[Résolu]Plantage windows seven - system recovery...

[palerider]

Il reste deux bestioles: WebsSearches et addlyrics je regarde le rapport et je cherche...

Déjà regarde ça :

-Supprimer l'extension de nom aléatoire Lyrics de tous les navigateurs installés,

- Supprimer le logiciel nom aléatoire Lyrics via le panneau de configuration Windows,

[flo9169]

je le vois pas ,(
je crois vraiment qu'il y a des programmes installés qui se montrent pas dans la liste des programmes.. Parce que seulement 24 programmes installées c'est bizard....

[palerider]

Ok,

Lance Zhpfix et colles les lignes suivantes :


Script ZHPFix
[HKCU\Software\AppDataLow\Software\Safer-Surf
[HKLM\Software\Wow6432Node\webssearchesSoftware] =>Hijacker.WebsSearches
O61 - LFC: 26/03/2014 - 21:13:02 ---A- . (...) -- C:\Users\flo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage [926720] =>Adware.AddLyrics
O61 - LFC: 26/03/2014 - 21:13:02 ---A- . (...) -- C:\Users\flo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.livelyrics00.live-lyrics.com_0.localstorage-journal [3608] =>Adware.AddLyrics
SysRestore
EmptyTemp
EmptyPrefetch
FirewallRaz

Poste le rapport dans ta prochaine réponse et refais un zhpdiag

[flo9169]

http://pjjoint.malekal.com/files.php?re ... v11v7u7y13" onclick="window.open(this.href);return false;

http://pjjoint.malekal.com/files.php?re ... j12p5s10z9" onclick="window.open(this.href);return false;

[palerider]

Adware.AddLyrics
Posted on May 25, 2013 at 7:50 PM

Origine

- Fiche Créée le 19/05/13 par Nicolas Coolman.

- Fiche modifiée le 14/10/2013


Caractéristique :



- Il appartient à une famille d'adwares avec des fonctionnalités de polluteware.

- Un adware est un programme qui ajoute d'autres programmes à l'insu de l'utilisateur.

- Développé par des sociétés de nom aléatoires :

- Be-Lyrics,

- Bjornet Industries,

- FAN Software,

- Happy Productions,

- LormanSoftware,

- Lyrics Woofer LTD,

- Lyrics-Pal,

- LyricsSpeaker LTD,

- LyricsPal Soft. LTD,

- MNDi Software,

- Plus Add-on Software,

- PNYJ Systems,

- Starware,

- XingHao Software,


- Les noms de programmes sont aléatoires :



- A2zLyrics,

- a2zLyrics-1,

- AddLyrics,

- B Lyrics,

- Boby Lyrics,

- electroLyrics,

- FindLyrics,

- Happy Lyrics,

- Lyrics Fan,

- LyricsFan-2,

- Lyrics Monkey,

- Lyrics_Monkey,

- Lyrics Plus,

- Lyrics Search,

- LyricsBuddy,

- LyricsBuddy-1,

- LyricsFolder,

- Lyrics-Pal,

- LyricsPack,

- LyricsPal,

- LyricsParty-1

- LyricsSay-1,

- LyricSearch,

- LyricsSpeaker,

- LyricStar,

- LyricsTube,

- LyricsWoofer,

- M-Lyrics,

- SuperLyrics-1,

- XingHaoLyrics,

Regarde dans les programmes installés si tu trouves quelque chose qui ressemble à ça et aussi dans les extensions de Chrome

[flo9169]

Non rien de lyrics !

Par contre un etdware..Mais c'est pas bizare d'avoir que 24 programmes?

[palerider]

Salut,

24 programmes tu en a installé combien ?

[palerider]

Tu en as plus que 24 !

Code : Tout sélectionner

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/03/2014 - 02:35:14 - [2,896] ----D C:\Program Files (x86)\AmIcoSingLun
O43 - CFD: 21/03/2014 - 02:36:54 - [246,247] ----D C:\Program Files (x86)\ASUS
O43 - CFD: 21/03/2014 - 02:29:48 - [88,739] ----D C:\Program Files (x86)\ATI Technologies
O43 - CFD: 22/03/2014 - 22:23:57 - [281,715] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 21/03/2014 - 02:39:51 - [254,583] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 20/03/2014 - 22:17:00 - [26,990] ----D C:\Program Files (x86)\DAEMON Tools Lite  =>.DT Soft Ltd
O43 - CFD: 20/03/2014 - 21:31:33 - [402,199] ----D C:\Program Files (x86)\Google
O43 - CFD: 21/03/2014 - 02:40:03 - [31,217] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 21/03/2014 - 02:32:40 - [12,371] ----D C:\Program Files (x86)\Intel
O43 - CFD: 22/03/2014 - 18:05:59 - [11,907] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 22/03/2014 - 22:22:45 - [121,300] ----D C:\Program Files (x86)\Java
O43 - CFD: 23/03/2014 - 16:39:16 - [80,723] ----D C:\Program Files (x86)\Kobo
O43 - CFD: 20/03/2014 - 19:32:27 - [13,265] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 20/03/2014 - 19:11:44 - [0] ----D C:\Program Files (x86)\Microsoft
O43 - CFD: 21/03/2014 - 18:58:31 - [38,002] ----D C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 21/03/2014 - 19:03:28 - [684,718] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 20/03/2014 - 22:05:21 - [1,451] ----D C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 20/03/2014 - 22:18:18 - [40,879] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 13/04/2011 - 03:42:56 - [1,745] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 21/03/2014 - 19:03:26 - [7,797] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 20/03/2014 - 19:17:23 - [54,450] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 20/03/2014 - 19:17:21 - [0,216] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 14/07/2009 - 06:32:38 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 13/04/2011 - 03:33:04 - [42,963] ----D C:\Program Files (x86)\Nuance
O43 - CFD: 21/03/2014 - 02:34:18 - [17,028] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 06:32:38 - [58,887] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 20/03/2014 - 20:26:13 - [23,259] R---D C:\Program Files (x86)\Skype
O43 - CFD: 13/04/2011 - 03:49:28 - [161,465] ----D C:\Program Files (x86)\syncables
O43 - CFD: 21/03/2014 - 02:35:07 - [0] --H-D C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - 05:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 20/03/2014 - 21:03:07 - [0] ----D C:\Program Files (x86)\Uninstaller
O43 - CFD: 20/03/2014 - 19:23:27 - [95,678] ----D C:\Program Files (x86)\VideoLAN
O43 - CFD: 22/03/2014 - 12:04:33 - [1,056] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 13/04/2011 - 03:45:11 - [314,625] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 11/04/2011 - 13:04:45 - [11,556] ----D C:\Program Files (x86)\Windows Mail  =>.Microsoft Corporation
O43 - CFD: 22/03/2014 - 13:35:30 - [5,776] ----D C:\Program Files (x86)\Windows Media Player  =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - 06:32:38 - [14,317] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 11/04/2011 - 13:04:45 - [4,812] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 18/02/2011 - 21:09:10 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 11/04/2011 - 13:04:45 - [15,495] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 24/03/2014 - 22:03:38 - [4,848] ----D C:\Program Files (x86)\WinRAR
O43 - CFD: 26/03/2014 - 19:20:28 - [1303,238] ----D C:\Program Files (x86)\Worms Reloaded
O43 - CFD: 26/03/2014 - 22:46:35 - [23,665] ----D C:\Program Files (x86)\ZHPDiag  =>.Nicolas Coolman
O43 - CFD: 21/03/2014 - 02:36:22 - [0,259] ----D C:\Program Files (x86)\Common Files\ControlDeck
O43 - CFD: 21/03/2014 - 19:03:39 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 21/03/2014 - 02:36:13 - [3,111] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 22/03/2014 - 22:23:57 - [1,191] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 23/03/2014 - 19:02:47 - [222,035] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 13/04/2011 - 03:48:00 - [0,338] ----D C:\Program Files (x86)\Common Files\Oberon Media
O43 - CFD: 21/03/2014 - 02:32:42 - [0,159] ----D C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 14/07/2009 - 04:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 20/03/2014 - 20:26:13 - [1,904] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 14/07/2009 - 04:20:08 - [39,212] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 22/03/2014 - 18:23:39 - [13,411] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 13/04/2011 - 03:33:36 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 21/03/2014 - 02:35:13 - [0] ----D C:\ProgramData\AmUStor
O43 - CFD: 14/07/2009 - 06:08:56 - [0] -SH-D C:\ProgramData\Application Data
O43 - CFD: 21/03/2014 - 02:31:33 - [0] ----D C:\ProgramData\ATI
O43 - CFD: 20/03/2014 - 18:58:54 - [4,522] ----D C:\ProgramData\ChangeFolderView
O43 - CFD: 21/03/2014 - 02:39:52 - [0,033] ----D C:\ProgramData\CyberLink
O43 - CFD: 24/03/2014 - 22:08:13 - [0,002] ----D C:\ProgramData\DAEMON Tools Lite  =>.DT Soft Ltd
O43 - CFD: 14/07/2009 - 06:08:56 - [0] -SH-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:08:56 - [0] -SH-D C:\ProgramData\Documents
O43 - CFD: 13/04/2011 - 03:33:02 - [18,933] ----D C:\ProgramData\Downloaded Installations
O43 - CFD: 14/07/2009 - 06:08:56 - [0] -SH-D C:\ProgramData\Favorites
O43 - CFD: 20/03/2014 - 03:56:51 - [1,209] ----D C:\ProgramData\FolderView
O43 - CFD: 22/03/2014 - 18:25:05 - [0,002] ----D C:\ProgramData\Informer Technologies, Inc
O43 - CFD: 20/03/2014 - 19:32:24 - [7,334] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 21/03/2014 - 19:00:31 - [-130,815] -S--D C:\ProgramData\Microsoft
O43 - CFD: 23/03/2014 - 19:08:48 - [0,057] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 20/03/2014 - 19:17:21 - [0] ----D C:\ProgramData\Mozilla
O43 - CFD: 21/03/2014 - 19:17:31 - [0] ----D C:\ProgramData\Nuance
O43 - CFD: 13/04/2011 - 03:48:44 - [0,551] ----D C:\ProgramData\OberonGameConsole
O43 - CFD: 22/03/2014 - 22:24:29 - [0] ----D C:\ProgramData\Oracle
O43 - CFD: 21/03/2014 - 02:36:56 - [0,002] ----D C:\ProgramData\P4G
O43 - CFD: 24/03/2014 - 23:49:24 - [0,645] ----D C:\ProgramData\RELOADED
O43 - CFD: 13/04/2011 - 03:33:05 - [1,234] ----D C:\ProgramData\ScanSoft
O43 - CFD: 20/03/2014 - 20:26:19 - [24,438] ----D C:\ProgramData\Skype
O43 - CFD: 14/07/2009 - 06:08:56 - [0] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 22/03/2014 - 22:23:59 - [0] ----D C:\ProgramData\Sun
O43 - CFD: 21/03/2014 - 02:39:20 - [0,137] ----D C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - 06:08:56 - [0] -SH-D C:\ProgramData\Templates
O43 - CFD: 20/03/2014 - 03:58:26 - [2,634] ----D C:\ProgramData\Trend Micro
O43 - CFD: 20/03/2014 - 19:09:19 - [0] ----D C:\Users\flo\AppData\Roaming\Adobe
O43 - CFD: 20/03/2014 - 18:59:06 - [0] ----D C:\Users\flo\AppData\Roaming\ASUS WebStorage
O43 - CFD: 20/03/2014 - 03:58:32 - [0] ----D C:\Users\flo\AppData\Roaming\ATI
O43 - CFD: 26/03/2014 - 19:10:34 - [1,274] ----D C:\Users\flo\AppData\Roaming\DAEMON Tools Lite  =>.DT Soft Ltd
O43 - CFD: 20/03/2014 - 19:12:54 - [0] ----D C:\Users\flo\AppData\Roaming\Google
O43 - CFD: 20/03/2014 - 03:57:11 - [0] ----D C:\Users\flo\AppData\Roaming\Identities
O43 - CFD: 20/03/2014 - 19:09:21 - [0] ----D C:\Users\flo\AppData\Roaming\Macromedia
O43 - CFD: 20/03/2014 - 19:32:31 - [0,153] ----D C:\Users\flo\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 08:44:38 - [0] ----D C:\Users\flo\AppData\Roaming\Media Center Programs
O43 - CFD: 22/03/2014 - 15:07:25 - [9,634] -S--D C:\Users\flo\AppData\Roaming\Microsoft
O43 - CFD: 20/03/2014 - 19:17:35 - [11,538] ----D C:\Users\flo\AppData\Roaming\Mozilla
O43 - CFD: 21/03/2014 - 19:17:31 - [0] ----D C:\Users\flo\AppData\Roaming\Nuance
O43 - CFD: 23/03/2014 - 12:26:55 - [7,879] ----D C:\Users\flo\AppData\Roaming\Skype
O43 - CFD: 20/03/2014 - 22:18:30 - [78,042] ----D C:\Users\flo\AppData\Roaming\Spotify
O43 - CFD: 20/03/2014 - 19:20:24 - [1,599] ----D C:\Users\flo\AppData\Roaming\Torrent2Exe
O43 - CFD: 23/03/2014 - 00:38:06 - [0,081] ----D C:\Users\flo\AppData\Roaming\vlc
O43 - CFD: 24/03/2014 - 22:03:55 - [0] ----D C:\Users\flo\AppData\Roaming\WinRAR
O43 - CFD: 21/03/2014 - 19:17:13 - [0,015] ----D C:\Users\flo\AppData\Roaming\Zeon
O43 - CFD: 26/03/2014 - 22:47:11 - [0,602] ----D C:\Users\flo\AppData\Roaming\ZHP  =>.Nicolas Coolman
O43 - CFD: 20/03/2014 - 03:56:35 - [0] -SH-D C:\Users\flo\AppData\Local\Application Data
O43 - CFD: 20/03/2014 - 03:58:32 - [0,337] ----D C:\Users\flo\AppData\Local\ATI
O43 - CFD: 24/03/2014 - 23:47:58 - [0] ----D C:\Users\flo\AppData\Local\CrashDumps
O43 - CFD: 20/03/2014 - 19:12:54 - [326,783] ----D C:\Users\flo\AppData\Local\Google
O43 - CFD: 20/03/2014 - 03:56:35 - [0] -SH-D C:\Users\flo\AppData\Local\Historique
O43 - CFD: 23/03/2014 - 16:43:58 - [84,070] ----D C:\Users\flo\AppData\Local\Kobo
O43 - CFD: 22/03/2014 - 22:18:18 - [64,205] ----D C:\Users\flo\AppData\Local\Microsoft
O43 - CFD: 21/03/2014 - 18:57:57 - [0] ----D C:\Users\flo\AppData\Local\Microsoft Help
O43 - CFD: 20/03/2014 - 19:17:36 - [12,974] ----D C:\Users\flo\AppData\Local\Mozilla
O43 - CFD: 20/03/2014 - 21:32:22 - [0,039] ----D C:\Users\flo\AppData\Local\Power2Go
O43 - CFD: 20/03/2014 - 19:32:16 - [0] ----D C:\Users\flo\AppData\Local\Programs
O43 - CFD: 20/03/2014 - 20:26:28 - [4,549] ----D C:\Users\flo\AppData\Local\Skype
O43 - CFD: 20/03/2014 - 20:34:01 - [22,321] ----D C:\Users\flo\AppData\Local\Spotify
O43 - CFD: 20/03/2014 - 03:57:15 - [0,008] ----D C:\Users\flo\AppData\Local\SRS Labs
O43 - CFD: 26/03/2014 - 22:46:03 - [0] ----D C:\Users\flo\AppData\Local\Temp
O43 - CFD: 20/03/2014 - 03:56:35 - [0] -SH-D C:\Users\flo\AppData\Local\Temporary Internet Files
O43 - CFD: 24/03/2014 - 22:35:36 - [0,007] ----D C:\Users\flo\AppData\Local\VirtualStore
O43 - CFD: 23/03/2014 - 11:43:23 - [0,012] ----D C:\Users\flo\AppData\Local\Windows Live
O43 - CFD: 22/03/2014 - 13:55:01 - [0,002] ----D C:\Users\flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 22/03/2014 - 13:55:16 - [0] R---D C:\Users\flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 22/03/2014 - 13:55:16 - [0] R---D C:\Users\flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 24/03/2014 - 22:03:39 - [0,004] ----D C:\Users\flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[flo9169]

10 je pense

[palerider]

Je pense un peu plus, dans ma liste j'ai pas fait gaffe, j'ai mis les applications data

Pour en revenir aux infections il reste Adware.AddLyrics

Je cherche ...