Win Explorer cesse de foncionner
Túrhop
Messages postés
4
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonsoir à tous. J'ai un asus eeepc 1101ha, 2gb de ram, win 7 32 bits.
J'ai un problème avec Win explorer. Si je tente de copier des fichiers depuis une clé usb,
Win Explorer s'arrête de fonctionner et redémarre 30 à 40 secondes.
Je suis allé dans les propriétés et les propriétés du système du pc afin d'exclure Explorer pour le redémarrage mais rien ni fait.
Je vous remercie d'avance pour toute aide que vous pourriez m'octroyer.
J'ai un problème avec Win explorer. Si je tente de copier des fichiers depuis une clé usb,
Win Explorer s'arrête de fonctionner et redémarre 30 à 40 secondes.
Je suis allé dans les propriétés et les propriétés du système du pc afin d'exclure Explorer pour le redémarrage mais rien ni fait.
Je vous remercie d'avance pour toute aide que vous pourriez m'octroyer.
A voir également:
- Win Explorer cesse de foncionner
- Explorer patcher - Télécharger - Personnalisation
- Win rar - Télécharger - Compression & Décompression
- Internet explorer 11 - Télécharger - Navigateurs
- Process explorer - Télécharger - Informations & Diagnostic
- Internet explorer 8 - Télécharger - Navigateurs
7 réponses
Bonsoir
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé,
Double-clique sur l'icône pour lancer le programme. Sous Vista ; Seven ou Windows 8 clic droit « exécuter en tant que administrateur »
Dans la fenêtre ZHPDiag qui vient de s'ouvrir, clique sur "Configurer"
Clique sur la loupe en bas à gauche avec le signe plus pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Un rapport s'ouvre. Ce rapport se trouve également sur ton bureau
Pour transmettre le rapport clique sur ce lien:
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Regarde sur le bureau
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé,
Double-clique sur l'icône pour lancer le programme. Sous Vista ; Seven ou Windows 8 clic droit « exécuter en tant que administrateur »
Dans la fenêtre ZHPDiag qui vient de s'ouvrir, clique sur "Configurer"
Clique sur la loupe en bas à gauche avec le signe plus pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Un rapport s'ouvre. Ce rapport se trouve également sur ton bureau
Pour transmettre le rapport clique sur ce lien:
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Regarde sur le bureau
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
Bonjour es merci pour ton aide. Je t'envois le liens pour le rapport.
https://pjjoint.malekal.com/files.php?id=20140122_k12q10r13t10x11
Je te copie aussi ds ce message le rapport.... je ne sais pas bien si je fais bien...
On ce rattrape. Turop
~ Report of ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Launched by Yhouè (21/01/2014 20:45:45)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.76 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
avast! Internet Security v9.0.2011
Malwarebytes Anti-Malware versión 1.75.0.1300
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 12 ActiveX
---\\ Information on the system
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 116 GB (77%) free of 149 GB
---\\ Connection to the system mode
~ Computer Name: YHOUÈ-PC
~ User Name: Yhouè
~ All Users Names: Yhouè, Invitado, HomeGroupUser$, Administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Yhouè\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Yhouè\AppData\Roaming\
~ %Desktop% : C:\Users\Yhouè\Desktop\
~ %Favorites% : C:\Users\Yhouè\Favorites\
~ %LocalAppData% : C:\Users\Yhouè\AppData\Local\
~ %StartMenu% : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 116 Go of 149 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorador de Windows.) (.24/02/2011 - 23:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicación de inicio de Windows.) (.13/07/2009 - 19:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensiones de Internet para Win32.) (.26/11/2013 - 0:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicación de inicio de sesión de Windows.) (.20/11/2010 - 6:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de licencias de software.) (.20/11/2010 - 6:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 18:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 19:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 17:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 2:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 2:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 3:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Controlador de puerto de i8042.) (.13/07/2009 - 17:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 17:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 20:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 2:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Controlador del sistema de archivos NTFS.) (.12/04/2013 - 7:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Controlador de puerto paralelo.) (.13/07/2009 - 17:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 17:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 17:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 2:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Controlador de instantánea de volumen.) (.20/11/2010 - 6:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/28
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.17C1F00C2FF5EB421202AABE4F504DA9] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [137752] [PID.456]
[MD5.95BF86349F025960293FC7B5082D7535] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [354840] [PID.428]
[MD5.2E86071D074339BE1386DC7DB032557B] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664] [PID.1184]
[MD5.D523A9BB4D1C1DEF96A3555AE472BFF1] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.1928]
[MD5.93190A2F166DB15FF8A9D7C260F2806F] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032] [PID.2020]
[MD5.4D2987AFADD5A32417BD744C34ADF9FF] - (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240] [PID.108]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.956]
[MD5.9FAF1377619583B191BD08287F03737E] - (.ultracopier.first-world.info - Ultracopier under GPL3.) -- C:\Program Files\Ultracopier\ultracopier.exe [204288] [PID.2076]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2540]
[MD5.52EA6C0C8A124BFB1065482392C8E1F5] - (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648] [PID.340]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3184]
[MD5.C8A8321292A459B0A17FB39A782A5C74] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [806096] [PID.1452]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.4332]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1332]
[MD5.1247D6B0F35AA93774CFBFD73203D857] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [113704] [PID.1464]
[MD5.C4FB2613D3C75364BB159B9C23A00E7A] - (...) -- C:\Windows\System32\AsusService.exe [219136] [PID.2292]
[MD5.6CB874AA6E4D0F91811EDA2AA272A685] - (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [752056] [PID.2388]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2396]
[MD5.710AB764FEAC87B4EB4BE3A6A5480BD0] - (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328] [PID.2404]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2444]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Servicio de plataforma de protección de sof.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2772]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://ww7.nationzoom.com =>Hijacker.NationZoom
G2 - GCE: Preference [User Data\Default] [chgdeabpmphfhkoemjjglmilajldekbp] Wondershare Video Converter Ultimate v.6.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 03s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} . (.Wondershare Software Co., Ltd. - Wondershare Video Converter Ultimate Plugin.) -- C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
~ BHO: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: E-Cam.lnk . (.AzureWave - E-CAM MFC Application.) -- C:\Program Files\E-Cam\E-CAM.exe
O4 - GS\Desktop [Public]: Wondershare Video Converter Ultimate.lnk . (.Wondershare Software - Wondershare Video Converter.) -- C:\Program Files\Wondershare\Video Converter Ultimate\WSVCUSplash.exe
O4 - GS\QuickLaunch [Yhouè]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [Yhouè]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [Yhouè]: Wondershare Video Converter Ultimate.lnk . (.Wondershare Software - Wondershare Video Converter Ultimate.) -- C:\Program Files\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe
O4 - GS\TaskBar [Yhouè]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [Yhouè]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [Yhouè]: Wondershare Video Converter Ultimate.lnk . (.Wondershare Software - Wondershare Video Converter Ultimate.) -- C:\Program Files\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe
O4 - GS\Program [Yhouè]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [Yhouè]: Lollipop.lnk . (...) -- C:\Users\Yhouè\AppData\Local\Lollipop\Lollipop.exe (.not file.) =>Adware.Lollipop
O4 - GS\SystemTools [Yhouè]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\SendTo [Yhouè]: Transferencia de archivos Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [Yhouè]: Continue Software Setup.lnk . (...) -- C:\Users\Yhouè\AppData\Local\Temp\DownloadManager.exe (.not file.)
~ Global Startup: 59 Legitimates Filtered in 00mn 02s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Yhouè]: lollipop.lnk . (...) -- C:\Users\Yhouè\AppData\Local\Lollipop\Lollipop.exe (.not file.) =>Adware.Lollipop
O4 - HKLM\..\Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [HotKeyMon] . (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxExt] . (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\IgfxExt.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynAsusAcpi] . (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] . (...) -- C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\RunOnce: [20131224] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\f20b7fb0-9a45-4828-a568-fe522bca67f8.exe
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Ultracopier under GPL3.) -- C:\Program Files\Ultracopier\ultracopier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2533852307-1158591561-3514118382-1001\..\Run: [ultracopier] . (.ultracopier.first-world.info - Ultracopier under GPL3.) -- C:\Program Files\Ultracopier\ultracopier.exe
~ Application: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0515FC97-D06B-4C43-822C-57AAAB3BB396}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1114F116-A0C3-4122-882B-F373BC150C14}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0515FC97-D06B-4C43-822C-57AAAB3BB396}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1114F116-A0C3-4122-882B-F373BC150C14}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0515FC97-D06B-4C43-822C-57AAAB3BB396}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1114F116-A0C3-4122-882B-F373BC150C14}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.9.242 10.3.1.100
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visor HTML de Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Asus Launcher Service (AsusService) . (...) - C:\Windows\System32\AsusService.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: 6 Legitimates Filtered in 00mn 41s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppWork]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\DefaultTab] =>Adware.Bandoo
[HKCU\Software\WSVCUPlugin]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\DefaultTab] =>Adware.Bandoo
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 110 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 16/01/2014 - 20:50:24 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/01/2014 - 20:50:24 - [0] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 20/01/2014 - 17:31:37 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 20/01/2014 - 17:31:37 - [0] ----D C:\Users\Yhouè\AppData\Roaming\DefaultTab =>Adware.Bandoo
O43 - CFD: 20/01/2014 - 13:04:15 - [0] ----D C:\Users\Yhouè\AppData\Roaming\Desk 365 =>Hijacker.22Find
O43 - CFD: 20/01/2014 - 15:31:44 - [0] ----D C:\Users\Yhouè\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 16/01/2014 - 12:08:44 - [0] -SH-D C:\Users\Yhouè\AppData\Local\Archivos temporales de Internet
O43 - CFD: 20/01/2014 - 10:20:00 - [1,224] ----D C:\Users\Yhouè\AppData\Local\genienext
~ Program Folder: 95 Legitimates Filtered in 00mn 17s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C71C33A290769C671353732F77B83C23] - 16/01/2014 - 11:58:08 ---A- . (...) -- C:\Windows\DtcInstall.log [1774]
O44 - LFC:[MD5.11CDEEC350BD99A9DAC5C5AF5883818A] - 16/01/2014 - 12:01:39 ---A- . (...) -- C:\Windows\TSSysprep.log [1313]
O44 - LFC:[MD5.38489F463AB7FF6BFA1E0A68CDF5D636] - 16/01/2014 - 19:27:41 ---A- . (...) -- C:\Windows\AsAcpiSvrLang.ini [21864]
O44 - LFC:[MD5.C4FB2613D3C75364BB159B9C23A00E7A] - 16/01/2014 - 19:27:41 ---A- . (...) -- C:\Windows\System32\AsusService.exe [219136]
O44 - LFC:[MD5.E67493490466B5F04B58C22D2590E8CA] - 16/01/2014 - 19:29:32 ---A- . (...) -- C:\Windows\System32\Drivers\AsUpIO.sys [11448]
O44 - LFC:[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - 16/01/2014 - 19:33:54 ---A- . (...) -- C:\Windows\Language_trs.ini [1769]
O44 - LFC:[MD5.6B8221036573494A9234B91B9D7B3F7B] - 16/01/2014 - 19:34:32 ---A- . (...) -- C:\Windows\System32\lpgun.ini [13020]
O44 - LFC:[MD5.DAD43771BA3FD8CE25A412FFF53206E8] - 16/01/2014 - 19:49:20 ---A- . (...) -- C:\Windows\DPINST.LOG [4818]
O44 - LFC:[MD5.053F63B767B355F36C37BE9597937AED] - 16/01/2014 - 19:51:56 ---A- . (...) -- C:\Windows\System32\Drivers\SamSfPa.dat [4692]
O44 - LFC:[MD5.9AE4E8FD213A92CBB58FDF968D988404] - 16/01/2014 - 20:05:27 ---A- . (...) -- C:\Windows\System32\athrext.cat [49563]
O44 - LFC:[MD5.FBF20603EE0C48AA1A58E448E6928FFD] - 16/01/2014 - 20:05:27 ---A- . (...) -- C:\Windows\System32\netathr.inf [293373]
O44 - LFC:[MD5.03783D0840B2C54D7665248425C74417] - 17/01/2014 - 18:20:27 ---A- . (...) -- C:\Windows\System32\dosx.exe [53600]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 17/01/2014 - 18:20:37 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - 17/01/2014 - 18:20:47 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [146852]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 17/01/2014 - 18:20:53 ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.4B223CC51C91B7159B3AD6F66EC85399] - 18/01/2014 - 12:07:14 ---A- . (...) -- C:\Windows\IE9_main.log [9056]
O44 - LFC:[MD5.1A84414B5E7AB90F929083C2CE8E235F] - 18/01/2014 - 16:40:46 ---A- . (...) -- C:\Windows\IE10_main.log [11812]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 18/01/2014 - 19:59:31 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.0201AAC4157E376B2884E485874CA251] - 18/01/2014 - 20:07:51 ---A- . (...) -- C:\Windows\IE11_main.log [18314]
O44 - LFC:[MD5.81674239BC81FB7DBEE85B8A35F5C863] - 20/01/2014 - 13:01:45 ---A- . (...) -- C:\Windows\System32\_WSCM32.dll [214528]
O44 - LFC:[MD5.5F5FFD142DE69616EE8610811182D075] - 20/01/2014 - 13:01:45 ---A- . (...) -- C:\Windows\System32\_WSCM64.dll [721263]
O44 - LFC:[MD5.6310E7A993CE5958FA20179DDADDA1C5] - 20/01/2014 - 18:03:51 --HA- . (...) -- C:\1101HA.ROM [1048576]
O44 - LFC:[MD5.81674239BC81FB7DBEE85B8A35F5C863] - 20/01/2014 - 18:51:51 ---A- . (...) -- C:\Windows\System32\WSCM32.dll [214528]
O44 - LFC:[MD5.5F5FFD142DE69616EE8610811182D075] - 20/01/2014 - 18:51:51 ---A- . (...) -- C:\Windows\System32\WSCM64.dll [721263]
~ Files: 1091 Legitimates Filtered in 00mn 51s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.F72D37E369CEBE7C887970927C771510] - 21/01/2014 - 20:36:44 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
~ Prefetcher: 81 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.E67493490466B5F04B58C22D2590E8CA] - 06/07/2009 - 3:48:02 ---A- . (...) -- C:\Windows\System32\Drivers\AsUpIO.sys [11448]
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 16/01/2014 - 20:26:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 16/01/2014 - 20:26:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 19:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 16:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 19:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 15:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 15:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 15:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 15:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 15:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 15:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 15:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 15:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 15:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 15:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 15:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 15:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 15:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 15:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 15:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 00mn 04s
---\\ Last modified or created user files (O61)
O61 - LFC: 18/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Links\Desktop.lnk [483]
O61 - LFC: 18/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Links\Downloads.lnk [894]
O61 - LFC: 18/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Links\RecentPlaces.lnk [383]
O61 - LFC: 19/01/2014 - 20:48:57 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdm.dll [6940304]
O61 - LFC: 19/01/2014 - 20:48:57 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.fingerprint [66]
O61 - LFC: 19/01/2014 - 20:48:57 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.json [845]
O61 - LFC: 20/01/2014 - 20:48:49 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273221]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Downloads\1101HA-ASUS-0323.zip [441780]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Downloads\574rk.7r3k.72Op.by.The.Lucho.part1.rar [681574400]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Downloads\574rk.7r3k.72Op.by.The.Lucho.part2.rar [579585096]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\daemonprocess.txt [1039]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (.AppWork GmbH.) -- C:\Users\Yhouè\Downloads\WebInstallerJD2.exe [77976]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (.Free Time.) -- C:\Users\Yhouè\Downloads\FFSetup3.2.1.0.exe [61746892]
O61 - LFC: 20/01/2014 - 20:52:24 RSHA- . (...) -- C:\Users\Yhouè\ntuser.pol [282]
O61 - LFC: 21/01/2014 - 20:48:49 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 21/01/2014 - 20:48:56 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Local State [54336]
O61 - LFC: 21/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\AppData\Roaming\ZHP\Log.txt [16068] =>.Nicolas Coolman
O61 - LFC: 21/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\AppData\Roaming\ZHP\TestsZHPDiag.txt [2836] =>.Nicolas Coolman
O61 - LFC: 21/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Documents\Flims\s74r.7r3k.1n70.d4rkn355.hd.72Op.by.The.Lucho(1).mp4 [2608022976]
~ 128 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6554 Legitimates Filtered in 03mn 35s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://ww7.nationzoom.com =>Hijacker.NationZoom
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {4F8F19D4-3AC5-461F-9651-500BC5ADF0AA} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.DC167DDDAF5C1A457D5A4FEBF94F67BC] [SPRF][20/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\1_Offer_3.exe [19207976]
[MD5.B5B2829B37336BB266B179700398B421] [SPRF][13/09/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Yhouè\AppData\Local\Temp\AskPIP_FF_.exe [1021872]
[MD5.4EDE0214A9AD5EE2B6E60D7E9CE786B2] [SPRF][20/01/2014] (.Skytech Co., Ltd. - Skytech.) -- C:\Users\Yhouè\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe [564888] =>Hijacker.NationZoom
[MD5.22736CB1C85CD187A2419F0E55DEBBF7] [SPRF][20/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\proxy_vole917517203174721683.dll [43520]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.18F801F7C60935D77B24E601F124986B] [SPRF][16/01/2014] (.Baidu Inc. - Baidu PC Faster MiniSetup.) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD6CF.exe [1484832] =>Adware.BDSearch
[MD5.535402C574026FDA1C8638794CC117B8] [SPRF][16/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD6E1.exe [19207976]
[MD5.18F801F7C60935D77B24E601F124986B] [SPRF][20/01/2014] (.Baidu Inc. - Baidu PC Faster MiniSetup.) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD86B.exe [1484832] =>Adware.BDSearch
[MD5.535402C574026FDA1C8638794CC117B8] [SPRF][20/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD87D.exe [19207976]
~ Files: 10 Legitimates Filtered in 00mn 02s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 18/08/2009 219136 | (AsusService) . (...) - C:\Windows\System32\AsusService.exe
SR - | Auto 16/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/01/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 8
[HKCU\Software\defaulttab] =>Adware.IMBooster
[HKLM\Software\defaulttab] =>Adware.IMBooster
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc] =>Adware.Bandoo
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Yhouè\AppData\Roaming\DefaultTab =>Adware.Bandoo^
C:\Users\Yhouè\AppData\Roaming\Desk 365 =>Hijacker.22Find^
C:\Users\Yhouè\AppData\Local\Temp\Desk365 =>Hijacker.22find
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\DefaultTab] =>Adware.Bandoo^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\DefaultTab] =>Adware.Bandoo^
[HKLM\Software\supWPM] =>PUP.WpManager^
C:\Users\Yhouè\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe =>Hijacker.NationZoom^
C:\Users\Yhouè\AppData\Local\Temp\UNTD6CF.exe =>Adware.BDSearch^
C:\Users\Yhouè\AppData\Local\Temp\UNTD86B.exe =>Adware.BDSearch^
~ Additionnel Scan: 124554 Items scanned in 01mn 28s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 7 link(s) detected in 01mn 28s
~ 8448 Legitimates filtered by white list
End of the scan (478 lines in 08mn 49s)(0)
https://pjjoint.malekal.com/files.php?id=20140122_k12q10r13t10x11
Je te copie aussi ds ce message le rapport.... je ne sais pas bien si je fais bien...
On ce rattrape. Turop
~ Report of ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Launched by Yhouè (21/01/2014 20:45:45)
~ Web site address : https://nicolascoolman.webs.com/
~ Free support forums for disinfection : https://nicolascoolman.webs.com/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Deactivate by user
---\\ Internet browsers
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v32.0.1700.76 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
avast! Internet Security v9.0.2011
Malwarebytes Anti-Malware versión 1.75.0.1300
Windows Defender W7
---\\ System optimization software
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 12 ActiveX
---\\ Information on the system
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 116 GB (77%) free of 149 GB
---\\ Connection to the system mode
~ Computer Name: YHOUÈ-PC
~ User Name: Yhouè
~ All Users Names: Yhouè, Invitado, HomeGroupUser$, Administrador,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Yhouè\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Yhouè\AppData\Roaming\
~ %Desktop% : C:\Users\Yhouè\Desktop\
~ %Favorites% : C:\Users\Yhouè\Favorites\
~ %LocalAppData% : C:\Users\Yhouè\AppData\Local\
~ %StartMenu% : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 116 Go of 149 Go)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorador de Windows.) (.24/02/2011 - 23:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicación de inicio de Windows.) (.13/07/2009 - 19:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.927FA6456AD6D7630F6854828D2FD16B] - (.Microsoft Corporation - Extensiones de Internet para Win32.) (.26/11/2013 - 0:33:33.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicación de inicio de sesión de Windows.) (.20/11/2010 - 6:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de licencias de software.) (.20/11/2010 - 6:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 18:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 19:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 17:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 2:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 2:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 3:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Controlador de puerto de i8042.) (.13/07/2009 - 17:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 17:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 20:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 2:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Controlador del sistema de archivos NTFS.) (.12/04/2013 - 7:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Controlador de puerto paralelo.) (.13/07/2009 - 17:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 17:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 17:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 2:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Controlador de instantánea de volumen.) (.20/11/2010 - 6:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes Favoris (My Favorites) : 1/28
~ Mes Documents (My Documents) : 1/3
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 00s
---\\ Process running
[MD5.17C1F00C2FF5EB421202AABE4F504DA9] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [137752] [PID.456]
[MD5.95BF86349F025960293FC7B5082D7535] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [354840] [PID.428]
[MD5.2E86071D074339BE1386DC7DB032557B] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664] [PID.1184]
[MD5.D523A9BB4D1C1DEF96A3555AE472BFF1] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.1928]
[MD5.93190A2F166DB15FF8A9D7C260F2806F] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032] [PID.2020]
[MD5.4D2987AFADD5A32417BD744C34ADF9FF] - (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240] [PID.108]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.956]
[MD5.9FAF1377619583B191BD08287F03737E] - (.ultracopier.first-world.info - Ultracopier under GPL3.) -- C:\Program Files\Ultracopier\ultracopier.exe [204288] [PID.2076]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2540]
[MD5.52EA6C0C8A124BFB1065482392C8E1F5] - (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648] [PID.340]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.3184]
[MD5.C8A8321292A459B0A17FB39A782A5C74] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [806096] [PID.1452]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.4332]
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1332]
[MD5.1247D6B0F35AA93774CFBFD73203D857] - (.AVAST Software - avast! firewall service.) -- C:\Program Files\AVAST Software\Avast\afwServ.exe [113704] [PID.1464]
[MD5.C4FB2613D3C75364BB159B9C23A00E7A] - (...) -- C:\Windows\System32\AsusService.exe [219136] [PID.2292]
[MD5.6CB874AA6E4D0F91811EDA2AA272A685] - (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe [752056] [PID.2388]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2396]
[MD5.710AB764FEAC87B4EB4BE3A6A5480BD0] - (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe [100328] [PID.2404]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2444]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Servicio de plataforma de protección de sof.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.2772]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://ww7.nationzoom.com =>Hijacker.NationZoom
G2 - GCE: Preference [User Data\Default] [chgdeabpmphfhkoemjjglmilajldekbp] Wondershare Video Converter Ultimate v.6.0.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 03s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} . (.Wondershare Software Co., Ltd. - Wondershare Video Converter Ultimate Plugin.) -- C:\Program Files\Wondershare\Video Converter Ultimate\SVRIEPlugin.dll
~ BHO: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: E-Cam.lnk . (.AzureWave - E-CAM MFC Application.) -- C:\Program Files\E-Cam\E-CAM.exe
O4 - GS\Desktop [Public]: Wondershare Video Converter Ultimate.lnk . (.Wondershare Software - Wondershare Video Converter.) -- C:\Program Files\Wondershare\Video Converter Ultimate\WSVCUSplash.exe
O4 - GS\QuickLaunch [Yhouè]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [Yhouè]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [Yhouè]: Wondershare Video Converter Ultimate.lnk . (.Wondershare Software - Wondershare Video Converter Ultimate.) -- C:\Program Files\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe
O4 - GS\TaskBar [Yhouè]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [Yhouè]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [Yhouè]: Wondershare Video Converter Ultimate.lnk . (.Wondershare Software - Wondershare Video Converter Ultimate.) -- C:\Program Files\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe
O4 - GS\Program [Yhouè]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [Yhouè]: Lollipop.lnk . (...) -- C:\Users\Yhouè\AppData\Local\Lollipop\Lollipop.exe (.not file.) =>Adware.Lollipop
O4 - GS\SystemTools [Yhouè]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://ww7.nationzoom.com =>Hijacker.NationZoom
O4 - GS\SendTo [Yhouè]: Transferencia de archivos Bluetooth.LNK . (.Microsoft Corporation - No Comment.) -- C:\Windows\System32\fsquirt.exe
O4 - GS\Desktop [Yhouè]: Continue Software Setup.lnk . (...) -- C:\Users\Yhouè\AppData\Local\Temp\DownloadManager.exe (.not file.)
~ Global Startup: 59 Legitimates Filtered in 00mn 02s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [Yhouè]: lollipop.lnk . (...) -- C:\Users\Yhouè\AppData\Local\Lollipop\Lollipop.exe (.not file.) =>Adware.Lollipop
O4 - HKLM\..\Run: [HotkeyService] . (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [HotKeyMon] . (.ASUSTeK Computer Inc. - HotkeyMon.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxExt] . (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\IgfxExt.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynAsusAcpi] . (.Synaptics Incorporated - Asus Custom Acpi Monitor Application.) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe (.not file.)
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] . (...) -- C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\RunOnce: [20131224] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\f20b7fb0-9a45-4828-a568-fe522bca67f8.exe
O4 - HKCU\..\Run: [ultracopier] . (.ultracopier.first-world.info - Ultracopier under GPL3.) -- C:\Program Files\Ultracopier\ultracopier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets de escritorio de Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2533852307-1158591561-3514118382-1001\..\Run: [ultracopier] . (.ultracopier.first-world.info - Ultracopier under GPL3.) -- C:\Program Files\Ultracopier\ultracopier.exe
~ Application: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0515FC97-D06B-4C43-822C-57AAAB3BB396}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1114F116-A0C3-4122-882B-F373BC150C14}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0515FC97-D06B-4C43-822C-57AAAB3BB396}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1114F116-A0C3-4122-882B-F373BC150C14}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0515FC97-D06B-4C43-822C-57AAAB3BB396}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1114F116-A0C3-4122-882B-F373BC150C14}: DhcpNameServer = 10.3.9.242 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.9.242 10.3.1.100
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visor HTML de Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Asus Launcher Service (AsusService) . (...) - C:\Windows\System32\AsusService.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
~ Services: 6 Legitimates Filtered in 00mn 41s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppWork]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\DefaultTab] =>Adware.Bandoo
[HKCU\Software\WSVCUPlugin]
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\DefaultTab] =>Adware.Bandoo
[HKLM\Software\supWPM] =>PUP.WpManager
~ Key Software: 110 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 16/01/2014 - 20:50:24 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 16/01/2014 - 20:50:24 - [0] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O43 - CFD: 20/01/2014 - 17:31:37 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 20/01/2014 - 17:31:37 - [0] ----D C:\Users\Yhouè\AppData\Roaming\DefaultTab =>Adware.Bandoo
O43 - CFD: 20/01/2014 - 13:04:15 - [0] ----D C:\Users\Yhouè\AppData\Roaming\Desk 365 =>Hijacker.22Find
O43 - CFD: 20/01/2014 - 15:31:44 - [0] ----D C:\Users\Yhouè\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
O43 - CFD: 16/01/2014 - 12:08:44 - [0] -SH-D C:\Users\Yhouè\AppData\Local\Archivos temporales de Internet
O43 - CFD: 20/01/2014 - 10:20:00 - [1,224] ----D C:\Users\Yhouè\AppData\Local\genienext
~ Program Folder: 95 Legitimates Filtered in 00mn 17s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C71C33A290769C671353732F77B83C23] - 16/01/2014 - 11:58:08 ---A- . (...) -- C:\Windows\DtcInstall.log [1774]
O44 - LFC:[MD5.11CDEEC350BD99A9DAC5C5AF5883818A] - 16/01/2014 - 12:01:39 ---A- . (...) -- C:\Windows\TSSysprep.log [1313]
O44 - LFC:[MD5.38489F463AB7FF6BFA1E0A68CDF5D636] - 16/01/2014 - 19:27:41 ---A- . (...) -- C:\Windows\AsAcpiSvrLang.ini [21864]
O44 - LFC:[MD5.C4FB2613D3C75364BB159B9C23A00E7A] - 16/01/2014 - 19:27:41 ---A- . (...) -- C:\Windows\System32\AsusService.exe [219136]
O44 - LFC:[MD5.E67493490466B5F04B58C22D2590E8CA] - 16/01/2014 - 19:29:32 ---A- . (...) -- C:\Windows\System32\Drivers\AsUpIO.sys [11448]
O44 - LFC:[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - 16/01/2014 - 19:33:54 ---A- . (...) -- C:\Windows\Language_trs.ini [1769]
O44 - LFC:[MD5.6B8221036573494A9234B91B9D7B3F7B] - 16/01/2014 - 19:34:32 ---A- . (...) -- C:\Windows\System32\lpgun.ini [13020]
O44 - LFC:[MD5.DAD43771BA3FD8CE25A412FFF53206E8] - 16/01/2014 - 19:49:20 ---A- . (...) -- C:\Windows\DPINST.LOG [4818]
O44 - LFC:[MD5.053F63B767B355F36C37BE9597937AED] - 16/01/2014 - 19:51:56 ---A- . (...) -- C:\Windows\System32\Drivers\SamSfPa.dat [4692]
O44 - LFC:[MD5.9AE4E8FD213A92CBB58FDF968D988404] - 16/01/2014 - 20:05:27 ---A- . (...) -- C:\Windows\System32\athrext.cat [49563]
O44 - LFC:[MD5.FBF20603EE0C48AA1A58E448E6928FFD] - 16/01/2014 - 20:05:27 ---A- . (...) -- C:\Windows\System32\netathr.inf [293373]
O44 - LFC:[MD5.03783D0840B2C54D7665248425C74417] - 17/01/2014 - 18:20:27 ---A- . (...) -- C:\Windows\System32\dosx.exe [53600]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 17/01/2014 - 18:20:37 ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - 17/01/2014 - 18:20:47 ---A- . (...) -- C:\Windows\System32\systemsf.ebd [146852]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 17/01/2014 - 18:20:53 ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.4B223CC51C91B7159B3AD6F66EC85399] - 18/01/2014 - 12:07:14 ---A- . (...) -- C:\Windows\IE9_main.log [9056]
O44 - LFC:[MD5.1A84414B5E7AB90F929083C2CE8E235F] - 18/01/2014 - 16:40:46 ---A- . (...) -- C:\Windows\IE10_main.log [11812]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 18/01/2014 - 19:59:31 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.0201AAC4157E376B2884E485874CA251] - 18/01/2014 - 20:07:51 ---A- . (...) -- C:\Windows\IE11_main.log [18314]
O44 - LFC:[MD5.81674239BC81FB7DBEE85B8A35F5C863] - 20/01/2014 - 13:01:45 ---A- . (...) -- C:\Windows\System32\_WSCM32.dll [214528]
O44 - LFC:[MD5.5F5FFD142DE69616EE8610811182D075] - 20/01/2014 - 13:01:45 ---A- . (...) -- C:\Windows\System32\_WSCM64.dll [721263]
O44 - LFC:[MD5.6310E7A993CE5958FA20179DDADDA1C5] - 20/01/2014 - 18:03:51 --HA- . (...) -- C:\1101HA.ROM [1048576]
O44 - LFC:[MD5.81674239BC81FB7DBEE85B8A35F5C863] - 20/01/2014 - 18:51:51 ---A- . (...) -- C:\Windows\System32\WSCM32.dll [214528]
O44 - LFC:[MD5.5F5FFD142DE69616EE8610811182D075] - 20/01/2014 - 18:51:51 ---A- . (...) -- C:\Windows\System32\WSCM64.dll [721263]
~ Files: 1091 Legitimates Filtered in 00mn 51s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.F72D37E369CEBE7C887970927C771510] - 21/01/2014 - 20:36:44 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
~ Prefetcher: 81 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.E67493490466B5F04B58C22D2590E8CA] - 06/07/2009 - 3:48:02 ---A- . (...) -- C:\Windows\System32\Drivers\AsUpIO.sys [11448]
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 16/01/2014 - 20:26:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 16/01/2014 - 20:26:02 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 19:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 16:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 19:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 15:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 15:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 15:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 15:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 15:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 15:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 15:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 15:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 15:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 15:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 15:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 15:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 15:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 15:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 15:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 18 Legitimates Filtered in 00mn 04s
---\\ Last modified or created user files (O61)
O61 - LFC: 18/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Links\Desktop.lnk [483]
O61 - LFC: 18/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Links\Downloads.lnk [894]
O61 - LFC: 18/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Links\RecentPlaces.lnk [383]
O61 - LFC: 19/01/2014 - 20:48:57 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdm.dll [6940304]
O61 - LFC: 19/01/2014 - 20:48:57 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.fingerprint [66]
O61 - LFC: 19/01/2014 - 20:48:57 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\manifest.json [845]
O61 - LFC: 20/01/2014 - 20:48:49 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [273221]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Downloads\1101HA-ASUS-0323.zip [441780]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Downloads\574rk.7r3k.72Op.by.The.Lucho.part1.rar [681574400]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Downloads\574rk.7r3k.72Op.by.The.Lucho.part2.rar [579585096]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\daemonprocess.txt [1039]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (.AppWork GmbH.) -- C:\Users\Yhouè\Downloads\WebInstallerJD2.exe [77976]
O61 - LFC: 20/01/2014 - 20:52:24 ---A- . (.Free Time.) -- C:\Users\Yhouè\Downloads\FFSetup3.2.1.0.exe [61746892]
O61 - LFC: 20/01/2014 - 20:52:24 RSHA- . (...) -- C:\Users\Yhouè\ntuser.pol [282]
O61 - LFC: 21/01/2014 - 20:48:49 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [5]
O61 - LFC: 21/01/2014 - 20:48:56 ---A- . (...) -- C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Local State [54336]
O61 - LFC: 21/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\AppData\Roaming\ZHP\Log.txt [16068] =>.Nicolas Coolman
O61 - LFC: 21/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\AppData\Roaming\ZHP\TestsZHPDiag.txt [2836] =>.Nicolas Coolman
O61 - LFC: 21/01/2014 - 20:52:24 ---A- . (...) -- C:\Users\Yhouè\Documents\Flims\s74r.7r3k.1n70.d4rkn355.hd.72Op.by.The.Lucho(1).mp4 [2608022976]
~ 128 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 6554 Legitimates Filtered in 03mn 35s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://ww7.nationzoom.com =>Hijacker.NationZoom
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {4F8F19D4-3AC5-461F-9651-500BC5ADF0AA} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.DC167DDDAF5C1A457D5A4FEBF94F67BC] [SPRF][20/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\1_Offer_3.exe [19207976]
[MD5.B5B2829B37336BB266B179700398B421] [SPRF][13/09/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Yhouè\AppData\Local\Temp\AskPIP_FF_.exe [1021872]
[MD5.4EDE0214A9AD5EE2B6E60D7E9CE786B2] [SPRF][20/01/2014] (.Skytech Co., Ltd. - Skytech.) -- C:\Users\Yhouè\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe [564888] =>Hijacker.NationZoom
[MD5.22736CB1C85CD187A2419F0E55DEBBF7] [SPRF][20/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\proxy_vole917517203174721683.dll [43520]
[MD5.3DF9C822FFD4245403113A555A27357F] [SPRF][12/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\Quarantine.exe [360073]
[MD5.18F801F7C60935D77B24E601F124986B] [SPRF][16/01/2014] (.Baidu Inc. - Baidu PC Faster MiniSetup.) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD6CF.exe [1484832] =>Adware.BDSearch
[MD5.535402C574026FDA1C8638794CC117B8] [SPRF][16/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD6E1.exe [19207976]
[MD5.18F801F7C60935D77B24E601F124986B] [SPRF][20/01/2014] (.Baidu Inc. - Baidu PC Faster MiniSetup.) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD86B.exe [1484832] =>Adware.BDSearch
[MD5.535402C574026FDA1C8638794CC117B8] [SPRF][20/01/2014] (...) -- C:\Users\Yhouè\AppData\Local\Temp\UNTD87D.exe [19207976]
~ Files: 10 Legitimates Filtered in 00mn 02s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 21/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 16/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 18/08/2009 219136 | (AsusService) . (...) - C:\Windows\System32\AsusService.exe
SR - | Auto 16/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 16/01/2014 113704 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Filtered in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 8
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 8
[HKCU\Software\defaulttab] =>Adware.IMBooster
[HKLM\Software\defaulttab] =>Adware.IMBooster
[HKCU\Software\lollipop] =>Adware.Lollipop
[HKLM\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc] =>Adware.Bandoo
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\Yhouè\AppData\Roaming\DefaultTab =>Adware.Bandoo^
C:\Users\Yhouè\AppData\Roaming\Desk 365 =>Hijacker.22Find^
C:\Users\Yhouè\AppData\Local\Temp\Desk365 =>Hijacker.22find
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\DefaultTab] =>Adware.Bandoo^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\DefaultTab] =>Adware.Bandoo^
[HKLM\Software\supWPM] =>PUP.WpManager^
C:\Users\Yhouè\AppData\Local\Temp\epom2_nationzoom_20131128171912.exe =>Hijacker.NationZoom^
C:\Users\Yhouè\AppData\Local\Temp\UNTD6CF.exe =>Adware.BDSearch^
C:\Users\Yhouè\AppData\Local\Temp\UNTD86B.exe =>Adware.BDSearch^
~ Additionnel Scan: 124554 Items scanned in 01mn 28s
---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/28158343-adware-bdsearch =>Adware.BDSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ MSI: 7 link(s) detected in 01mn 28s
~ 8448 Legitimates filtered by white list
End of the scan (478 lines in 08mn 49s)(0)
bonjour Voila le liens du rapport. e te remercie pour ton aide. On ce rattrape.
https://pjjoint.malekal.com/files.php?id=20140122_k12q10r13t10x11
https://pjjoint.malekal.com/files.php?id=20140122_k12q10r13t10x11
Salut
voir : https://forums.commentcamarche.net/forum/affich-29548502-win-explorer-cesse-de-foncionner#2
que je viens de restaurer. :o)
voir : https://forums.commentcamarche.net/forum/affich-29548502-win-explorer-cesse-de-foncionner#2
que je viens de restaurer. :o)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour baladur13 et merci ;-)
@ Túrhop
1)Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Scanner] puis patiente le temps du scan.
Une fois le scan terminé clique sur le bouton [Nettoyer]
Patiente durant le nettoyage. Lis le message qui apparaît, puis clique sur Ok . Le PC va être redémarré automatiquement et le rapport s'ouvrira à la fin du redémarrage.
Poste le rapport
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
A lire :
Les programmes potentiellement indésirables :
https://www.malekal.com/adwares-pup-protection/
Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=
2)Tu disposes de Malwaresbytes
Met le à jour et lance une analyse rapide
Poste moi ce rapport après suppression
@+
@ Túrhop
1)Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Scanner] puis patiente le temps du scan.
Une fois le scan terminé clique sur le bouton [Nettoyer]
Patiente durant le nettoyage. Lis le message qui apparaît, puis clique sur Ok . Le PC va être redémarré automatiquement et le rapport s'ouvrira à la fin du redémarrage.
Poste le rapport
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
A lire :
Les programmes potentiellement indésirables :
https://www.malekal.com/adwares-pup-protection/
Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=
2)Tu disposes de Malwaresbytes
Met le à jour et lance une analyse rapide
Poste moi ce rapport après suppression
@+
bonjour. Voila les deux resultat.
On ce rattrape.
AdwCleaner
# AdwCleaner v3.017 - Reporte Creado 22/01/2014 en 19:30:26
# Actualizado 12/01/2014 por Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Nombre de usuario : Yhouè - YHOUÈ-PC
# Ejecutado desde : C:\Users\Yhouè\Downloads\AdwCleaner (1).exe
# Opción : Limpiar
***** [ Servicios ] *****
***** [ Archivos / Carpetas ] *****
Carpeta Borrar : C:\ProgramData\WPM
Carpeta Borrar : C:\Program Files\Mobogenie
Carpeta Borrar : C:\Users\Yhouè\AppData\Local\genienext
Carpeta Borrar : C:\Users\Yhouè\AppData\Local\Mobogenie
Carpeta Borrar : C:\Users\YHOU~1\AppData\Local\Temp\Desk365
Carpeta Borrar : C:\Users\Yhouè\AppData\Roaming\DefaultTab
Carpeta Borrar : C:\Users\Yhouè\AppData\Roaming\Desk 365
Carpeta Borrar : C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Archivo Borrar : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Archivo Borrar : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
Archivo Borrar : C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
***** [ Accesos directos ] *****
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registro ] *****
Clave Borrar : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Clave Borrar : HKCU\Software\Classes\Applications\lollipop.exe
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Datos Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Clave Borrar : HKCU\Software\DefaultTab
Clave Borrar : HKCU\Software\lollipop
Clave Borrar : HKLM\Software\DefaultTab
Clave Borrar : HKLM\Software\supWPM
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v32.0.1700.76
[ Archivo : C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Borrar : search_url
Borrar : keyword
*************************
AdwCleaner[R0].txt - [5923 octets] - [19/01/2014 18:54:55]
AdwCleaner[R1].txt - [4467 octets] - [22/01/2014 19:27:46]
AdwCleaner[S0].txt - [4454 octets] - [19/01/2014 18:57:41]
AdwCleaner[S1].txt - [3448 octets] - [22/01/2014 19:30:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3508 octets] ##########
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware (Versión de Prueba) 1.75.0.1300
www.malwarebytes.org
Versión de la Base de Datos: v2014.01.24.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Yhouè :: YHOUÈ-PC [administrador]
Protección: Habilitado
24/01/2014 9:30:00
mbam-log-2014-01-24 (09-30-00).txt
Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 189196
Tiempo transcurrido: 13 minuto(s),
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
fin)
On ce rattrape.
AdwCleaner
# AdwCleaner v3.017 - Reporte Creado 22/01/2014 en 19:30:26
# Actualizado 12/01/2014 por Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Nombre de usuario : Yhouè - YHOUÈ-PC
# Ejecutado desde : C:\Users\Yhouè\Downloads\AdwCleaner (1).exe
# Opción : Limpiar
***** [ Servicios ] *****
***** [ Archivos / Carpetas ] *****
Carpeta Borrar : C:\ProgramData\WPM
Carpeta Borrar : C:\Program Files\Mobogenie
Carpeta Borrar : C:\Users\Yhouè\AppData\Local\genienext
Carpeta Borrar : C:\Users\Yhouè\AppData\Local\Mobogenie
Carpeta Borrar : C:\Users\YHOU~1\AppData\Local\Temp\Desk365
Carpeta Borrar : C:\Users\Yhouè\AppData\Roaming\DefaultTab
Carpeta Borrar : C:\Users\Yhouè\AppData\Roaming\Desk 365
Carpeta Borrar : C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Archivo Borrar : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Archivo Borrar : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
Archivo Borrar : C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
***** [ Accesos directos ] *****
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Acceso directo Desinfectado : C:\Users\Yhouè\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registro ] *****
Clave Borrar : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Clave Borrar : HKCU\Software\Classes\Applications\lollipop.exe
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Datos Restaurado : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Clave Borrar : HKCU\Software\DefaultTab
Clave Borrar : HKCU\Software\lollipop
Clave Borrar : HKLM\Software\DefaultTab
Clave Borrar : HKLM\Software\supWPM
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Google Chrome v32.0.1700.76
[ Archivo : C:\Users\Yhouè\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Borrar : search_url
Borrar : keyword
*************************
AdwCleaner[R0].txt - [5923 octets] - [19/01/2014 18:54:55]
AdwCleaner[R1].txt - [4467 octets] - [22/01/2014 19:27:46]
AdwCleaner[S0].txt - [4454 octets] - [19/01/2014 18:57:41]
AdwCleaner[S1].txt - [3448 octets] - [22/01/2014 19:30:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3508 octets] ##########
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware (Versión de Prueba) 1.75.0.1300
www.malwarebytes.org
Versión de la Base de Datos: v2014.01.24.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Yhouè :: YHOUÈ-PC [administrador]
Protección: Habilitado
24/01/2014 9:30:00
mbam-log-2014-01-24 (09-30-00).txt
Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 189196
Tiempo transcurrido: 13 minuto(s),
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
fin)
Bonjour
Poste moi un nouveau rapport ZHPDiag;merci
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier : Nom_complet_du_fichier (Fichier demandé )
Clique sur Ouvrir.
Clique sur "Envoyer le fichier".
Un lien de cette forme :
http://pjjoint.malekal.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
@+
Poste moi un nouveau rapport ZHPDiag;merci
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
Si problème utilise un des suivants
https://forums-fec.be/upload
https://www.cjoint.com/
Clique sur Parcourir et cherche le fichier : Nom_complet_du_fichier (Fichier demandé )
Clique sur Ouvrir.
Clique sur "Envoyer le fichier".
Un lien de cette forme :
http://pjjoint.malekal.com/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
@+