l'utilise selon lui.
Mais il n'a détecter aucun virus.
Voici le rapport:
Rapport de ZHPDiag v2013.5.24.149 par Nicolas Coolman, Update du 24/05/2013
Run by Ordi at 25/05/2013 18:21:26
WebSite: http://nicolascoolman.wix.com/nicolascoolman
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0
GCIE: Google Chrome v26.0.1410.64 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : HVF8Y
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4092 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 425 GB (92%) free of 462 GB
---\\ Logged in mode
~ Computer Name: ORDI-PC
~ User Name: Ordi
~ All Users Names: Ordi, fbwuser, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Ordi\AppData\Roaming\
~ %Desktop% : C:\Users\Ordi\Desktop\
~ %Favorites% : C:\Users\Ordi\Favorites\
~ %LocalAppData% : C:\Users\Ordi\AppData\Local\
~ %StartMenu% : C:\Users\Ordi\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 425 Go of 462 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.18/05/2013 - 11:16:07.) -- C:\Windows\System32\wininet.dll [1389056]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 1/11
~ Mon Bureau (My Desktop) : 1/21
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.070753E47E04181DD440EA2FEFE3115C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376] [PID.2552]
[MD5.FA0333F142ABDADC8CB540D3A3B71685] - (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe [1268472] [PID.2992]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2268]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.2668]
[MD5.598396AE125095BBEDFAC532854D7EB7] - (.IObit - Game Booster.) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe [609624] [PID.3376]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1312720] [PID.5336]
[MD5.90DFED4A5C4EEA2DEF544C8B38B702F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7399424] [PID.5032]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1524]
[MD5.46532E80E18BB25D3B568DA10A160653] - (.Ellora Assets Corp. - CaptureLibService.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216] [PID.1848]
[MD5.DE789E037D4A587117EC119E86719523] - (...) -- C:\Program Files\AVAST Software\Avast\OpenVpn\openvpn.exe [510464] [PID.1736]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [jmhhdaimhfblnamlcdijbaakkifakade] FindLyrics v.1.111 (Désactivé) =>Adware.AddLyrics
~ Google Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Ordi\AppData\Roaming\Mozilla\Firefox\Profiles\gseu40mu.default\prefs.js
C:\Users\Ordi\AppData\Roaming\Mozilla\Firefox\Profiles\gseu40mu.default\user.js
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Lyrics Fan [64Bits] - {A8720491-9558-4C0D-9E35-30EED15DFB2B} . (.FAN Software - Lyrics Fan.) -- C:\Program Files (x86)\LyricsFan\lrcfan.dll
O2 - BHO: (no name) [64Bits] - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} Clé orpheline
~ BHO: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKLM\..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] C:\Users\Ordi\AppData\Local\Temp\cisB87.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3066860278-54030450-621364829-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3066860278-54030450-621364829-1000\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKUS\S-1-5-21-3066860278-54030450-621364829-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Logiciel DJ PRO 2013.lnk . (...) -- C:\LogicielDjPro2013\LogicielDJ.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Clownfish.lnk . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - GS\Desktop: Logiciel DJ PRO 2013.lnk . (...) -- C:\LogicielDjPro2013\LogicielDJ.exe
O4 - GS\Desktop: SpeedFan.lnk . (.Almico Software (www.almico.com) - Pas de description.) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - GS\Desktop: WinRAR.lnk . (.Alexander Roshal - WinRAR archiver.) -- C:\Program Files (x86)\WinRAR\WinRAR.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{188CCDEF-BB99-4F01-AA88-9FA7320DF566}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{434ABBB3-AF64-4231-9899-ECF9F42AB391}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{188CCDEF-BB99-4F01-AA88-9FA7320DF566}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{434ABBB3-AF64-4231-9899-ECF9F42AB391}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{188CCDEF-BB99-4F01-AA88-9FA7320DF566}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.234.40.79
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Lyrics Fan Update.job [392]
[MD5.763643CE7E9C5C65405196C0AD279DFB] [APT] [Lyrics Fan Update] (.FAN Software.) -- C:\Program Files (x86)\LyricsFan\LyricsFanUpdater.exe [118272]
[MD5.00000000000000000000000000000000] [APT] [{63087797-E608-4E7B-A470-D5E60080225E}] (...) -- C:\Users\Ordi\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (.not file.) [0]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Dead Surf - (.Legend Edition.) [HKCU][64Bits] -- 54ff1d9321d2d98f
O42 - Logiciel: Lyrics Fan - (.FAN Software.) [HKLM][64Bits] -- lrcfan@fansoft.br
~ Logic: 54 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AI_RecycleBin]
[HKCU\Software\AppDataLow\Software\LyricsFan]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Updater By SweetPacks] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Updater By SweetPacks] =>PUP.SweetIM
~ Key Software: 105 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/05/2013 - 17:53:46 - [0] ----D C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
O43 - CFD: 25/05/2013 - 17:53:46 - [0,380] ----D C:\Program Files (x86)\LyricsFan
O43 - CFD: 19/05/2013 - 10:30:37 - [0,000] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 23/05/2013 - 08:28:37 - [0] ----D C:\Users\Ordi\AppData\Roaming\Langstat
O43 - CFD: 14/05/2013 - 20:17:00 - [0] ----D C:\Users\Ordi\AppData\Roaming\Strongvault
O43 - CFD: 14/05/2013 - 19:05:01 - [0,249] ----D C:\Users\Ordi\AppData\Local\WebPlayer
O43 - CFD: 19/05/2013 - 13:28:43 - [0,000] ----D C:\Users\Ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legend Edition
O43 - CFD: 17/05/2013 - 21:08:01 - [0,003] ----D C:\Users\Ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logiciel DJ PRO 2013
~ Program Folder: 107 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2EC929551A613A5346061858279D2AF8] - 23/05/2013 - 18:39:16 ---A- . (...) -- C:\Windows\cce.INI [1008]
O44 - LFC:[MD5.E0D9C9E77EE37DBCD32435DC3553C5B5] - 22/05/2013 - 20:20:25 RSHAD . (...) -- C:\Windows\System32\Drivers\sfi.dat [1474832]
O44 - LFC:[MD5.7DE994ABFA8F985C7C7382C205D3F19D] - 19/05/2013 - 21:21:58 ---A- . (...) -- C:\Windows\ntbtlog.txt [68028]
O44 - LFC:[MD5.F486D373137F1E91E6F1DD2ADD56D54D] - 19/05/2013 - 14:54:24 ---A- . (...) -- C:\Windows\IE10_main.log [7819]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/05/2013 - 14:09:51 ---A- . (...) -- C:\asc_rdflag [0]
O44 - LFC:[MD5.DD0443BC6CC78A19FD399817F8C51401] - 19/05/2013 - 09:45:44 RSHAD . (...) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720]
O44 - LFC:[MD5.3C23BE0DAD748BAE77E87F18F34EBA0E] - 18/05/2013 - 21:58:02 RSHAD . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40616]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 18/05/2013 - 11:16:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [72822]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 18/05/2013 - 11:16:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
O44 - LFC:[MD5.DE9402E080E9E3C94A9FD3FCF65DE369] - 17/05/2013 - 19:45:12 RSHAD . (.ENE TECHNOLOGY INC. - ENE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\enecir.sys [36864]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 17/05/2013 - 18:08:43 ---A- . (...) -- C:\Windows\SysNative\systemsf.ebd [347904]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 17/05/2013 - 18:08:43 RSHAD . (...) -- C:\Windows\System32\systemsf.ebd [347904]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 17/05/2013 - 18:06:09 ---A- . (...) -- C:\Windows\SysNative\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 17/05/2013 - 18:06:09 RSHAD . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 17/05/2013 - 18:05:52 ---A- . (...) -- C:\Windows\SysNative\RacRules.xml [105559]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 17/05/2013 - 18:05:52 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 15/05/2013 - 08:20:37 ---A- . (...) -- C:\Windows\SysNative\2hps.ico [3774]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 15/05/2013 - 08:20:37 ---A- . (...) -- C:\Windows\SysNative\bltinmic.ico [3774]
O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 15/05/2013 - 08:20:37 ---A- . (...) -- C:\Windows\SysNative\nbspkrs.ico [15222]
O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 15/05/2013 - 08:20:37 RSHAD . (...) -- C:\Windows\System32\2hps.ico [3774]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 15/05/2013 - 08:20:37 RSHAD . (...) -- C:\Windows\System32\bltinmic.ico [3774]
O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 15/05/2013 - 08:20:37 RSHAD . (...) -- C:\Windows\System32\nbspkrs.ico [15222]
O44 - LFC:[MD5.60CF1A914AB3FACF28863CA728C3C090] - 15/05/2013 - 07:32:34 RSHAD . (.G Data Software - G Data Phyiscal Memory.) -- C:\Windows\System32\Drivers\GdPhyMem.sys [16944]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/05/2013 - 14:37:06 ---A- . (...) -- C:\Windows\ativpsrm.bin [0]
~ Files: 1863 Legitimates Filtered in 00mn 52s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.88A5F084D9FCC0115503F07BFCF2EDED] - 14/05/2013 - 16:54:20 ---A- - C:\Windows\Prefetch\HSSINSTALLER64.EXE-DA6D788D.pf
O45 - LFCP:[MD5.1DA149E5435054ADF7678CDAD9EF8EF5] - 14/05/2013 - 16:54:29 ---A- - C:\Windows\Prefetch\HOTSPOT-SHIELD_2.90_FR_57194.-D44CDC75.pf
O45 - LFCP:[MD5.DB361B889CE3BBBA16BE5F5A17F62EC7] - 14/05/2013 - 16:55:09 ---A- - C:\Windows\Prefetch\HSSPK.EXE-5ADE35DC.pf
O45 - LFCP:[MD5.CDE2CE18BCFE41F019BA9813A760E5CA] - 14/05/2013 - 16:55:40 ---A- - C:\Windows\Prefetch\SDPS.EXE-040CD172.pf
O45 - LFCP:[MD5.988839F6B1DD3CD4558628E8500A137D] - 14/05/2013 - 16:58:05 ---A- - C:\Windows\Prefetch\HSS-UPDATE.UPD-F466B337.pf
O45 - LFCP:[MD5.D6239BD26C1DAC6298885E17179A5479] - 14/05/2013 - 16:58:06 ---A- - C:\Windows\Prefetch\HSSINSTALLER64.EXE-4C80642A.pf
O45 - LFCP:[MD5.A5D00440CAA8F1F0EA1EEC1A2FB8157D] - 14/05/2013 - 16:58:07 ---A- - C:\Windows\Prefetch\CERTUTIL.EXE-4AEA2570.pf
O45 - LFCP:[MD5.8F49FE310A382490EBDBA06E05254392] - 14/05/2013 - 16:58:17 ---A- - C:\Windows\Prefetch\HSSINSTALLER.EXE-92FCA7C8.pf
O45 - LFCP:[MD5.920402BBC2321D3CD1727CF95316BCE9] - 14/05/2013 - 16:58:17 ---A- - C:\Windows\Prefetch\HSSPK.EXE-2C5F8901.pf
O45 - LFCP:[MD5.15531458146A62D8834684DC51C514C2] - 14/05/2013 - 16:58:43 ---A- - C:\Windows\Prefetch\HSSINSTALLER64.EXE-716DB820.pf
O45 - LFCP:[MD5.DE8014ABED65DAECD2FE8C11E7D593C4] - 14/05/2013 - 17:01:57 ---A- - C:\Windows\Prefetch\MSSEFULLINSTALL-X86-FR-VISTA.-23B960F8.pf
O45 - LFCP:[MD5.A617F7E3203E2D6BADC00DD91141C251] - 14/05/2013 - 17:04:40 ---A- - C:\Windows\Prefetch\MICROSOFT-SECURITY-ESSENTIALS-DEC4C450.pf
O45 - LFCP:[MD5.5445D0706F3129872D0E33E409A2ACB3] - 14/05/2013 - 17:12:11 ---A- - C:\Windows\Prefetch\AM_ENGINE.EXE-69ACF71F.pf
O45 - LFCP:[MD5.51F552404B20E4A05744EC8056381308] - 14/05/2013 - 17:12:13 ---A- - C:\Windows\Prefetch\AM_BASE.EXE-808FC880.pf
O45 - LFCP:[MD5.C6AC6AC2A2A2ECACA10012ED266B33FF] - 14/05/2013 - 17:15:30 ---A- - C:\Windows\Prefetch\NIS_BASE.EXE-0D026D8C.pf
O45 - LFCP:[MD5.212449D224B371C01255335FBD65FB6A] - 14/05/2013 - 17:15:30 ---A- - C:\Windows\Prefetch\NIS_ENGINE.EXE-C0E9776B.pf
O45 - LFCP:[MD5.64C9160DDC58D65BD03D6BB74065E490] - 22/05/2013 - 07:16:14 ---A- - C:\Windows\Prefetch\HSSINSTALLER.EXE-05420A5B.pf
O45 - LFCP:[MD5.481627E47BF6455E4053420187F488D2] - 24/05/2013 - 16:59:55 ---A- - C:\Windows\Prefetch\HSSINSTALLER.EXE-9AA090E0.pf
~ Prefetcher: 144 Legitimates Filtered in 00mn 01s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.5C368F4B04ED2A923E6AFCA2D37BAFF5] - 13/05/2011 - 17:57:58 ---A- . (.Hewlett-Packard Company - HP Accelerometer.) -- C:\Windows\System32\Drivers\Accelerometer.sys [43320]
O58 - SDL:[MD5.0FFE35F0B0CD5A324BBE22F02569AE3B] - 29/12/2012 - 21:59:38 ---A- . (.Almico Software - SpeedFan x64 Driver.) -- C:\Windows\SysWOW64\speedfan.sys [28664]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/05/2013 - 07:25:48 ---A- C:\Users\Ordi\Downloads\mbam-setup-1.75.0.1300.exe [10285040]
O61 - LFC: 22/05/2013 - 17:24:53 ---A- C:\Users\Ordi\Downloads\avast_free_antivirus_setup.exe [117478104]
O61 - LFC: 22/05/2013 - 19:50:25 ---A- C:\Users\Ordi\Downloads\RogueKiller.exe [816128]
O61 - LFC: 22/05/2013 - 21:39:49 ---A- C:\Users\Ordi\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163]
O61 - LFC: 23/05/2013 - 06:45:10 ---A- C:\Users\Ordi\Documents\ZHPDiag.Txt [40689]
O61 - LFC: 23/05/2013 - 06:52:43 ---A- C:\Users\Ordi\Downloads\cispremium_installer.exe [151247144]
O61 - LFC: 23/05/2013 - 07:08:48 ---A- C:\Users\Ordi\Links\Espace Partagé.lnk [593]
O61 - LFC: 23/05/2013 - 09:37:07 ---A- C:\Users\Ordi\Downloads\ZHPDiag2-2013.5.19.135.exe [5660735]
O61 - LFC: 23/05/2013 - 12:47:00 ---A- C:\Users\Ordi\Downloads\ZHPDiag2-2013.5.19.135 (1).exe [5660735]
O61 - LFC: 23/05/2013 - 13:50:59 ---A- C:\Users\Ordi\Downloads\setup.exe [382511]
O61 - LFC: 23/05/2013 - 13:59:32 ---A- C:\Users\Ordi\Downloads\CamStudio_2.7_r316_setup.exe [3099532]
O61 - LFC: 23/05/2013 - 14:02:39 ---A- C:\Users\Ordi\Downloads\camstudio_camstudio_2.7_r316_francais_10618.exe [1167576]
O61 - LFC: 23/05/2013 - 14:12:36 ---A- C:\Users\Ordi\AppData\Roaming\CamStudio.cfg [4523]
O61 - LFC: 23/05/2013 - 21:31:46 ---A- C:\Users\Ordi\Downloads\wlsetup-web.exe [1244160]
O61 - LFC: 24/05/2013 - 17:33:19 ---A- C:\Users\Ordi\Downloads\setup (1).exe [382511]
O61 - LFC: 25/05/2013 - 16:59:45 ---A- C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [270335]
O61 - LFC: 25/05/2013 - 17:23:00 ---A- C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Local State [32270]
~ 65 Fichiers temporaires (Temporary files)
~ Files: 417 Legitimates Filtered in 00mn 15s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (GDPkIcpt) .(...) - LEGACY_GDPKICPT
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 01/11/2010 - C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (WinRing0_1_2_0) .(.OpenLibSys.org - WinRing0.) - LEGACY_WINRING0_1_2_0
~ Legacy: 133 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} - (Yahoo! Search) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.9DF294FBC3740CB8B5684012C27E2E52] [SPRF][19/05/2013] (.IObit - Advanced SystemCare 6.) -- C:\Users\Ordi\AppData\Local\Temp\ASCSetup.exe [21436320]
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\BackupSetup.exe [10304672]
[MD5.5AA3E89A59E3D556B5F9B6D8D8EE3A82] [SPRF][14/05/2013] (.Somoto Ltd. - Better Installer Cleaner.) -- C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe [42080] =>Adware.MegaSearch
[MD5.299BC5EAE63B02E8E29498118B374A1E] [SPRF][25/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\chart_data.dat [20562]
[MD5.C2073DB580FA7B11ECBE0D20321EC7F7] [SPRF][22/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\dump.dat [1757184]
[MD5.735C5AB0106E929C5616B49954FFF0EE] [SPRF][25/05/2013] (.Pas de propriétaire - Lyrics Fan.) -- C:\Users\Ordi\AppData\Local\Temp\flcsup.exe [280921]
[MD5.D7270C0373D3441A3D6F56F11B6C55DA] [SPRF][18/05/2013] (.Ellora Assets Corporation - Freemake Music Box Setup.) -- C:\Users\Ordi\AppData\Local\Temp\FreemakeMusicBox_0.9.8.4.exe [15217368]
[MD5.BEB65ACF46295DC4F4C4EDF767622285] [SPRF][18/05/2013] (.Ellora Assets Corporation - Freemake Video Downloader Setup.) -- C:\Users\Ordi\AppData\Local\Temp\FreemakeVideoDownloader_3.5.1.0.exe [12359160]
[MD5.7540E62EDCBFF8CE49FD2CA0944E6E70] [SPRF][15/05/2013] (.G Data Software AG - G Data WFP Callout Driver (6.0).) -- C:\Users\Ordi\AppData\Local\Temp\gdwfpcd32.sys [54104]
[MD5.98726383785FAC5730AB596294B0F655] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\GenericUninstall.exe [977]
[MD5.CDA4A59C966DA563EC9A33C79B59D089] [SPRF][14/05/2013] (.SweetPacks - Updater By SweetPacks Setup.) -- C:\Users\Ordi\AppData\Local\Temp\hsbing_717_active.exe [1312040] =>PUP.SweetIM
[MD5.8A4AF3B0695F29186AD02E2FD766FA3B] [SPRF][14/05/2013] (.SweetIM Technologies Ltd. - SQLite DLL.) -- C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll [393016] =>PUP.SweetIM
[MD5.E6F1F7C1242C4D2664920EF440973116] [SPRF][14/05/2013] (.Somoto Ltd. - Online Weather.) -- C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe [301576] =>Adware.MegaSearch
[MD5.7E7EB7AFF595774E5E500B34058CC1A7] [SPRF][20/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\sfamcc00001.dll [192512]
[MD5.F0E142B1EF4006222863D4E4A0B952B7] [SPRF][16/12/2012] (...) -- C:\Users\Ordi\AppData\Local\Temp\sfextra.dll [55296]
[MD5.83BAA5EAE50A2BA8DF9AA723F294E43E] [SPRF][15/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\TrialData.dat [68]
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Ordi\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.98726383785FAC5730AB596294B0F655] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\uninstaller.exe [977]
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][14/05/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] =>Adware.MegaSearch
[MD5.40395C175553CB14D2050888EFCCDF00] [SPRF][14/05/2013] (.Microsoft Corporation - Microsoft Visual C++ 2008 Redistributable Setup.) -- C:\Users\Ordi\AppData\Local\Temp\vcredist_x64.exe [4961800]
[MD5.98726383785FAC5730AB596294B0F655] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\WSSetup.exe [977]
[MD5.062FD9AE3C206965AB482208E7FD4545] [SPRF][18/05/2013] (...) -- C:\Users\Ordi\AppData\Roaming\Ordilog.dat [7659]
[MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][24/05/2013] (...) -- C:\Users\Ordi\Desktop\AdwCleaner-2.301.exe [632031]
~ Files: Scanned in 00mn 08s
---\\ Scan Additionnel (O88)
Database Version : v2.12360 - (24/05/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 16
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Users\Ordi\AppData\Local\Temp\1368554996_1396723_9_4.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368554997_1396879_757_6.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368555004_1403759_460_8.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch
~ Additionnel Scan: 123972 Items scanned in 00mn 41s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SR - | Auto 18/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/05/2013 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SS - | Auto 14/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Ordi at 25/05/2013 18:24:36
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 3275 Legitimates filtered by white list
End of the scan (504 lines in 03mn 09s)(0)
Rapport de ZHPDiag v2013.5.24.149 par Nicolas Coolman, Update du 24/05/2013
Run by Ordi at 25/05/2013 18:21:26
WebSite: http://nicolascoolman.wix.com/nicolascoolman
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 21.0
GCIE: Google Chrome v26.0.1410.64 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : HVF8Y
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7
---\\ System Optimizer
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4092 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 425 GB (92%) free of 462 GB
---\\ Logged in mode
~ Computer Name: ORDI-PC
~ User Name: Ordi
~ All Users Names: Ordi, fbwuser, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Ordi\AppData\Roaming\
~ %Desktop% : C:\Users\Ordi\Desktop\
~ %Favorites% : C:\Users\Ordi\Favorites\
~ %LocalAppData% : C:\Users\Ordi\AppData\Local\
~ %StartMenu% : C:\Users\Ordi\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 425 Go of 462 Go)
D:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.18/05/2013 - 11:16:07.) -- C:\Windows\System32\wininet.dll [1389056]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 1/11
~ Mon Bureau (My Desktop) : 1/21
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 00s
---\\ Processus lancés
[MD5.070753E47E04181DD440EA2FEFE3115C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18678376] [PID.2552]
[MD5.FA0333F142ABDADC8CB540D3A3B71685] - (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe [1268472] [PID.2992]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.2268]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [7168] [PID.2668]
[MD5.598396AE125095BBEDFAC532854D7EB7] - (.IObit - Game Booster.) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe [609624] [PID.3376]
[MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1312720] [PID.5336]
[MD5.90DFED4A5C4EEA2DEF544C8B38B702F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7399424] [PID.5032]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1524]
[MD5.46532E80E18BB25D3B568DA10A160653] - (.Ellora Assets Corp. - CaptureLibService.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216] [PID.1848]
[MD5.DE789E037D4A587117EC119E86719523] - (...) -- C:\Program Files\AVAST Software\Avast\OpenVpn\openvpn.exe [510464] [PID.1736]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [jmhhdaimhfblnamlcdijbaakkifakade] FindLyrics v.1.111 (Désactivé) =>Adware.AddLyrics
~ Google Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Ordi\AppData\Roaming\Mozilla\Firefox\Profiles\gseu40mu.default\prefs.js
C:\Users\Ordi\AppData\Roaming\Mozilla\Firefox\Profiles\gseu40mu.default\user.js
~ Firefox Browser: 3 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Lyrics Fan [64Bits] - {A8720491-9558-4C0D-9E35-30EED15DFB2B} . (.FAN Software - Lyrics Fan.) -- C:\Program Files (x86)\LyricsFan\lrcfan.dll
O2 - BHO: (no name) [64Bits] - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} Clé orpheline
~ BHO: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Zune Launcher] . (.Microsoft Corporation - Zune Auto-Launcher.) -- C:\Program Files\Zune\ZuneLauncher.exe
O4 - HKLM\..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] C:\Users\Ordi\AppData\Local\Temp\cisB87.exe (.not file.)
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3066860278-54030450-621364829-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3066860278-54030450-621364829-1000\..\Run: [Clownfish] . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - HKUS\S-1-5-21-3066860278-54030450-621364829-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Logiciel DJ PRO 2013.lnk . (...) -- C:\LogicielDjPro2013\LogicielDJ.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Clownfish.lnk . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
O4 - GS\Desktop: Logiciel DJ PRO 2013.lnk . (...) -- C:\LogicielDjPro2013\LogicielDJ.exe
O4 - GS\Desktop: SpeedFan.lnk . (.Almico Software (www.almico.com) - Pas de description.) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - GS\Desktop: WinRAR.lnk . (.Alexander Roshal - WinRAR archiver.) -- C:\Program Files (x86)\WinRAR\WinRAR.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{188CCDEF-BB99-4F01-AA88-9FA7320DF566}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{434ABBB3-AF64-4231-9899-ECF9F42AB391}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS1\Services\Tcpip\..\{188CCDEF-BB99-4F01-AA88-9FA7320DF566}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{434ABBB3-AF64-4231-9899-ECF9F42AB391}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CS2\Services\Tcpip\..\{188CCDEF-BB99-4F01-AA88-9FA7320DF566}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.234.40.79
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Lyrics Fan Update.job [392]
[MD5.763643CE7E9C5C65405196C0AD279DFB] [APT] [Lyrics Fan Update] (.FAN Software.) -- C:\Program Files (x86)\LyricsFan\LyricsFanUpdater.exe [118272]
[MD5.00000000000000000000000000000000] [APT] [{63087797-E608-4E7B-A470-D5E60080225E}] (...) -- C:\Users\Ordi\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (.not file.) [0]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Dead Surf - (.Legend Edition.) [HKCU][64Bits] -- 54ff1d9321d2d98f
O42 - Logiciel: Lyrics Fan - (.FAN Software.) [HKLM][64Bits] -- lrcfan@fansoft.br
~ Logic: 54 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AI_RecycleBin]
[HKCU\Software\AppDataLow\Software\LyricsFan]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Updater By SweetPacks] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Updater By SweetPacks] =>PUP.SweetIM
~ Key Software: 105 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/05/2013 - 17:53:46 - [0] ----D C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
O43 - CFD: 25/05/2013 - 17:53:46 - [0,380] ----D C:\Program Files (x86)\LyricsFan
O43 - CFD: 19/05/2013 - 10:30:37 - [0,000] ----D C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
O43 - CFD: 23/05/2013 - 08:28:37 - [0] ----D C:\Users\Ordi\AppData\Roaming\Langstat
O43 - CFD: 14/05/2013 - 20:17:00 - [0] ----D C:\Users\Ordi\AppData\Roaming\Strongvault
O43 - CFD: 14/05/2013 - 19:05:01 - [0,249] ----D C:\Users\Ordi\AppData\Local\WebPlayer
O43 - CFD: 19/05/2013 - 13:28:43 - [0,000] ----D C:\Users\Ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legend Edition
O43 - CFD: 17/05/2013 - 21:08:01 - [0,003] ----D C:\Users\Ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logiciel DJ PRO 2013
~ Program Folder: 107 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.2EC929551A613A5346061858279D2AF8] - 23/05/2013 - 18:39:16 ---A- . (...) -- C:\Windows\cce.INI [1008]
O44 - LFC:[MD5.E0D9C9E77EE37DBCD32435DC3553C5B5] - 22/05/2013 - 20:20:25 RSHAD . (...) -- C:\Windows\System32\Drivers\sfi.dat [1474832]
O44 - LFC:[MD5.7DE994ABFA8F985C7C7382C205D3F19D] - 19/05/2013 - 21:21:58 ---A- . (...) -- C:\Windows\ntbtlog.txt [68028]
O44 - LFC:[MD5.F486D373137F1E91E6F1DD2ADD56D54D] - 19/05/2013 - 14:54:24 ---A- . (...) -- C:\Windows\IE10_main.log [7819]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 19/05/2013 - 14:09:51 ---A- . (...) -- C:\asc_rdflag [0]
O44 - LFC:[MD5.DD0443BC6CC78A19FD399817F8C51401] - 19/05/2013 - 09:45:44 RSHAD . (...) -- C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720]
O44 - LFC:[MD5.3C23BE0DAD748BAE77E87F18F34EBA0E] - 18/05/2013 - 21:58:02 RSHAD . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\tap0901.sys [40616]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 18/05/2013 - 11:16:04 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [72822]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 18/05/2013 - 11:16:04 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]
O44 - LFC:[MD5.DE9402E080E9E3C94A9FD3FCF65DE369] - 17/05/2013 - 19:45:12 RSHAD . (.ENE TECHNOLOGY INC. - ENE Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\enecir.sys [36864]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 17/05/2013 - 18:08:43 ---A- . (...) -- C:\Windows\SysNative\systemsf.ebd [347904]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 17/05/2013 - 18:08:43 RSHAD . (...) -- C:\Windows\System32\systemsf.ebd [347904]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 17/05/2013 - 18:06:09 ---A- . (...) -- C:\Windows\SysNative\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 17/05/2013 - 18:06:09 RSHAD . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 17/05/2013 - 18:05:52 ---A- . (...) -- C:\Windows\SysNative\RacRules.xml [105559]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 17/05/2013 - 18:05:52 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 15/05/2013 - 08:20:37 ---A- . (...) -- C:\Windows\SysNative\2hps.ico [3774]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 15/05/2013 - 08:20:37 ---A- . (...) -- C:\Windows\SysNative\bltinmic.ico [3774]
O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 15/05/2013 - 08:20:37 ---A- . (...) -- C:\Windows\SysNative\nbspkrs.ico [15222]
O44 - LFC:[MD5.DCBADE1C40D65EFC7B95890825402221] - 15/05/2013 - 08:20:37 RSHAD . (...) -- C:\Windows\System32\2hps.ico [3774]
O44 - LFC:[MD5.4DB832701EA2D47F325ED11F012F7338] - 15/05/2013 - 08:20:37 RSHAD . (...) -- C:\Windows\System32\bltinmic.ico [3774]
O44 - LFC:[MD5.E02E99CFA701FC38161FDCA3EB809581] - 15/05/2013 - 08:20:37 RSHAD . (...) -- C:\Windows\System32\nbspkrs.ico [15222]
O44 - LFC:[MD5.60CF1A914AB3FACF28863CA728C3C090] - 15/05/2013 - 07:32:34 RSHAD . (.G Data Software - G Data Phyiscal Memory.) -- C:\Windows\System32\Drivers\GdPhyMem.sys [16944]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/05/2013 - 14:37:06 ---A- . (...) -- C:\Windows\ativpsrm.bin [0]
~ Files: 1863 Legitimates Filtered in 00mn 52s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.88A5F084D9FCC0115503F07BFCF2EDED] - 14/05/2013 - 16:54:20 ---A- - C:\Windows\Prefetch\HSSINSTALLER64.EXE-DA6D788D.pf
O45 - LFCP:[MD5.1DA149E5435054ADF7678CDAD9EF8EF5] - 14/05/2013 - 16:54:29 ---A- - C:\Windows\Prefetch\HOTSPOT-SHIELD_2.90_FR_57194.-D44CDC75.pf
O45 - LFCP:[MD5.DB361B889CE3BBBA16BE5F5A17F62EC7] - 14/05/2013 - 16:55:09 ---A- - C:\Windows\Prefetch\HSSPK.EXE-5ADE35DC.pf
O45 - LFCP:[MD5.CDE2CE18BCFE41F019BA9813A760E5CA] - 14/05/2013 - 16:55:40 ---A- - C:\Windows\Prefetch\SDPS.EXE-040CD172.pf
O45 - LFCP:[MD5.988839F6B1DD3CD4558628E8500A137D] - 14/05/2013 - 16:58:05 ---A- - C:\Windows\Prefetch\HSS-UPDATE.UPD-F466B337.pf
O45 - LFCP:[MD5.D6239BD26C1DAC6298885E17179A5479] - 14/05/2013 - 16:58:06 ---A- - C:\Windows\Prefetch\HSSINSTALLER64.EXE-4C80642A.pf
O45 - LFCP:[MD5.A5D00440CAA8F1F0EA1EEC1A2FB8157D] - 14/05/2013 - 16:58:07 ---A- - C:\Windows\Prefetch\CERTUTIL.EXE-4AEA2570.pf
O45 - LFCP:[MD5.8F49FE310A382490EBDBA06E05254392] - 14/05/2013 - 16:58:17 ---A- - C:\Windows\Prefetch\HSSINSTALLER.EXE-92FCA7C8.pf
O45 - LFCP:[MD5.920402BBC2321D3CD1727CF95316BCE9] - 14/05/2013 - 16:58:17 ---A- - C:\Windows\Prefetch\HSSPK.EXE-2C5F8901.pf
O45 - LFCP:[MD5.15531458146A62D8834684DC51C514C2] - 14/05/2013 - 16:58:43 ---A- - C:\Windows\Prefetch\HSSINSTALLER64.EXE-716DB820.pf
O45 - LFCP:[MD5.DE8014ABED65DAECD2FE8C11E7D593C4] - 14/05/2013 - 17:01:57 ---A- - C:\Windows\Prefetch\MSSEFULLINSTALL-X86-FR-VISTA.-23B960F8.pf
O45 - LFCP:[MD5.A617F7E3203E2D6BADC00DD91141C251] - 14/05/2013 - 17:04:40 ---A- - C:\Windows\Prefetch\MICROSOFT-SECURITY-ESSENTIALS-DEC4C450.pf
O45 - LFCP:[MD5.5445D0706F3129872D0E33E409A2ACB3] - 14/05/2013 - 17:12:11 ---A- - C:\Windows\Prefetch\AM_ENGINE.EXE-69ACF71F.pf
O45 - LFCP:[MD5.51F552404B20E4A05744EC8056381308] - 14/05/2013 - 17:12:13 ---A- - C:\Windows\Prefetch\AM_BASE.EXE-808FC880.pf
O45 - LFCP:[MD5.C6AC6AC2A2A2ECACA10012ED266B33FF] - 14/05/2013 - 17:15:30 ---A- - C:\Windows\Prefetch\NIS_BASE.EXE-0D026D8C.pf
O45 - LFCP:[MD5.212449D224B371C01255335FBD65FB6A] - 14/05/2013 - 17:15:30 ---A- - C:\Windows\Prefetch\NIS_ENGINE.EXE-C0E9776B.pf
O45 - LFCP:[MD5.64C9160DDC58D65BD03D6BB74065E490] - 22/05/2013 - 07:16:14 ---A- - C:\Windows\Prefetch\HSSINSTALLER.EXE-05420A5B.pf
O45 - LFCP:[MD5.481627E47BF6455E4053420187F488D2] - 24/05/2013 - 16:59:55 ---A- - C:\Windows\Prefetch\HSSINSTALLER.EXE-9AA090E0.pf
~ Prefetcher: 144 Legitimates Filtered in 00mn 01s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.5C368F4B04ED2A923E6AFCA2D37BAFF5] - 13/05/2011 - 17:57:58 ---A- . (.Hewlett-Packard Company - HP Accelerometer.) -- C:\Windows\System32\Drivers\Accelerometer.sys [43320]
O58 - SDL:[MD5.0FFE35F0B0CD5A324BBE22F02569AE3B] - 29/12/2012 - 21:59:38 ---A- . (.Almico Software - SpeedFan x64 Driver.) -- C:\Windows\SysWOW64\speedfan.sys [28664]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 22/05/2013 - 07:25:48 ---A- C:\Users\Ordi\Downloads\mbam-setup-1.75.0.1300.exe [10285040]
O61 - LFC: 22/05/2013 - 17:24:53 ---A- C:\Users\Ordi\Downloads\avast_free_antivirus_setup.exe [117478104]
O61 - LFC: 22/05/2013 - 19:50:25 ---A- C:\Users\Ordi\Downloads\RogueKiller.exe [816128]
O61 - LFC: 22/05/2013 - 21:39:49 ---A- C:\Users\Ordi\AppData\Roaming\Microsoft\IdentityCRL\production\MetaConfig.xml [163]
O61 - LFC: 23/05/2013 - 06:45:10 ---A- C:\Users\Ordi\Documents\ZHPDiag.Txt [40689]
O61 - LFC: 23/05/2013 - 06:52:43 ---A- C:\Users\Ordi\Downloads\cispremium_installer.exe [151247144]
O61 - LFC: 23/05/2013 - 07:08:48 ---A- C:\Users\Ordi\Links\Espace Partagé.lnk [593]
O61 - LFC: 23/05/2013 - 09:37:07 ---A- C:\Users\Ordi\Downloads\ZHPDiag2-2013.5.19.135.exe [5660735]
O61 - LFC: 23/05/2013 - 12:47:00 ---A- C:\Users\Ordi\Downloads\ZHPDiag2-2013.5.19.135 (1).exe [5660735]
O61 - LFC: 23/05/2013 - 13:50:59 ---A- C:\Users\Ordi\Downloads\setup.exe [382511]
O61 - LFC: 23/05/2013 - 13:59:32 ---A- C:\Users\Ordi\Downloads\CamStudio_2.7_r316_setup.exe [3099532]
O61 - LFC: 23/05/2013 - 14:02:39 ---A- C:\Users\Ordi\Downloads\camstudio_camstudio_2.7_r316_francais_10618.exe [1167576]
O61 - LFC: 23/05/2013 - 14:12:36 ---A- C:\Users\Ordi\AppData\Roaming\CamStudio.cfg [4523]
O61 - LFC: 23/05/2013 - 21:31:46 ---A- C:\Users\Ordi\Downloads\wlsetup-web.exe [1244160]
O61 - LFC: 24/05/2013 - 17:33:19 ---A- C:\Users\Ordi\Downloads\setup (1).exe [382511]
O61 - LFC: 25/05/2013 - 16:59:45 ---A- C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [270335]
O61 - LFC: 25/05/2013 - 17:23:00 ---A- C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Local State [32270]
~ 65 Fichiers temporaires (Temporary files)
~ Files: 417 Legitimates Filtered in 00mn 15s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (GDPkIcpt) .(...) - LEGACY_GDPKICPT
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 01/11/2010 - C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (WinRing0_1_2_0) .(.OpenLibSys.org - WinRing0.) - LEGACY_WINRING0_1_2_0
~ Legacy: 133 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} - (Yahoo! Search) - https://fr.search.yahoo.com/
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.9DF294FBC3740CB8B5684012C27E2E52] [SPRF][19/05/2013] (.IObit - Advanced SystemCare 6.) -- C:\Users\Ordi\AppData\Local\Temp\ASCSetup.exe [21436320]
[MD5.E168EC22B165BC274211C5E4C9A49CA7] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\BackupSetup.exe [10304672]
[MD5.5AA3E89A59E3D556B5F9B6D8D8EE3A82] [SPRF][14/05/2013] (.Somoto Ltd. - Better Installer Cleaner.) -- C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe [42080] =>Adware.MegaSearch
[MD5.299BC5EAE63B02E8E29498118B374A1E] [SPRF][25/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\chart_data.dat [20562]
[MD5.C2073DB580FA7B11ECBE0D20321EC7F7] [SPRF][22/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\dump.dat [1757184]
[MD5.735C5AB0106E929C5616B49954FFF0EE] [SPRF][25/05/2013] (.Pas de propriétaire - Lyrics Fan.) -- C:\Users\Ordi\AppData\Local\Temp\flcsup.exe [280921]
[MD5.D7270C0373D3441A3D6F56F11B6C55DA] [SPRF][18/05/2013] (.Ellora Assets Corporation - Freemake Music Box Setup.) -- C:\Users\Ordi\AppData\Local\Temp\FreemakeMusicBox_0.9.8.4.exe [15217368]
[MD5.BEB65ACF46295DC4F4C4EDF767622285] [SPRF][18/05/2013] (.Ellora Assets Corporation - Freemake Video Downloader Setup.) -- C:\Users\Ordi\AppData\Local\Temp\FreemakeVideoDownloader_3.5.1.0.exe [12359160]
[MD5.7540E62EDCBFF8CE49FD2CA0944E6E70] [SPRF][15/05/2013] (.G Data Software AG - G Data WFP Callout Driver (6.0).) -- C:\Users\Ordi\AppData\Local\Temp\gdwfpcd32.sys [54104]
[MD5.98726383785FAC5730AB596294B0F655] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\GenericUninstall.exe [977]
[MD5.CDA4A59C966DA563EC9A33C79B59D089] [SPRF][14/05/2013] (.SweetPacks - Updater By SweetPacks Setup.) -- C:\Users\Ordi\AppData\Local\Temp\hsbing_717_active.exe [1312040] =>PUP.SweetIM
[MD5.8A4AF3B0695F29186AD02E2FD766FA3B] [SPRF][14/05/2013] (.SweetIM Technologies Ltd. - SQLite DLL.) -- C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll [393016] =>PUP.SweetIM
[MD5.E6F1F7C1242C4D2664920EF440973116] [SPRF][14/05/2013] (.Somoto Ltd. - Online Weather.) -- C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe [301576] =>Adware.MegaSearch
[MD5.7E7EB7AFF595774E5E500B34058CC1A7] [SPRF][20/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\sfamcc00001.dll [192512]
[MD5.F0E142B1EF4006222863D4E4A0B952B7] [SPRF][16/12/2012] (...) -- C:\Users\Ordi\AppData\Local\Temp\sfextra.dll [55296]
[MD5.83BAA5EAE50A2BA8DF9AA723F294E43E] [SPRF][15/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\TrialData.dat [68]
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Ordi\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[MD5.98726383785FAC5730AB596294B0F655] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\uninstaller.exe [977]
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][14/05/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] =>Adware.MegaSearch
[MD5.40395C175553CB14D2050888EFCCDF00] [SPRF][14/05/2013] (.Microsoft Corporation - Microsoft Visual C++ 2008 Redistributable Setup.) -- C:\Users\Ordi\AppData\Local\Temp\vcredist_x64.exe [4961800]
[MD5.98726383785FAC5730AB596294B0F655] [SPRF][14/05/2013] (...) -- C:\Users\Ordi\AppData\Local\Temp\WSSetup.exe [977]
[MD5.062FD9AE3C206965AB482208E7FD4545] [SPRF][18/05/2013] (...) -- C:\Users\Ordi\AppData\Roaming\Ordilog.dat [7659]
[MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][24/05/2013] (...) -- C:\Users\Ordi\Desktop\AdwCleaner-2.301.exe [632031]
~ Files: Scanned in 00mn 08s
---\\ Scan Additionnel (O88)
Database Version : v2.12360 - (24/05/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 16
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Users\Ordi\AppData\Local\Temp\1368554996_1396723_9_4.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368554997_1396879_757_6.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368555004_1403759_460_8.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch
~ Additionnel Scan: 123972 Items scanned in 00mn 41s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 18/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 02/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
SR - | Auto 18/08/2009 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 14/05/2013 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SS - | Auto 14/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 14/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 13/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe
SS - | Demand 11/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 23/03/2010 247808 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Ordi at 25/05/2013 18:24:36
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 3275 Legitimates filtered by white list
End of the scan (504 lines in 03mn 09s)(0)
Hello
On va utiliser zhpfix
Désactives avast le temps du nettoyage cliques droit sur la boule orange>gestion des agents>désactiver pour 10 minutes
Copies uniquement les lignes indiquées en gras ci-dessous dans le presse papier
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
G2 - GCE: Preference [User Data\Default] [jmhhdaimhfblnamlcdijbaakkifakade] FindLyrics v.1.111 (Désactivé) =>Adware.AddLyrics
O2 - BHO: Lyrics Fan [64Bits] - {A8720491-9558-4C0D-9E35-30EED15DFB2B} . (.FAN Software - Lyrics Fan.) -- C:\Program Files (x86)\LyricsFan\lrcfan.dll
O4 - HKLM\..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] C:\Users\Ordi\AppData\Local\Temp\cisB87.exe (.not file.)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Lyrics Fan Update.job [392]
[MD5.763643CE7E9C5C65405196C0AD279DFB] [APT] [Lyrics Fan Update] (.FAN Software.) -- C:\Program Files (x86)\LyricsFan\LyricsFanUpdater.exe [118272]
[MD5.00000000000000000000000000000000] [APT] [{63087797-E608-4E7B-A470-D5E60080225E}] (...) -- C:\Users\Ordi\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (.not file.) [0]
O42 - Logiciel: Lyrics Fan - (.FAN Software.) [HKLM][64Bits] -- lrcfan@fansoft.br
[HKCU\Software\AppDataLow\Software\LyricsFan]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Updater By SweetPacks] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Updater By SweetPacks] =>PUP.SweetIM
O43 - CFD: 25/05/2013 - 17:53:46 - [0] ----D C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
O43 - CFD: 14/05/2013 - 19:05:01 - [0,249] ----D C:\Users\Ordi\AppData\Local\WebPlayer
[MD5.9DF294FBC3740CB8B5684012C27E2E52] [SPRF][19/05/2013] (.IObit - Advanced SystemCare 6.) -- C:\Users\Ordi\AppData\Local\Temp\ASCSetup.exe [21436320]
[MD5.5AA3E89A59E3D556B5F9B6D8D8EE3A82] [SPRF][14/05/2013] (.Somoto Ltd. - Better Installer Cleaner.) -- C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe [42080] =>Adware.MegaSearch
[MD5.7540E62EDCBFF8CE49FD2CA0944E6E70] [SPRF][15/05/2013] (.G Data Software AG - G Data WFP Callout Driver (6.0).) -- C:\Users\Ordi\AppData\Local\Temp\gdwfpcd32.sys [54104]
[MD5.CDA4A59C966DA563EC9A33C79B59D089] [SPRF][14/05/2013] (.SweetPacks - Updater By SweetPacks Setup.) -- C:\Users\Ordi\AppData\Local\Temp\hsbing_717_active.exe [1312040] =>PUP.SweetIM
[MD5.8A4AF3B0695F29186AD02E2FD766FA3B] [SPRF][14/05/2013] (.SweetIM Technologies Ltd. - SQLite DLL.) -- C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll [393016] =>PUP.SweetIM
[MD5.E6F1F7C1242C4D2664920EF440973116] [SPRF][14/05/2013] (.Somoto Ltd. - Online Weather.) -- C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe [301576] =>Adware.MegaSearch
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][14/05/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] =>Adware.MegaSearch
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Ordi\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Users\Ordi\AppData\Local\Temp\1368554996_1396723_9_4.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368554997_1396879_757_6.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368555004_1403759_460_8.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch
Sysrestore
EmptyTemp
Emptyflash
EmptyCLSID
FirewallRaz
Proxyfix
Lance ZHPFix (icône seringue)en tant qu'administrateur puis clique sur OK pour continuer.
Tu dois voir les lignes ci-dessus dans le cadre blanc de ZHPFix, vérifie bien que ce sont ces lignes.
Clique sur le bouton GO pour lancer le nettoyage, et laisse l'outil travailler.
Redémarre le PC et poste le rapport C:\ZHP\ZHPFixReport.txt
Pour t'aider regarde cette capture
http://www.hostingpics.net/viewer.php?id=328971Sanstitre4.png
On va utiliser zhpfix
Désactives avast le temps du nettoyage cliques droit sur la boule orange>gestion des agents>désactiver pour 10 minutes
Copies uniquement les lignes indiquées en gras ci-dessous dans le presse papier
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
G2 - GCE: Preference [User Data\Default] [jmhhdaimhfblnamlcdijbaakkifakade] FindLyrics v.1.111 (Désactivé) =>Adware.AddLyrics
O2 - BHO: Lyrics Fan [64Bits] - {A8720491-9558-4C0D-9E35-30EED15DFB2B} . (.FAN Software - Lyrics Fan.) -- C:\Program Files (x86)\LyricsFan\lrcfan.dll
O4 - HKLM\..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] C:\Users\Ordi\AppData\Local\Temp\cisB87.exe (.not file.)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Lyrics Fan Update.job [392]
[MD5.763643CE7E9C5C65405196C0AD279DFB] [APT] [Lyrics Fan Update] (.FAN Software.) -- C:\Program Files (x86)\LyricsFan\LyricsFanUpdater.exe [118272]
[MD5.00000000000000000000000000000000] [APT] [{63087797-E608-4E7B-A470-D5E60080225E}] (...) -- C:\Users\Ordi\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (.not file.) [0]
O42 - Logiciel: Lyrics Fan - (.FAN Software.) [HKLM][64Bits] -- lrcfan@fansoft.br
[HKCU\Software\AppDataLow\Software\LyricsFan]
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Updater By SweetPacks] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\Updater By SweetPacks] =>PUP.SweetIM
O43 - CFD: 25/05/2013 - 17:53:46 - [0] ----D C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
O43 - CFD: 14/05/2013 - 19:05:01 - [0,249] ----D C:\Users\Ordi\AppData\Local\WebPlayer
[MD5.9DF294FBC3740CB8B5684012C27E2E52] [SPRF][19/05/2013] (.IObit - Advanced SystemCare 6.) -- C:\Users\Ordi\AppData\Local\Temp\ASCSetup.exe [21436320]
[MD5.5AA3E89A59E3D556B5F9B6D8D8EE3A82] [SPRF][14/05/2013] (.Somoto Ltd. - Better Installer Cleaner.) -- C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe [42080] =>Adware.MegaSearch
[MD5.7540E62EDCBFF8CE49FD2CA0944E6E70] [SPRF][15/05/2013] (.G Data Software AG - G Data WFP Callout Driver (6.0).) -- C:\Users\Ordi\AppData\Local\Temp\gdwfpcd32.sys [54104]
[MD5.CDA4A59C966DA563EC9A33C79B59D089] [SPRF][14/05/2013] (.SweetPacks - Updater By SweetPacks Setup.) -- C:\Users\Ordi\AppData\Local\Temp\hsbing_717_active.exe [1312040] =>PUP.SweetIM
[MD5.8A4AF3B0695F29186AD02E2FD766FA3B] [SPRF][14/05/2013] (.SweetIM Technologies Ltd. - SQLite DLL.) -- C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll [393016] =>PUP.SweetIM
[MD5.E6F1F7C1242C4D2664920EF440973116] [SPRF][14/05/2013] (.Somoto Ltd. - Online Weather.) -- C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe [301576] =>Adware.MegaSearch
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][14/05/2013] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe [295440] =>Adware.MegaSearch
[MD5.C44D9888D0FF4F39AF4584EC3778AA58] [SPRF][13/05/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Ordi\AppData\Local\Temp\uninst1.exe [395248] =>Toolbar.Babylon
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}] =>Adware.AddLyrics
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E8EB35-FF77-455D-B677-91E5E4FC06C2}] =>Toolbar.Freemake
C:\Program Files (x86)\FindLyrics =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmhhdaimhfblnamlcdijbaakkifakade =>Adware.AddLyrics
C:\Users\Ordi\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon
C:\Users\Ordi\AppData\Local\Temp\1368554996_1396723_9_4.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368554997_1396879_757_6.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\1368555004_1403759_460_8.tmp =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\bi_cleaner.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\mgsqlite3.dll =>PUP.SweetIM
C:\Users\Ordi\AppData\Local\Temp\OnlineWeatherSetup.exe =>Adware.MegaSearch
C:\Users\Ordi\AppData\Local\Temp\UpdateCheckerSetup.exe =>Adware.MegaSearch
Sysrestore
EmptyTemp
Emptyflash
EmptyCLSID
FirewallRaz
Proxyfix
Lance ZHPFix (icône seringue)en tant qu'administrateur puis clique sur OK pour continuer.
Tu dois voir les lignes ci-dessus dans le cadre blanc de ZHPFix, vérifie bien que ce sont ces lignes.
Clique sur le bouton GO pour lancer le nettoyage, et laisse l'outil travailler.
Redémarre le PC et poste le rapport C:\ZHP\ZHPFixReport.txt
Pour t'aider regarde cette capture
http://www.hostingpics.net/viewer.php?id=328971Sanstitre4.png
