Répondre à : Infection supports externes 2016-09-08T13:12:53+00:00
kink06
Nombre d'articles : 0

Re,

ok pour usbfix :super:
_______________________________________________________________________________________________

  • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

    Script ZHPFix =>
    ShortcutFix
    [MD5.171F1BB73D0238A7A56126D3459ECDCD] [SPRF] [ 15/10/2008] (...) -- C:UsersCTduHALGOUETAppDataLocalTempExtract.exe [50432] => Infection MagicControl (Possible)
    [MD5.DB521C3DC7B679226322033B09719ECA] [SPRF][31/07/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:UsersCTduHALGOUETAppDataLocalTempuninst1.exe [339440] =>Toolbar.Babylon
    [MD5.F29D3948973A1146282BE6343DC6DED1] [SPRF][06/11/2012] (.http://yourfiledownloader.com - YourFile Downloader.) -- C:UsersCTduHALGOUETAppDataLocalTempuninstall7446770.exe [1357744] =>PUP.YourFileDownloader
    [MD5.3D53B02F7DD2164D66A47AD0AD31D352] [SPRF][06/11/2012] (.http://yourfiledownloader.com - YourFile Downloader.) -- C:UsersCTduHALGOUETAppDataLocalTempuninstall7446785.exe [469936] =>PUP.YourFileDownloader
    [MD5.3F265B68095CF025EFA98E7FDEC50454] [SPRF][06/11/2012] (.http://yourfiledownloader.com - YourFile Downloader.) -- C:UsersCTduHALGOUETAppDataLocalTempuninstall7446848.exe [4157360] =>PUP.YourFileDownloader
    O87 - FAEL: "{F7D32FC2-9545-42E3-B61D-CF1C0DC4450A}" |In - Public - P6 - TRUE | .(...) -- C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
    O87 - FAEL: "{D9920DBA-AC24-489E-A5C3-D1FDBAB82FDB}" |In - Public - P17 - TRUE | .(...) -- C:Program Files (x86)YourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
    O87 - FAEL: "{D41529A9-6321-4D54-B6A7-FD9D3B516B71}" |In - Public - P6 - TRUE | .(...) -- C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
    O87 - FAEL: "{54C27991-F2E2-4CCC-941A-537E3BD962C3}" |In - Public - P17 - TRUE | .(...) -- C:Program Files (x86)YourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
    [HKLMSoftwareWow6432NodeMicrosoftTracingYourFile_RASAPI32] =>PUP.YourFileDownloader
    [HKLMSoftwareWow6432NodeMicrosoftTracingYourFileUpdater_RASAPI32] =>PUP.YourFileDownloader
    [HKLMSoftwareWow6432NodeMicrosoftTracingYourFileUpdater_RASMANCS] =>PUP.YourFileDownloader
    C:UsersCTduHALGOUETAppDataLocalTempuninst1.exe =>Toolbar.Babylon^
    C:UsersCTduHALGOUETAppDataLocalTempuninstall7446770.exe =>PUP.YourFileDownloader^
    C:UsersCTduHALGOUETAppDataLocalTempuninstall7446785.exe =>PUP.YourFileDownloader^
    C:UsersCTduHALGOUETAppDataLocalTempuninstall7446848.exe =>PUP.YourFileDownloader^
    C:UsersCTduHALGOUETAppDataLocalTempGoogleToolbarInstaller1.log =>Toolbar.Babylon
    C:UsersCTduHALGOUETAppDataLocalTempGoogleToolbarInstaller2.log =>Toolbar.Babylon
    O45 - LFCP:[MD5.23B5E585CBE88F60388F6CCCA0B955FA] - 31/10/2013 - 15:28:15 ---A- - C:WindowsPrefetchINSTALLER.EXE-C92AF9B8.pf
    O51 - MPSK:{f279a343-fe8a-11e2-af95-83fa09098d56}AutoRuncommand. (...) -- G:AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB
    O51 - MPSK:{f279a35b-fe8a-11e2-af95-83fa09098d56}AutoRuncommand. (...) -- G:AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB
    O51 - MPSK:{f279a385-fe8a-11e2-af95-83fa09098d56}AutoRuncommand. (...) -- G:AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB
    O51 - MPSK:{f279a38b-fe8a-11e2-af95-83fa09098d56}AutoRuncommand. (...) -- G:AutoRun.exe (.not file.) => Microsoft Windows NT or Infection USB
    O87 - FAEL: "{45AB2A89-2043-42ED-A55A-FCFC49E25C9E}" |In - Public - P6 - TRUE | .(...) -- C:Program Files (x86)GigaTribegigatribe.exe (.not file.) => GigaTribe%PeerToPeer
    O87 - FAEL: "{356D1282-2F80-42C1-9E81-46AD937BB972}" |In - Public - P17 - TRUE | .(...) -- C:Program Files (x86)GigaTribegigatribe.exe (.not file.) => GigaTribe%PeerToPeer
    Software Protection Service (Protection logicielle) : KO => Windows Protection Logicielle désactivée
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified => SYSTEM : Active Desktop désactivé et configuration refusée
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified => SECURITE : User Account Control désactivé (UAC)
    R5 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
    O55 - MWPS:[HKLM...PoliciesSystem] - "EnableLUA"=0 => Désactive le contrôle de compte d'utilisateur
    O55 - MWPS:[HKLM...PoliciesSystem] - "EnableUIADesktopToggle"=0 => Disable Vista UIAccess applications (UAC)
    O55 - MWPS:[HKLM...PoliciesSystem] - "PromptOnSecureDesktop"=0 => Changement impossible de bureau quand on élève les privilèges
    O55 - MWPS:[HKLM...PoliciesSystem] - "FilterAdministratorToken"=0 => Le compte "Administrateur" n'est pas soumis aux approbations
    O56 - MWPE:[HKLM...policiesExplorer] - "NoActiveDesktopChanges"=1 => Users can't enable, disable, and configure Active desktop
    O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    OPT:O4 - HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe
    OPT:O4 - HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:Program Files (x86)QuickTimeQTTask.exe
    OPT:O4 - HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:Program Files (x86)iTunesiTunesHelper.exe
    O3 - ToolbarWebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Cl� orpheline => Toolbar.Google
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    SysRestore
    EmptyFlash
    EmptyCLSID
    Firewallraz
    EmptyTemp

    1. Clique sur Importer
    2. Puis Clic sur “GO

  • Confirmes les nettoyages des données en cliquant sur “Oui

  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.