Répondre à : clé USB fichiers disparus 2016-09-08T13:41:50+00:00
buckhulk
Participant
Nombre d'articles : 2391

tu passes ce script , et après tu me dis comment ça va ?

  • Séléctionne et copie le script suivant :

    Script ZHPFix
    ShortcutFix
    O3 - ToolbarWebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline => PUP.SweetIM
    OPT:O4 - HKLM..Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:Program FilesLaunch ManagerLManager.exe
    OPT:O4 - HKLM..Run: [RemoteControl] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    OPT:O4 - HKLM..Run: [NeroFilterCheck] . (.Ahead Software Gmbh - NeroCheck.) -- C:Windowssystem32NeroCheck.exe
    OPT:O4 - HKLM..Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:Program FilesQuickTimeQTTask.exe
    OPT:O4 - HKLM..Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:Program FilesiTunesiTunesHelper.exe
    O4 - HKCU..Run: [PhotoShow Deluxe Media Manager] C:Program FilesAheadNEROPH~2dataXtrasmssysmgr.exe (.not file.)
    O4 - HKUSS-1-5-21-1166806793-3490160324-3627518642-1001..Run: [PhotoShow Deluxe Media Manager] C:Program FilesAheadNEROPH~2dataXtrasmssysmgr.exe (.not file.)
    O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} . (...) -- C:Program FilesAcer Bio ProtectionIETag.ico => WIDCOMM/Acer or Trojan.Favadd
    OPT:O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:Program FilesBonjourmDNSResponder.exe
    [MD5.00000000000000000000000000000000] [APT] [Driver Fetch] (...) -- C:Program FilesDriver Fetch2.3.0.5DriverFetch.exe (.not file.) [0] => Fichier absent
    [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001Core] (.Facebook Inc..) -- C:UsersPAPAAppDataLocalFacebookUpdateFacebookUpdate.exe [138096]
    [MD5.2A3FB4C98F139038E23330D2439DB8A4] [APT] [FacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001UA] (.Facebook Inc..) -- C:UsersPAPAAppDataLocalFacebookUpdateFacebookUpdate.exe [138096]
    [MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:Program FilesGoogleUpdateGoogleUpdate.exe [133104]
    [MD5.626A24ED1228580B9518C01930936DF9] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:Program FilesGoogleUpdateGoogleUpdate.exe [133104]
    [MD5.00000000000000000000000000000000] [APT] [{28D30FE9-C7E9-4267-A6B5-6CC260EBF4CD}] (...) -- C:UsersPAPADesktopDownloadsSynaptics_v15_2_20_C_XP32_Vista32_Win7-32_Signed_Marketing_SGS94_UI-Scrybe.exe (.not file.) [0] => Fichier absent
    [MD5.00000000000000000000000000000000] [APT] [{792B2C72-5453-40E2-9672-0F388EE35F7A}] (...) -- C:UsersPAPAAppDataLocalTempRar$EX01.448eAudio_Acer_v3.0.3009_VISTAx86x64SetXX.exe (.not file.) [0] => Fichier absent
    [MD5.00000000000000000000000000000000] [APT] [{FB613A7F-97D9-4FAC-9E39-14E8B060F5DB}] (...) -- C:UsersPAPADesktopDownloads275.33-desktop-win7-winvista-32bit-international-whql.exe (.not file.) [0] => Fichier absent
    [MD5.00000000000000000000000000000000] [APT] [{FBE72F7B-6477-407F-9A95-1AEDB944D8C0}] (...) -- C:Program FilesBabylonToolbarBabylonToolbar1.8.7.2GUninstaller.exe (.not file.) [0] =>PUP.Babylon
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001Core - (.Facebook Inc..) -- C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001Core.job [902] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001Core - (.Facebook Inc..) -- C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001Core [902] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001UA - (.Facebook Inc..) -- C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001UA.job [924] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001UA - (.Facebook Inc..) -- C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-1166806793-3490160324-3627518642-1001UA [924] => Facebook Update Task User
    O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX => Adobe Systems
    [HKCUSoftware592de8cbd35b840] =>Hijacker.Eazel
    [HKCUSoftwareAppDataLowSoftwareVuze_Remote] =>P2P.Azureus
    [HKCUSoftwareAppDataLowSoftwareselection-tool]
    [HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}] => PUP.OptimizerPro
    [HKCUSoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}] => Trojan.SProtector
    [HKCUSoftwareIncrediMail] => Messaging.Incredimail
    [HKCUSoftwareMCAFEE]
    [HKCUSoftwareUpdateStar] =>Adware.Boxore
    [HKCUSoftwareWNLT] =>Adware.IncrediBar
    [HKCUSoftwaremc] => Possible
    [HKLMSoftware592de8cbd35b840] =>Hijacker.Eazel
    [HKLMSoftwareSoftware] => PixArt or IncrediMail
    [HKLMSoftwareTutorials] =>PUP.AgenceExclusive
    [HKLMSoftwareWNLT] =>Adware.IncrediBar
    O43 - CFD: 25/01/2014 - 17:11:59 - [] ----D C:ProgramDataUpdater =>PUP.CrossRider
    O43 - CFD: 25/02/2013 - 12:13:46 - [] ----D C:UsersPAPAAppDataRoamingSearchya =>Adware.SearchYa
    O43 - CFD: 24/08/2011 - 11:32:56 - [] ----D C:UsersPAPAAppDataLocalpixeasy Air => Adware.SPointer
    O61 - LFC: 20/05/2014 - 10:54:35 ---A- . (...) -- C:UsersPAPAAppDataLocalLowSkwConfig.bin [18608] => Adware.SurfAndKeep
    O90 - PUC: "B2FD9C0A5B9838449838816A28001F4B" . (.SweetIM for Messenger 3.7.) -- C:WindowsInstaller{A0C9DF2B-89B5-4483-8983-18A68200F1B4}ARPPRODUCTICON.exe =>PUP.SweetIM
    [HKCUSoftware592de8cbd35b8402.6.1339.144upd]:="upd=1" =>Hijacker.Eazel
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:version="2.6.1095.52" =>Hijacker.Eazel
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80" =>Hijacker.Eazel
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version="2.6.1249.132" =>Hijacker.Eazel
    [HKCUSoftware592de8cbd35b840] =>PUP.Babylon^
    [HKLMSoftware592de8cbd35b840] => Infection PUP (Hijacker.Eazel)
    HKLMSOFTWAREMicrosoftTracingAzureus_RASAPI32 =>P2P.Azureus
    HKLMSOFTWAREMicrosoftTracingAzureus_RASMANCS =>P2P.Azureus
    HKLMSOFTWAREMicrosoftTracingbiclient_RASAPI32 =>Adware.MegaSearch
    HKLMSOFTWAREMicrosoftTracingbiclient_RASMANCS =>Adware.MegaSearch
    OPT:SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:Program FilesBonjourmDNSResponder.exe
    [HKLMSoftwareClassesCLSID{7E84186E-B5DE-4226-8A66-6E49C6B511B4}] =>Adware.Yontoo
    [HKLMSoftwareClassesCLSID{99066096-8989-4612-841F-621A01D54AD7}] =>Adware.Agent
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] =>Adware.Yontoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
    [HKLMSoftwareClassesInstallerFeaturesEB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
    [HKLMSoftwareClassesInstallerProductsEB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM
    [HKLMSoftwareTutorials] =>Spyware.AgenceExclusive
    [HKCUSoftwareWNLT] =>Adware.IncrediBar
    [HKLMSoftwareWNLT] =>Adware.IncrediBar
    [HKLMSoftwareClassesInstallerFeaturesB2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
    [HKLMSoftwareClassesInstallerProductsB2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components698B1BCDAEA97B945AE4001A96F1E755] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7E6611210321F8640B41F98B10A8BD0A] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components88ADFBDCA3E069A47B07ECC2CED1E2B2] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB2F30BE10C5A9DD43A593262265CA298] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
    [HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
    [HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110111271167}] =>PUP.CrossRider
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
    [HKLMSoftwareClassesInterface{EEE6C359-6118-11DC-9C72-001320C79847}] =>PUP.SweetIM^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsC06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^
    C:ProgramDataUpdater =>PUP.CrossRider^
    C:UsersPAPAAppDataRoamingSearchya =>Adware.SearchYa^
    C:UsersPAPAAppDataLocalpixeasy Air =>Adware.SPointer
    [HKCUSoftwareAppDataLowSoftwareVuze_Remote] =>P2P.Azureus^
    [HKCUSoftwareUpdateStar] =>Adware.Boxore^
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1095.52]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
    [HKCUSoftware592de8cbd35b840history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" =>Hijacker.Eazel^
    [HKCUSoftware592de8cbd35b840] =>PUP.Babylon^^
    ProxyFix
    EmptyPrefetch
    EmptyFlash
    SysRestore
    FirewallRAZ
    EmptyTemp

  • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c’est le cas, Clic sur “GO


    exemple :

  • Confirmes les nettoyages des données en cliquant sur “Oui
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.