Répondre à : ordi infesté 2016-09-08T13:11:21+00:00
2011N2
Participant
Nombre d'articles : 27

Re,

Si, mais le rapport que tu m’as fourni m’indique qu’aucun élément n’a été supprimé.

Applique ce correctif =>

Ouvre le bloc-notes
Séléctionne et copie dedans le script

Script ZHPFix
G2 – GCE: Preference [User DataDefault] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.21.56092, (Désactivé) =>Adware.Bandoo
G2 – GCE: Preference [User DataDefault] [chdboodilddefglllfoimeceomkpmkbi] SaltarSmart v.1.0.0 (Activé) =>PUP.SaltarSmart
O23 – Service: Util SaltarSmart (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe (.not file.) =>PUP.SaltarSmart
O43 – CFD: 25/10/2013 – 21:48:28 – [0,019] —-D C:ProgramDataDatamngr =>PUP.Datamngr
O50 – IFEO:Image File Execution Options – bitguard.exe – tasklist.exe =>PUP.BitGuard
O50 – IFEO:Image File Execution Options – browserdefender.exe – tasklist.exe =>Hijacker.Eazel
O50 – IFEO:Image File Execution Options – browserprotect.exe – tasklist.exe =>Hijacker.Eazel
[MD5.9495FF73014B8A17BD4798911AD097FA] [SPRF][20/09/2011] (…) — C:UsersPierreAppDataLocalTempExtract.bat [87] =>
[MD5.8525CB5D57FBB87967169BC0735BDE57] [SPRF][09/12/2011] (.Complitly – Complitly Setup.) — C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe [579904] =>Adware.PredictAd
[MD5.7C90F77D368CABEA7B726A3758D6D761] [SPRF][07/12/2011] (.Babylon Ltd. – Babylon Client Setup.) — C:UsersPierreAppDataLocalTempMyBabylonTB.exe [919664] =>Toolbar.Babylon
[MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. – Uninstaller Application.) — C:UsersPierreAppDataLocalTempuninst1.exe [340464] =>Toolbar.Babylon
[MD5.02764A733C6F506C59F300929F3299C5] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe [775152] =>Adware.VisualBeeToolbar
[MD5.E93D456A74A43DCB034B5EBF37C3E40D] [SPRF][01/10/2013] (.Rcjbxb – Lqkliucvjk.) — C:UsersPierreAppDataLocalTempVisualBeeWebext.exe [4941896] =>Adware.VisualBeeToolbar
O87 – FAEL: “{DF8BD093-B460-4AB3-8CE1-26056611F425}” |In – Private – P6 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{79B2BD7D-6880-463A-B10F-581DFD5813B5}” |In – Private – P17 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{83E530DF-B4E3-452A-8DBC-45DC41F6739F}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
O87 – FAEL: “{147600D2-8C3D-4AD3-9794-FD5F69D6A722}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
[MD5.5FF2B0F7835519063800D9F2DB535131] [WIS][22/08/2013] (.QwertyBox Team – FrameFox Extensions 1.0.7.0 Setup.) — C:WindowsInstaller205f38.msi [417792] =>PUP.FrameFox
SS – | Auto 10/07/1658 0 | (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe =>PUP.SaltarSmart
[HKLMSoftwareGoogleChromeExtensionsaaaaabcbmongicmdegkmmfgdickgnnob] =>Adware.Bandoo^
[HKLMSoftwareGoogleChromeExtensionschdboodilddefglllfoimeceomkpmkbi] =>PUP.SaltarSmart^
[HKLMSYSTEMCurrentControlSetServicesUtil SaltarSmart] =>PUP.SaltarSmart^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
C:ProgramDataDatamngr =>PUP.Datamngr^
C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsdlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd
C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaaabcbmongicmdegkmmfgdickgnnob =>Adware.Bandoo^
C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionschdboodilddefglllfoimeceomkpmkbi =>PUP.SaltarSmart^
C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe =>Adware.PredictAd^
C:UsersPierreAppDataLocalTempMyBabylonTB.exe =>Toolbar.Babylon^
C:UsersPierreAppDataLocalTempuninst1.exe =>Toolbar.Babylon^
C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe =>Adware.VisualBeeToolbar^
C:UsersPierreAppDataLocalTempVisualBeeWebext.exe =>Adware.VisualBeeToolbar^
C:WindowsInstaller205f38.msi =>PUP.FrameFox^
C:UsersPierreAppDataLocalTempbabylon.jpg =>PUP.SweetIM
C:UsersPierreAppDataLocalTempGoogleToolbarInstaller1.log =>Toolbar.Babylon
C:UsersPierreAppDataLocalTempGoogleToolbarInstaller2.log =>Toolbar.Babylon
C:UsersPierreAppDataLocalTemppricepeep.bmp =>Adware.PricePeep
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline => Toolbar.Avast
[HKLMSoftwareWow6432NodeVBMZ] => Toolbar.Conduit
[MD5.F59F192D75396538912A87A5A8447E70] [SPRF][24/09/2012] (.Ask.com – AskStub Application.) — C:UsersPierreAppDataLocalTempApnStub.exe [357032]
[HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLMSoftwareWow6432NodeVBMZ] =>Toolbar.Conduit
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
O45 – LFCP:[MD5.1FDC331F69590A732DFF987F3C466BEC] – 01/10/2013 – 19:51:31 —A- – C:WindowsPrefetchWBCBATTERYCARE.EXE-DF7B7EEA.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.37F4BBD83A67BCBB60CB9C1F7B4854A0] – 19/10/2013 – 22:14:57 —A- – C:WindowsPrefetchADMLOAD.EXE-BC3F26C0.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.BC0B688FD86A734B3311CD299F68ACC9] – 24/10/2013 – 20:15:22 —A- – C:WindowsPrefetchVCMIALZMGR.EXE-40E91E41.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.4CD6842BA9F85A3AE966D97CAF24E9CB] – 24/10/2013 – 20:16:45 —A- – C:WindowsPrefetchVCSYSTRAY.EXE-6744AB5E.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.9D87E91C243BA43D1D3607697E1805DE] – 25/09/2013 – 20:49:21 —A- – C:WindowsPrefetchCOM.APPLE.WINDOWSCONTACTS.CLI-FDA196F1.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.8E4F792CEE11B51F339636E48D5D8D70] – 25/09/2013 – 20:49:30 —A- – C:WindowsPrefetchSYNCUIHANDLER.EXE-328587BA.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.E4D4334DF59C6F475197B7BBD47A05BF] – 25/09/2013 – 21:03:34 —A- – C:WindowsPrefetchMINGLER.EXE-D8BD2F63.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.37D9A86C5A6B0825625BD93856361BF3] – 25/10/2013 – 20:37:53 —A- – C:WindowsPrefetchVCMINSMGR.EXE-F1F81419.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.E0E1CFFABF963BC426027AE2EB935327] – 25/10/2013 – 20:37:58 —A- – C:WindowsPrefetchVSNSERVICE.EXE-F4985EFC.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.EFA5303768905FB4E41D9702000CC13A] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVESMGRSUB.EXE-E0B47857.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.59FEA2A340808194F060459129BF59E5] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVZCDBSVC.EXE-AB953ACE.pf => Fichier du dossier Prefetcher
O45 – LFCP:[MD5.CA6AD61474611DC2ABCCD5A3879E9E0C] – 25/10/2013 – 20:39:35 —A- – C:WindowsPrefetchAPVFB.EXE-2F577785.pf => Fichier du dossier Prefetcher
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][29/12/2010] (…) — C:UsersPierreAppDataLocalTemp5abciw0t.dll [0] => Empty File not necessary
[MD5.709DC78EA9EFBDA2226AE93080ABC80A] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempapnuserid.dat [16] => Temporary file not necessary
[MD5.85D8CE590AD8981CA2C8286F79F59954] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempappid.dat [3] => Temporary file not necessary
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempBackupSetup.exe [10355400] => Temporary file not necessary
[MD5.4599E1CF12B415B88EC4D6473559523E] [SPRF][09/10/2010] (…) — C:UsersPierreAppDataLocalTempEADB875.exe [212992] => Temporary file not necessary
[MD5.4D8BA2E4CDF22E8AE6EDA93133CAA84D] [SPRF][14/06/2011] (…) — C:UsersPierreAppDataLocalTempGoogleChromeInstaller.exe [579976] => Temporary file not necessary
[MD5.4842726AF66D7AFB8FAC1B7FEF0F5634] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempICReinstall_FLVPlayerSetup.exe [936640] => Temporary file not necessary
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempiojlkfmu.dll [0] => Empty File not necessary
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersPierreAppDataLocalTempQuarantine.exe [344355] => Temporary file not necessary
[MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.Pas de propriétaire – SendMsg.) — C:UsersPierreAppDataLocalTempSendMsg.dll [9216] => Temporary file not necessary
[MD5.39CA2C1AF7AB0621907A2606F617560B] [SPRF][19/08/2011] (…) — C:UsersPierreAppDataLocalTempSkypeSetup.exe [19505152] => Temporary file not necessary
[MD5.8CB22BDD0B7BA1AB13D742E22EED8DA2] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempsysid.dat [3] => Temporary file not necessary
[MD5.BDEE9D936EFB7C76DF778F45F1CF130D] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTemptrackid.dat [6] => Temporary file not necessary
[MD5.DA52CD11B68E526DE1EC4E730FF8AAF3] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempUnipack_Installer.exe [205436] => Temporary file not necessary
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempwl9px5qt.dll [0] => Empty File not necessary
[MD5.287F564C6947747642013BA1F772EEB8] [SPRF][25/11/2011] (…) — C:UsersPierreAppDataLocalTemp{F3ECBB9C-587F-41E7-AA59-FD6147BEF8CF}-chrome_installer.exe [15661977] => Temporary file not necessary
EmptyCLSID
Emptytemp
EmptyFlash

Double-clique sur le raccourci du programme “ZHPFix” qui est sur ton bureau

Dans l’interface du logiciel qui s’est ouvert, clique sur “Importer” pour coller le Script ZHPFix

Si le script n’est pas conforme
Un avertissement s’affiche
Le script doit comporter obligatoirement comme première ligne Script ZHPFix

Si le script est conforme
Le texte précédemment copié doit être maintenant affiché automatiquement dans l’interface de ZHPFix

Vérifie que le script dans ZHPFix correspond aux lignes précédentes
Clique sur le bouton « GO » pour lancer le nettoyage
Confirme ce nettoyage en cliquant sur “OUI” dans les deux fenêtres suivantes


Ce traitement peut durer jusqu’à plusieurs minutes avant le nettoyage proprement dit des lignes du script
Le nettoyage s’effectue, ne touche à rien pendant cette étape, si le programme demande un redémarrage du pc fait le
A l’issue un rapport ZHPFix.txt s’affiche dans la zone de rapport de l’interface et dans le bloc note Windows
Le rapport est aussi sauvegardé sur le Bureau Windows et dans le dossier : CUsernomxxxAppDataRoamingZHPZHPFix.txt

Poste le contenu de ce rapport par un copier/coller dans ta réponse sur le forum

Ferme ZHPFix et le bloc note par la croix rouge en haut à droite des deux fenêtres

Gabriel.