Répondre à : je suis infecté par Rvzr-a.akamaihd.net 2016-09-08T13:17:41+00:00
kink06
Nombre d'articles : 0

ok ce bon pour RK 😉

fais ceci =>

  • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    A l’aide de la souris (clic gauche maintenu), sélectionne et copie (clic droit/copier) le contenu de l’encadré ci-dessous

    Script ZHPFix =>
    ShortcutFix
    OPT:O4 - HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:Program Files (x86)QuickTimeQTTask.exe
    O4 - GSDesktop [Public]: VideoPlayer.lnk . (.Tuguu SL - VAFPlayer.) -- C:Program Files (x86)VideoPlayerVAFPlayer.exe =>PUP.VAFPlayer
    [MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [SPRF][13/11/2013] (...) -- C:UsersMarcAppDataLocalTempSHSetup.exe [46777424] =>Crapware.SpyHunter
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeDealPlyUpdate] =>PUP.DealPly
    C:UsersMarcAppDataLocalTempSHSetup.exe =>Crapware.SpyHunter^
    O4 - HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 - HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 - HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 - HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 - HKUSS-1-5-21-3276447124-3267704847-3369086511-1000..Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:Program Files (x86)SuperCopier2SuperCopier2.exe
    O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline => Toolbar.Avast
    O23 - Service: Bing Bar Update Service (BBSvc) . (...) - C:Program Files (x86)MicrosoftBingBarBBSvc.exe (.not file.) =>Toolbar.Bing
    [HKLMSYSTEMCurrentControlSetServicesBBSvc] =>Toolbar.Bing^
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified => SYSTEM : Active Desktop désactivé et configuration refusée
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified => EXPLORER : N'affiche pas MyDocs dans le menu de démarrage
    R5 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1 => Internet Explorer Allows Proxy Settings Remotely
    O55 - MWPS:[HKLM...PoliciesSystem] - "EnableUIADesktopToggle"=0 => Disable Vista UIAccess applications (UAC)
    O55 - MWPS:[HKLM...PoliciesSystem] - "FilterAdministratorToken"=0 => Le compte "Administrateur" n'est pas soumis aux approbations
    Spybot - Search & Destroy v1.6.2 => Safer Networking Ltd - Spybot S&D
    [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [1153368] [PID.2664]
    [MD5.00000000000000000000000000000000] [APT] [4568] (...) -- C:UsersMarcAppDataLocalTemplaunchie.vbs \B (.not file.) [0] => Fichier absent
    [MD5.00000000000000000000000000000000] [APT] [{4B8F0ACE-4302-46D2-96FC-EC8E9208D00A}] (...) -- D:Marcsoftwaresetup-towebv3-fr.exe (.not file.) [0] => Fichier absent
    O44 - LFC:[MD5.88ED827AE5EA798755652BF17AD20ED9] - 14/11/2013 - 00:50:05 ---A- . (...) -- C:WindowsIE11_main.log [9768] => Fichiers de rapport (Log)
    O51 - MPSK:{eb3b6ef0-f32f-11e0-9e80-e0cb4e5f345b}AutoRuncommand. (...) -- F:Startme.exe (.not file.) => Fichier absent
    [MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [SPRF][22/06/2012] (...) -- C:UsersMarcAppDataLocalTempESGScanner.sys [22704] => Temporary file not necessary
    [MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (...) -- C:UsersMarcAppDataLocalTempQuarantine.exe [350377] => Temporary file not necessary
    [MD5.189182EF81D5A40617AF65B3AC810D55] [SPRF][13/11/2013] (...) -- C:UsersMarcAppDataLocalTempsh4plist.dat [148] => Temporary file not necessary
    O87 - FAEL: "{567FC57C-71E5-4E79-B85D-AFD13BBDC3F7}" |In - Public - P6 - TRUE | .(...) -- C:Program Files (x86)ImmobilierLoyerrocherdigitalGUI.exe (.not file.) => Fichier absent
    O4 - GSTaskBar [Marc]: CDex.exe - Raccourci.lnk . (.The CDex Project - http://cdexos.sourceforg - CDex - Open Source Digital Audio CD Extract.) -- C:Program Files (x86)CDexCDex.exe
    O4 - GSTaskBar [Marc]: Lauyan TOWeb V4.lnk . (.Lauyan Software - Lauyan TOWeb executable file.) -- C:Program Files (x86)LauyanTOWeb V4TOWeb.exe
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
    [MD5.CA7DAD6C20EE8CC18ED4B6013921A070] [SPRF][20/06/2010] (...) -- C:ProgramDataezsidmv.dat [56]
    [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (...) -- C:ProgramDataFullRemove.exe [131368]
    [MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [SPRF][22/06/2012] (...) -- C:UsersMarcAppDataLocalTempESGScanner.sys [22704]
    [MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (...) -- C:UsersMarcAppDataLocalTempQuarantine.exe [350377]
    [MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [SPRF][13/11/2013] (...) -- C:UsersMarcAppDataLocalTempSHSetup.exe [46777424]
    [MD5.E0D54F3A6F24B2A0E0CF9EE725A1D113] [SPRF][14/11/2013] (.Pas de propriétaire - g3n-h@ckm@n.) -- C:UsersMarcDesktopShortcut_Module.exe [727538]
    C:UsersMarcAppDataLocalTempSHSetup.exe
    Spybot - Search & Destroy v1.6.2
    [MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [1153368] [PID.2664]
    SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe
    O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
    O3 - ToolbarWebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    [MD5.00000000000000000000000000000000] [APT] [4568] (...) -- C:UsersMarcAppDataLocalTemplaunchie.vbs \B (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{27582C64-626F-46EC-BFCA-3788A76721F2}] (...) -- F:setupSNK.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{4B8F0ACE-4302-46D2-96FC-EC8E9208D00A}] (...) -- D:Marcsoftwaresetup-towebv3-fr.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{B98F7D6A-5EA2-4148-B050-5705A68B64E6}] (...) -- F:Vodaphone_uninstaller.exe (.not file.) [0]
    O51 - MPSK:{33ed6000-b2cb-11df-a2f5-806e6f6e6963}AutoRuncommand. (...) -- F:Vodaphone_uninstaller.exe (.not file.)
    O51 - MPSK:{33ed603f-b2cb-11df-a2f5-e0cb4e5f345b}AutoRuncommand. (...) -- F:Vodaphone_uninstaller.exe (.not file.)
    O51 - MPSK:{33ed607b-b2cb-11df-a2f5-e0cb4e5f345b}AutoRuncommand. (...) -- F:Vodaphone_uninstaller.exe (.not file.)
    O51 - MPSK:{66656121-b2bc-11df-991d-806e6f6e6963}AutoRuncommand. (...) -- F:Vodaphone_uninstaller.exe (.not file.)
    O51 - MPSK:{eb3b6ef0-f32f-11e0-9e80-e0cb4e5f345b}AutoRuncommand. (...) -- F:Startme.exe (.not file.)
    O87 - FAEL: "TCP Query User{F62CFD9F-00F5-4E5B-991E-69F50C3F0DC4}C:program files (x86)lauyantoweb v3toweb.exe" |In - Private - P6 - TRUE | .(...) -- C:program files (x86)lauyantoweb v3toweb.exe (.not file.)
    O87 - FAEL: "UDP Query User{818DEF2F-BF4B-43CC-B300-035751CD0C3B}C:program files (x86)lauyantoweb v3toweb.exe" |In - Private - P17 - TRUE | .(...) -- C:program files (x86)lauyantoweb v3toweb.exe (.not file.)
    O87 - FAEL: "TCP Query User{9F37A9DB-25C4-4B87-AF09-5D90E1E0880F}C:program files (x86)lauyantoweb v3toweb.exe" |In - Public - P6 - TRUE | .(...) -- C:program files (x86)lauyantoweb v3toweb.exe (.not file.)
    O87 - FAEL: "UDP Query User{76E37F60-01AE-41CC-BDF0-111F83827D6F}C:program files (x86)lauyantoweb v3toweb.exe" |In - Public - P17 - TRUE | .(...) -- C:program files (x86)lauyantoweb v3toweb.exe (.not file.)
    O87 - FAEL: "{567FC57C-71E5-4E79-B85D-AFD13BBDC3F7}" |In - Public - P6 - TRUE | .(...) -- C:Program Files (x86)ImmobilierLoyerrocherdigitalGUI.exe (.not file.)
    O87 - FAEL: "{1DD24127-56C0-4E0E-854F-E46B426AAC0C}" |In - Public - P17 - TRUE | .(...) -- C:Program Files (x86)ImmobilierLoyerrocherdigitalGUI.exe (.not file.)
    O87 - FAEL: "{1D932A4D-7231-4C9D-AC05-33357FBD7B15}" |In - Public - P6 - TRUE | .(...) -- C:Program Files (x86)ImmobilierLoyerrocherdigitalmysqlbinmysqld.exe (.not file.)
    O87 - FAEL: "{1C961BBE-E99F-46D2-ABF4-3AAA1422118A}" |In - Public - P17 - TRUE | .(...) -- C:Program Files (x86)ImmobilierLoyerrocherdigitalmysqlbinmysqld.exe (.not file.)
    O87 - FAEL: "TCP Query User{8497F85F-9F40-4746-8F59-A6CDA5F31605}C:program files (x86)soulseeknsslsk.exe" |In - Private - P6 - TRUE | .(...) -- C:program files (x86)soulseeknsslsk.exe (.not file.)
    O87 - FAEL: "UDP Query User{E8CF4746-C752-406F-977A-2B3FCEABD623}C:program files (x86)soulseeknsslsk.exe" |In - Private - P17 - TRUE | .(...) -- C:program files (x86)soulseeknsslsk.exe (.not file.)
    O87 - FAEL: "{3F0F2128-2320-4847-A49E-4D1ECF470C54}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.)
    O87 - FAEL: "{542A67C4-42B2-459C-AACC-8843FB525C90}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)GoforFilesgoforfilesdl.exe (.not file.)
    O87 - FAEL: "{484A7B3D-99F3-48D4-88E4-C4B451635E8C}" |In - Private - P6 - TRUE | .(...) -- C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.)
    O87 - FAEL: "{4695DE32-38B4-47F7-93E6-A41B2DA608CD}" |In - Private - P17 - TRUE | .(...) -- C:Program Files (x86)GoforFilesGoforFiles.exe (.not file.)
    O87 - FAEL: "{1DD24127-56C0-4E0E-854F-E46B426AAC0C}" |In - Public - P17 - TRUE | .(...) -- C:Program Files (x86)ImmobilierLoyerrocherdigitalGUI.exe (.not file.) => Fichier absent
    SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe => Safer Networking Ltd - Spybot S&D
    SysRestore
    EmptyFlash
    EmptyCLSID
    Hostfix
    ProxyFix
    Firewallraz
    EmptyTemp

    1. Clique sur Importer
    2. Puis Clic sur “GO

  • Confirmes les nettoyages des données en cliquant sur “Oui

  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.