Répondre à : clé USB qui crée des raccourcis 2016-09-08T13:20:40+00:00
lilidurhone
Post count: 0

Hello

On va utiliser Zhpfix

  • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

    Script ZHPFix
    R0 - HKCUSOFTWAREPoliciesMicrosoftInternet ExplorerMain,Start Page = http://seeearch.com =>PUP.StartSearch
    G2 - GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
    O39 - APT:Automatic Planified Task - C:WindowsTasksAutoKMS.job [204]
    [MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:WindowsAutoKMS.exe (.not file.) [0] =>Trojan.Keygen
    [MD5.00000000000000000000000000000000] [APT] [{9DE9C10B-ACFE-4B05-A85A-4CA63335C2DC}] (...) -- C:UsersEstelleDownloadssetup_MBPDualFinance.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{DDD62423-E81B-441D-AE4C-A397FFE8DE58}] (...) -- C:UsersEstelleDownloadsdotnetfx3setup.exe (.not file.) [0]
    [HKCUSoftwareƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ő¶¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“]
    O87 - FAEL: "TCP Query User{C5AA0DBA-7180-4724-AA70-C0D4C4F73C24}C:windowskmsemulator.exe" |In - Private - P6 - TRUE | .(...) -- C:windowskmsemulator.exe (.not file.)
    O87 - FAEL: "UDP Query User{EE06C030-48E0-43C4-AEC1-2AE83C3422C0}C:windowskmsemulator.exe" |In - Private - P17 - TRUE | .(...) -- C:windowskmsemulator.exe (.not file.)
    O87 - FAEL: "{85DF2542-2B50-4AE6-AA69-797BD3B978AD}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{D22A39B3-B3DB-4476-9DE1-44F72EC21D97}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
    O87 - FAEL: "{5E7C61A0-7EF2-48BD-A0D3-C8EBE613B59F}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 - FAEL: "{2619FA99-2103-4449-A982-986FBCE06704}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
    O87 - FAEL: "{B9FAA9C3-F9CD-4997-9A1C-B7CE497B5C7C}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 - FAEL: "{F02919DF-55DA-42FC-A86D-3A67F488FEA7}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
    O87 - FAEL: "TCP Query User{3AE7D255-DCA3-43A3-BC37-8A6283A8C303}C:usersestelleappdataroamingcacaowebcacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    O87 - FAEL: "UDP Query User{A995ABB7-514E-4DC2-8E67-93D2ED919958}C:usersestelleappdataroamingcacaowebcacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:usersestelleappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
    [HKLMSoftwareGoogleChromeExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp] =>PUP.BubbleDock^
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKLMSoftwareClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerFeatures25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeClassesInstallerProducts25BD30E1BC5D83343A835E62DDD4D41B] =>Toolbar.Bing
    C:UsersEstelleAppDataLocalGoogleChromeUser DataDefaultExtensionskbjlipmgfoamgjaogmbihaffnpkpjajp =>PUP.BubbleDock^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:UsersEstelleAppDataRoamingPanel+ =>Toolbar.Ipsos^
    C:UsersEstelleAppDataLocalPanel+ =>Toolbar.Ipsos^
    C:UsersEstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsPanel+ =>Toolbar.Ipsos^
    Sysrestore
    Emptytemp

    1. Clique sur Importer
    2. Puis Clic sur “GO

  • Confirmes les nettoyages des données en cliquant sur “Oui
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.