Répondre à : Infecté par http://www_getwindowinfo 2016-09-08T13:40:01+00:00
Anonyme
Post count: 0

:hello: ,

Envoi ce fichier : C:UsersRafouDownloadsFreeFlash.exe (Il est dans ton dossier de téléchargement) ici stp : upload-malware-pour-analyse.html Pour analyse et traitement (C’est infectieux)

  • Séléctionne et copie le script suivant :

    Script ZHPFix
    O2 - BHO: (no name) [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Clé orpheline
    O2 - BHO: (no name) [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} Clé orpheline
    O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
    O3 - ToolbarWebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 - ToolbarWebBrowser: (no name) - [HKCU]{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} Clé orpheline
    O4 - HKLM..Run: [TosNC] C:Program Files (x86)ToshibaBulletinBoardTosNcCore.exe (.not file.)
    O4 - HKLM..Run: [TosReelTimeMonitor] C:Program Files (x86)TOSHIBAReelTimeTosReelTimeMonitor.exe (.not file.)
    O41 - Driver: ({b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64) . (.StdLib - StdLib.) - C:WindowsSystem32drivers{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gw64.sys =>PUP.LinkiDoo
    [HKCUSoftwareUpdateSoft]
    O43 - CFD: 09/05/2014 - 10:46:09 - [] ----D C:Program Files (x86)Flash Update
    O44 - LFC:[MD5.CD81F6DF96AC72F4C76ED554041BC9D7] - 10/05/2014 - 12:06:26 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
    O61 - LFC: 09/05/2014 - 21:33:41 ---A- . (.Free Software Network.) -- C:UsersRafouDownloadsFreeFlash.exe [1197158]
    O61 - LFC: 10/05/2014 - 21:33:41 ---A- . (...) -- C:UsersRafouDesktopShortcut_Module.exe [2560000]
    O61 - LFC: 10/05/2014 - 21:33:41 ---A- . (...) -- C:UsersRafouDesktopadwcleaner.exe [1316991]
    O61 - LFC: 10/05/2014 - 21:33:41 ---A- . (...) -- C:UsersRafouDownloadsdelfix.exe [709260]
    O61 - LFC: 10/05/2014 - 21:33:41 ---A- . (.Nicolas Coolman.) -- C:UsersRafouDesktopzhpdiag2.exe [6779208] =>.Nicolas Coolman
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF754C503375A13344B22388E18DFE87E] =>PUP.SweetIM
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:Windows Client Manager =>Adware.FlashUpdate^
    C:Program Files (x86)Flash Update =>Adware.FlashUpdate^
    firewallraz
    emptyclsid
    emptyprefetch
    EmptyCLSID
    Emptytemp
    EmptyFlash
    ShortcutFix
  • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c’est le cas, Clic sur “GO

  • Confirmes les nettoyages des données en cliquant sur “Oui
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.