Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par did80
#226736
bonjour

ceci stp

Image Télécharger zhpdiag de N Coolman

http://www.nicolascoolman.com/fr/download/zhpdiag/

ou

http://www.nicolascoolman.fr/telecharger/

Enregistrer le Fichier sur le bureau important

exécuter en tant qu'administrateur pour Vista/7) pour lancer le programme d'assistant d'installation

1/ ouvrir les options et tout cocher

Image


Image


cliquer sur scanner

Image

cliques sur rapport


Le rapport zhpdiag.txt sera sur ton bureau

très volumineux incomplet sur le forum

il faut le poster sur www.cjoint.com

Image

Me donner le lien formé qui ressemble a çà
http://cjoint.com/?BJlkjReCl6v4

2/
Image Télécharger FARBAR et l' enregistrer-le sur le Bureau

prendre la version compatible 32 ou 64 bits


http://www.bleepingcomputer.com/downloa ... scan-tool/

ou

http://www.nicolascoolman.fr/telecharger/


Faites un clic droit sur le fichier téléchargé (FRST.exe/FRST64.exe) et choisissez Exécuter en tant qu'administrateur


cocher les cases comme sur l'image ci dessous

Cliquer sur le bouton Analyser


Image


L'outil va créer 3 rapports sur le bureau:
  • Frst.txt
    Addition.txt
    Shortcut.txt

Mettre les 3 rapports
Frst Addition et Shorcut ici car ils prennent bien de la place.

http://cjoint.com/ et me donner les liens

@+
#226749
ceci stp

Lance Farbar

Image


Copies les lignes suivantes dans le cadre rouge


start::
CloseProcesses:
CreateRestorePoint:
ShortcutTarget: LibreOffice 5.2.lnk -> C:\Program Files (x86)\LibreOffice 5\program\quickstart.exe (Pas de fichier)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-955706339-1380046564-3651520312-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_17_05&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyC0C0FtDyEzyyDyCyD0AtBzy0DtAyC0AtN0D0Tzu0StCzzyCtCtN1L2XzutAtFtByBtFtDtFyDtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBtC0Czy0A0C0CtCtGyEzzyBtAtGtCtAzz0CtGyD0D0F0CtGzztByCtDtByEtAtDzz0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyB0Ezy0C0ByEtBtGtC0Czz0AtGyEyDyCyDtGzz0EtD0CtGyCyE0ByBtDzztB0E0C0AtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBtC%26cr%3D117461715%26a%3Dwbf_frmr_17_05%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
Task: {1A1B0196-2B9C-486B-B6DE-4523D0BDD4E3} - \Microsoft\Windows\UNP\RunCampaignManager -> Pas de fichier <==== ATTENTION
Task: {CEE428BB-D2BE-4549-AF2B-E50918685F8B} - \WPD\SqmUpload_S-1-5-21-955706339-1380046564-3651520312-1001 -> Pas de fichier <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered narim.job => Wscript.exe C:\ProgramData\{E48221E1-6EC0-AB27-E806-35657244BEAB}\tafa.txt <==== ATTENTION
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
DeleteKey: HKLM\SOFTWARE\SlimWare Utilities Inc
DeleteKey: HKLM\SOFTWARE\WOW6432Node\SlimWare Utilities Inc
C:\ProgramData\Goodgame Empire
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{EC69200F-17CB-4B64-983F-77B8EBB725A4}G:\camera\monitorclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F86D8C44-71F0-4040-AA05-176C478065E1}G:\camera\monitorclient.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D459D46E-D0AA-4D48-A2BC-63452A9C197F}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4273C73F-2985-4DBE-87BD-336D26730589}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D74329F6-553D-4018-B607-D592078E4B92}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5B0EF4BF-569C-4490-BEFC-64D21D2B8F5E}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C5DE2407-26D9-4E48-8B84-B0337A4062D6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C8B88C97-2119-4173-9077-B613EAF1596C}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DCFC913F-4E9B-42C6-A013-5F67C358A0AA}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{7D154CCC-4CAA-4C79-91C8-4A6FFCEDDEE0}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A51ED1F7-5FD6-4845-96F7-81FCE23259F6}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4A5A2620-117F-4F99-B198-5016CF4408DF}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{FFB89EEA-EFCF-4156-BC81-CA72A260FB62}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\POContextMenuHandler64
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\000
C:\Users\christophe\AppData\Local\Google\Chrome\User Data\Default\File System\001



EmptyTemp:
end::

Corrige et heberge le rapport fixlog

@+
Infection probable

salut Hedgehog celui ci maintenant Tu peux […]

USB/virus/ autorun/ collèges

salut si ton probleme est toujours d'actualit&eac[…]

De rien Bonne fin de soirée. .

[g3n-h@ckm@n] adsf bloque a 15 %

virus total ne dit rien mais le nom du fichier me […]