Répondre à : Ce virus qui transforme nos fichiers usb en raccourcis 2016-09-08T13:38:09+00:00
buckhulk
Participant
Nombre d'articles : 2391

pour spybot ouyi il faut le désinstaller , les P2P aussi !

n’oublie pas de mettyre java àçà jour : ICI pas ailleurs..

– l’extension : Iceberg si tu ne t’en sers pas tu devrais l’enlever !

voici :

  • Séléctionne et copie le script suivant :

    Script ZHPFix
    ShortcutFix
    Spybot - Search & Destroy v1.6.2 => Safer Networking Ltd - Spybot S&D
    Pando Media Booster v2.6.0.7 => P2P.Pando*
    [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe [2260480] [PID.6044]
    G1 - GCS: Preference [User DataDefault] None => Google Chrome, Aucune page de recherche
    P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll
    R0 - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://search.gophoto.it =>Spyware.GophotoIt
    O2 - BHO: Spybot-S&D IE Protection [64Bits] - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:Program Files (x86)Spybot - Search & DestroySDHelper.dll => Safer Networking Ltd - Spybot S&D
    O4 - GSQuickLaunch [Plum's]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:UsersPlum'sAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 - GSTaskBar [Plum's]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:UsersPlum'sAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 - GSDesktop [Plum's]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:UsersPlum'sAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 - HKCU..Run: [Pokki] Clé orpheline => Orphean Key not necessary
    O4 - HKCU..Run: [AdobeBridge] Clé orpheline => Orphean Key not necessary
    O4 - HKCU..Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe => Spybot-S&D Cleaning
    OPT:O4 - HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:Program Files (x86)QuickTimeQTTask.exe
    O17 - HKLMSystemCCSServicesTcpip..{C65A8BBC-663C-45CC-A41A-BE614E830D7A}: DhcpDomain = AN31.com
    O17 - HKLMSystemCS1ServicesTcpip..{C65A8BBC-663C-45CC-A41A-BE614E830D7A}: DhcpDomain = AN31.com
    O23 - Service: Launch Manager Service (LMSvc) . (.Acer Incorporate - LMSvc.) - C:Program FilesAcerAcer Launch ManagerLMSvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe => Safer Networking Ltd - Spybot S&D
    [MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002Core] (...) -- C:UsersPlum'sAppDataLocalFacebookUpdateFacebookUpdate.exe (.not file.) [0] => Facebook Update Task User
    [MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002UA] (...) -- C:UsersPlum'sAppDataLocalFacebookUpdateFacebookUpdate.exe (.not file.) [0] => Facebook Update Task User
    [MD5.91B0F4F0DE3BE6329795F8C97FF6D2E3] [APT] [Launch Manager] (.Acer Incorporate.) -- C:Program FilesAcerAcer Launch ManagerLMLauncher.exe [415272]
    [MD5.00000000000000000000000000000000] [APT] [Play Now Radio] (...) -- C:UsersPlum'sAppDataLocalplaynowradioplaynowradio1.3.4.1playnowradio.exe (.not file.) [0] =>PUP.PlayNowRadio
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002Core - (...) -- C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002Core.job [932] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002Core - (...) -- C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002Core [932] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002UA - (...) -- C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002UA.job [954] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002UA - (...) -- C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-353276136-3606058193-4158444329-1002UA [954] => Facebook Update Task User
    O42 - Logiciel: Acer Launch Manager - (.Acer Incorporated.) [HKLM][64Bits] -- {C18D55BD-1EC6-466D-B763-8EEDDDA9100E}
    O42 - Logiciel: Governor of Poker 2 Premium Edition - (.WildTangent.) [HKLM][64Bits] -- WTA-48fe6eef-c9a7-4487-8eb0-eacfda867465 => Online Poker Games
    O42 - Logiciel: Java 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF} => Sun Microsystems Java Update
    O42 - Logiciel: Norton Online Backup - (.Symantec Corporation.) [HKLM][64Bits] -- {40A66DF6-22D3-44B5-A7D3-83B118A2C0DC} =>.Symantec Corporation
    O42 - Logiciel: Norton Online Backup ARA - (.Symantec Corporation.) [HKLM][64Bits] -- NARA =>.Symantec Corporation
    O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E} => P2P.Pando*
    O42 - Logiciel: Shared C Run-time for x64 - (.McAfee.) [HKLM][64Bits] -- {EF79C448-6946-4D71-8134-03407888C054} => McAfee
    O42 - Logiciel: eBay Worldwide - (.OEM.) [HKLM][64Bits] -- {91589413-6675-4C27-8AFC-EFB9103B90A5} =>Toolbar.eBay
    O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent
    [HKCUSoftwarePando Networks] => P2P.Pando
    [HKLMSoftwareWow6432NodePando Networks] => P2P.Pando
    O43 - CFD: 26/12/2013 - 18:38:30 - [] ----D C:Program Files (x86)Pando Networks => P2P.Pando
    O43 - CFD: 30/12/2013 - 17:08:08 - [] ----D C:Program Files (x86)Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D
    O43 - CFD: 24/09/2013 - 22:51:50 - [] ----D C:ProgramDataboost_interprocess => boost.org
    O43 - CFD: 24/09/2013 - 23:35:58 - [] ----D C:ProgramDataOEM_YAHOO
    O43 - CFD: 27/04/2014 - 16:28:34 - [] ----D C:ProgramDataPMB Files =>P2P.Pando
    O43 - CFD: 30/12/2013 - 17:09:13 - [] ----D C:ProgramDataSpybot - Search & Destroy => Safer Networking Ltd - Spybot S&D
    O43 - CFD: 24/09/2013 - 22:51:50 - [] ----D C:ProgramDataSymantec => Symantec
    O43 - CFD: 30/04/2014 - 03:24:07 - [] ----D C:UsersPlum'sAppDataRoaminguTorrent =>P2P.µTorrent
    O43 - CFD: 16/02/2014 - 16:30:12 - [] ----D C:UsersPlum'sAppDataLocalplaynowradio =>PUP.PlayNowRadio
    O43 - CFD: 01/05/2014 - 18:41:14 - [] ----D C:UsersPlum'sAppDataLocalPMB Files =>P2P.Pando
    O45 - LFCP:[MD5.D54C498123CCCE965D2148586B8DEFCD] - 29/04/2014 - 23:55:05 ---A- - C:WindowsPrefetchUTORRENT.EXE-5F38F57D.pf =>P2P.µTorrent
    O51 - MPSK:{816aea63-c990-11e3-be87-54bef75db6ad}AutoRuncommand. (...) -- E:autorunner.exe (.not file.) => Fichier absent
    O51 - MPSK:{ae9b1a9a-7950-11e3-be7a-54bef75db6ad}AutoRuncommand. (...) -- E:LGAutoRun.exe (.not file.) => Fichier absent
    O61 - LFC: 25/04/2014 - 15:19:08 ---A- . (.BitTorrent Inc..) -- C:UsersPlum'sAppDataRoaminguTorrentuTorrent.exe [1266520] =>P2P.BitTorrent
    O61 - LFC: 25/04/2014 - 15:19:08 ---A- . (.BitTorrent Inc..) -- C:UsersPlum'sAppDataRoaminguTorrentupdates3.4.1_30888.exe [1266520] =>P2P.BitTorrent
    O69 - SBI: SearchScopes [HKCU] {EDAF0021-D6F6-4C41-B81F-3FCCA769621C} [DefaultScope] - (Search The Web (GoPhotoIt)) - http://search.gophoto.it =>Adware.IMBooster
    [MD5.4199DA4829C1B0056ED68E25E0682B14] [SPRF][17/01/2014] (.Evolus Co., Ltd. - Pencil GUI Prototyping Tool.) -- C:UsersPlum'sDesktopPencil-2.0.5.win32.installer.exe [24218412]
    O87 - FAEL: "TCP Query User{236991E4-48B1-4CF6-8AE8-2C85DCA57DD4}C:usersplum'sappdataroamingutorrentutorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:usersplum'sappdataroamingutorrentutorrent.exe =>P2P.BitTorrent
    O87 - FAEL: "UDP Query User{C1AC9C15-1873-417E-8CCD-6BDCE340620C}C:usersplum'sappdataroamingutorrentutorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:usersplum'sappdataroamingutorrentutorrent.exe =>P2P.BitTorrent
    O90 - PUC: "31498519576672C4A8CFFE9B01B3095A" . (.eBay Worldwide.) -- c:WindowsInstaller{91589413-6675-4C27-8AFC-EFB9103B90A5}_853F67D554F05449430E7E.exe =>Toolbar.eBay
    SR - | Auto 17/06/2013 431656 | (LMSvc) . (.Acer Incorporate.) - C:Program FilesAcerAcer Launch ManagerLMSvc.exe
    SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe => Safer Networking Ltd - Spybot S&D
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{91589413-6675-4C27-8AFC-EFB9103B90A5}] =>Toolbar.eBay^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstalluTorrent] =>P2P.BitTorrent^
    C:ProgramDataPMB Files =>P2P.Pando^
    C:UsersPlum'sAppDataRoaminguTorrent =>P2P.µTorrent^
    C:UsersPlum'sAppDataLocalplaynowradio =>PUP.PlayNowRadio^
    C:UsersPlum'sAppDataLocalPMB Files =>P2P.Pando^
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
    ProxyFix
    EmptyPrefetch
    EmptyFlash
    SysRestore
    FirewallRAZ
    EmptyTemp
  • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c’est le cas, Clic sur “GO


    exemple :

  • Confirmes les nettoyages des données en cliquant sur “Oui
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

Une fois que tu m’as fourni le rapport , tu me dis comment va ton PC s’il te plait
:merci2: 😉