Répondre à : Dossiers et fichiers en raccourcis sur clé USB 2016-09-08T13:11:15+00:00
Photo du profil de Destrio5Destrio5
Participant
Post count: 211

puis-je ouvrir mes clé usb maintenant ?

–> Pas encore, il reste une partie de l’infection.

Tu as deux antivirus, Avira et Microsoft Security Essentials, il faut en désinstaller un des deux.

  • Relance AdwCleaner et choisis “Désinstaller”.
  • Copie tout le texte présent en vert ci-dessous (Sélectionne-le, clique droit dessus et choisis “Copier”).

    Script ZHPFix
    SysRestore
    C:UsersMEDIONAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (Désactivé)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.search.ask.com” onclick=”window.open(this.href);return false;
    R0 – HKCUSOFTWAREClassesSoftwareMicrosoftInternet ExplorerMain,Start Page = http://allssearch.com” onclick=”window.open(this.href);return false;
    O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    O4 – GSStartup [MEDION]: 5z1z.lnk . (.Intel Corporation – Intel Corporation.) — C:UsersPubliciAStorIcon.exe
    OPT:O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKCU..Run: [360desktop] Clé orpheline
    O4 – HKCU..Run: [8jusched] C:UsersPublicjusched.exe (.not file.)
    O4 – HKUSS-1-5-21-1153575936-1959217106-897109580-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
    O4 – HKUSS-1-5-21-1153575936-1959217106-897109580-1000..Run: [360desktop] Clé orpheline
    O4 – HKUSS-1-5-21-1153575936-1959217106-897109580-1000..Run: [8jusched] C:UsersPublicjusched.exe (.not file.)
    O39 – APT:Automatic Planified Task – C:WindowsTasksNorton Security Scan for MEDION.job [442]
    O41 – Driver: (cyphwbqb) . (. – .) – C:Windowssystem32driverscyphwbqb.sys (.not file.)
    O41 – Driver: (eoxfyabi) . (. – .) – C:Windowssystem32driverseoxfyabi.sys (.not file.)
    O41 – Driver: (fdbgequd) . (. – .) – C:Windowssystem32driversfdbgequd.sys (.not file.)
    O41 – Driver: (hbxtwpax) . (. – .) – C:Windowssystem32drivershbxtwpax.sys (.not file.)
    O41 – Driver: (jdkvcrlq) . (. – .) – C:Windowssystem32driversjdkvcrlq.sys (.not file.)
    O41 – Driver: (ksgjiwpo) . (. – .) – C:Windowssystem32driversksgjiwpo.sys (.not file.)
    O41 – Driver: (lttstzud) . (. – .) – C:Windowssystem32driverslttstzud.sys (.not file.)
    O42 – Logiciel: Google Toolbar for Internet Explorer – (.Google Inc..) [HKLM] — {18455581-E099-4BA8-BC6B-F34B2F06600C}
    O42 – Logiciel: Google Toolbar for Internet Explorer – (.Google Inc..) [HKLM] — {2318C2B1-4965-11d4-9B18-009027A5CD4F}
    O42 – Logiciel: Skype Toolbars – (.Skype Technologies S.A..) [HKLM] — {B6CF2967-C81E-40C0-9815-C05774FEF120}
    O42 – Logiciel: WinZipper – (.Taiwan Shui Mu Chih Ching Technology Limited..) [HKLM] — WinZipper
    O43 – CFD: 7/09/2013 – 12:44:09 – [0] —-D C:ProgramDataDatamngr
    O43 – CFD: 14/03/2012 – 19:49:41 – [6,048] –H-D C:ProgramData{A37818CF-E0CC-4A13-B685-605AE2F01FD2}
    OPT:O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:UsersMEDIONAppDataLocalGoogleChromeApplicationchrome.exe” http://www.delta-homes.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {CE7A218A-A1B0-4E51-8556-CC288F1171B7} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false;
    O87 – FAEL: “{0C690F55-63FA-4291-B010-236770772A8B}” |In – Private – P6 – TRUE | .(…) — C:Program FilesWindows Searchqu ToolbarDatamngrToolBardtUser.exe (.not file.)
    O87 – FAEL: “{B00A720B-39D0-4B5F-BA0E-E2B2B512C53B}” |In – Private – P17 – TRUE | .(…) — C:Program FilesWindows Searchqu ToolbarDatamngrToolBardtUser.exe (.not file.)
    O87 – FAEL: “{97F7487E-9B65-4C42-B2A0-B68E08D41DE8}” |In – Private – P6 – TRUE | .(…) — C:Program FilesSearchqu ToolbarDatamngrToolBardtUser.exe (.not file.)
    O87 – FAEL: “{79D2C8FD-B1BA-4C86-B0DA-007E9A9909C6}” |In – Private – P17 – TRUE | .(…) — C:Program FilesSearchqu ToolbarDatamngrToolBardtUser.exe (.not file.)
    O87 – FAEL: “TCP Query User{4105F876-5267-46D9-A295-E48572EA22AA}C:program files1clickdownload1clickdownloader.exe” |In – Private – P6 – TRUE | .(…) — C:program files1clickdownload1clickdownloader.exe (.not file.)
    O87 – FAEL: “UDP Query User{1E52F846-6D7F-4099-81BF-7A2ADED875FE}C:program files1clickdownload1clickdownloader.exe” |In – Private – P17 – TRUE | .(…) — C:program files1clickdownload1clickdownloader.exe (.not file.)
    O87 – FAEL: “{311E7518-5012-40B8-A8EB-0154C1548DEF}” | In – Private – P6 – FALSE | .(.Pas de propriétaire – IncrediMail Installer.) — C:UsersMEDIONAppDataLocalTempnsxA7B8.tmpincredimail_Setup.exe
    O87 – FAEL: “{31144F1B-4BB3-43D6-BBD6-AEE2E9CC66E5}” | In – Private – P17 – FALSE | .(.Pas de propriétaire – IncrediMail Installer.) — C:UsersMEDIONAppDataLocalTempnsxA7B8.tmpincredimail_Setup.exe
    O87 – FAEL: “{1D0FBADF-1C6F-4D30-BE13-EF55D8C575CA}” |In – Private – P6 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
    O87 – FAEL: “{39FCD964-4694-438A-9986-828E2632DE00}” |In – Private – P17 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
    O87 – FAEL: “{C58383D2-6F3B-45A2-AB4A-723CFA47EF76}” |In – Private – P6 – TRUE | .(…) — C:WindowsSystem32ARFCwrtc.exe (.not file.)
    O87 – FAEL: “{D6DE9E62-076B-4DDE-A01B-79F54AFA1D1A}” |In – Private – P17 – TRUE | .(…) — C:WindowsSystem32ARFCwrtc.exe (.not file.)
    O87 – FAEL: “{BC15FF36-5C49-48F0-9936-1131342437BC}” |In – Public – P6 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
    O87 – FAEL: “{C4EF2F6B-8BC0-4521-BD18-C97FE2F37526}” |In – Public – P17 – TRUE | .(…) — C:WindowsSystem32dmwu.exe (.not file.)
    O87 – FAEL: “{F33BA13E-8B96-4759-91AC-66B8B1CA11AE}” |In – Public – P6 – TRUE | .(…) — C:WindowsSystem32ARFCwrtc.exe (.not file.)
    O87 – FAEL: “{F56BB446-7BB6-448B-BD7C-36F473541ACD}” |In – Public – P17 – TRUE | .(…) — C:WindowsSystem32ARFCwrtc.exe (.not file.)
    O87 – FAEL: “{BBDA296E-2BB9-4358-8B24-F10422087FBE}” |In – Private – P6 – TRUE | .(…) — C:Program FilesYourFileDownloaderDownloader.exe (.not file.)
    O87 – FAEL: “{4F1B14E9-6B2B-41B3-83DB-E0537085812A}” |In – Private – P17 – TRUE | .(…) — C:Program FilesYourFileDownloaderDownloader.exe (.not file.)
    O87 – FAEL: “{4F1CCADB-1C9C-449F-A03E-60A0C0D27EF3}” |In – Private – P6 – TRUE | .(…) — C:Program FilesYourFileDownloaderYourFile.exe (.not file.)
    O87 – FAEL: “{5A8CCD12-025F-41CB-90E1-E258D66C749A}” |In – Private – P17 – TRUE | .(…) — C:Program FilesYourFileDownloaderYourFile.exe (.not file.)
    O87 – FAEL: “{1CA0FBEE-ED3F-497D-98F4-511E247924D2}” |In – Public – P6 – TRUE | .(…) — C:ProgramDataeSafeeGdpSvc.exe (.not file.)
    O90 – PUC: “7692FC6BE18C0C0489510C7547EF1F02” . (.Skype Toolbars.) — C:WindowsInstaller{B6CF2967-C81E-40C0-9815-C05774FEF120}IconUninstallIco
    [MD5.503B26F39ADBAECFFCB2AEED703B8F13] [WIS][15/04/2011] (.Google Inc. – Google Toolbar for Internet Explorer.) — C:WindowsInstaller11fc9c.msi [28160]
    [MD5.9B9D478E55FAD14C720ABE004580F2D8] [WIS][14/06/2011] (.Skype Technologies S.A. – Skype Toolbars.) — C:WindowsInstaller1e92a4a.msi [2838528]
    [MD5.0344864E6AC90825F0122C4D2742F816] [WIS][14/03/2012] (.Bandoo Media Inc. – iLivid Installation.) — C:WindowsInstallerba9ad41.msi [290816]
    C:UsersMEDIONAppDataLocalGoogleChromeUser DataDefaultExtensionseooncjejnppfjjklapaamhcdmjbilmde
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}
    [HKLMSYSTEMCurrentControlSetServicesEventlogApplicationeSafeSvc]
    [HKLMSoftwareMicrosoftTracingBingBar_RASAPI32]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{18455581-E099-4BA8-BC6B-F34B2F06600C}]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{B6CF2967-C81E-40C0-9815-C05774FEF120}]
    [HKLMSoftwareMicrosoftTracingYourFile_RASAPI32]
    [HKLMSoftwareMicrosoftTracingYourFileUpdater_RASAPI32]
    [HKLMSoftwareMicrosoftTracingYourFileUpdater_RASMANCS]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes5E0C8759C69912A4485AD49572CE7CA3]
    [HKLMSoftwareGoogleChromeExtensionseooncjejnppfjjklapaamhcdmjbilmde]
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4D91-8333-CF10577473F7}]
    C:UsersPubliciAStorIcon.exe
    ShortcutFix
    EmptyCLSID
    EmptyFlash
    EmptyTemp

  • Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.
  • Clique sur le bouton “IMPORTER”.
  • Dans l’encadré principal, tu verras donc les lignes que tu as copié précédemment apparaître.
  • Clique sur “GO” pour lancer le nettoyage. Laisse l’outil travailler et ne touche à rien.
  • Accepte la désinstallation des programmes si proposé, mais refuse le redémarrage de ton PC si également proposé, car cela stopperait ZHPFix.
  • Une fois terminé, héberge le rapport ZHPFix.txt sur SosUpload et copie-colle le lien fourni dans ta prochaine réponse.