Répondre à : Système probablement infecté 2016-09-08T13:58:13+00:00
buckhulk
Participant
Nombre d'articles : 2391

j’avais demandé les mises à jour :

Re: Système probablement infecté
Messagepar buckhulk » 18 Aoû 2014, 13:36

bonjour,
tu vas mettre à jour :
Adobe Flash Player 9 ActiveX => Adobe Systems >>> Flash Player choisir ta version

Adobe Reader 8.1.2 - Français => Adobe Systems - Adobe Reader↑ >>> Adobe Reader décocher McAfee

il faut les faire !!

c’est comme si aucun outil n’avait été passés !!

c’est à cause de ça qu’il y a des soucis :

G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackColor.Finesse.v2.1.10.Win.for.After.Effects.and.Premiere.Pro.Cracked.INTERNAL-VRColor Finesse 2.1.10 PI Installer for AE and PrPro.exe   =>.Crack,Keygen
G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackZaxwerksZaxwerks ProAnimator v4.0.300keygen.exe =>.Crack,Keygen
G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackZaxwerksZaxwerks ProAnimator v4.0.300ProAnimator 4.0.3 PC3Dar RPF Motion Blur v1.0MotionBlurRLALib_cracked.zip =>.Crack,Keygen
G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackZaxwerksZaxwerks ProAnimator v4.0.300ProAnimator 4.0.3 PC=Digital.Anarchy=Aurora.Sky.v1.0.1.for.After.Effects.WinALL.Cracked-ENGiNEeas10101.zip =>.Crack,Keygen
G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackZaxwerksZaxwerks ProAnimator v4.0.300ProAnimator 4.0.3 PCPanopticumPanopticum LensProIII v3.60_crKeygen.exe =>.Crack,Keygen
G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackZaxwerksZaxwerks ProAnimator v4.0.300ProAnimator 4.0.3 PCProfound Effects Useful Assistants v1.7Useful.Assistants.v1.7.for.AE.Keygen.exe =>.Crack,Keygen
G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackZaxwerksZaxwerks ProAnimator v4.0.300ProAnimator 4.0.3 PCPsunami.Water.v1.0.WinALL.Cracked-ENGiNEepswa101.zip =>.Crack,Keygen
G:LogicielsCS3Adobe_After_Effects_2010_PluginsMegaPackZaxwerksZaxwerks ProAnimator v4.0.300ProAnimator 4.0.3 PCTitle Toolkit InstallerWINcrackKEYGEN.EXE =>.Crack,Keygen
G:LogicielsCS3BSkeygen_master.exe =>.Crack,Keygen
G:LogicielsCS3KeygenBSkeygen_master.exe =>.Crack,Keygen

passe ce script et refais moi un ZHPDiag APRÈS

  • Séléctionne et copie le script suivant :

    Script ZHPFix
    ShortcutFix
    O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} Clé orpheline => Orphean Key not necessary
    O4 - HKLM..Run: [Connectify Dispatch] . (.Connectify - Connectify Dispatch.) -- C:Program Files (x86)ConnectifyDispatchUI.exe
    O4 - HKCU..Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:UsersYoundhanfolo SoroAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O4 - HKLM..Wow6432NodeRun: [LManager] Clé orpheline => Orphean Key not necessary
    OPT:O4 - HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe
    OPT:O4 - HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:Program Files (x86)QuickTimeQTTask.exe
    O15 - Trusted Zone: [HKCU...EscDomains] http.connectify.me
    O15 - Trusted Zone: [HKCU...EscDomains] http.fastspring.com
    O15 - Trusted Zone: [HKLM...EscDomains] http.connectify.me
    O15 - Trusted Zone: [HKLM...EscDomains] http.fastspring.com
    OPT:O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) . (.Apple Computer, Inc. - Bonjour Service.) - C:Program Files (x86)BonjourmDNSResponder.exe
    [MD5.00000000000000000000000000000000] [APT] [ASC7U_SkipUac_Youndhanfolo Soro] (...) -- C:Program Files (x86)IObitAdvanced SystemCare Ultimate 7ASC.exe (.not file.) [0] => IObit
    [MD5.00000000000000000000000000000000] [APT] [ASC7_PerformanceMonitor] (...) -- C:Program Files (x86)IObitAdvanced SystemCare Ultimate 7Monitor.exe (.not file.) [0] => IObit
    [MD5.00000000000000000000000000000000] [APT] [Driver Booster SkipUAC (Abdoulatif Soro)] (...) -- C:Program Files (x86)IObitDriver BoosterDriverBooster.exe (.not file.) [0] => IObit Driver Boostar
    [MD5.00000000000000000000000000000000] [APT] [Driver Booster SkipUAC (Youndhanfolo Soro)] (...) -- C:Program Files (x86)IObitDriver BoosterDriverBooster.exe (.not file.) [0] => IObit Driver Boostar
    [MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002Core] (...) -- C:UsersAbdoulatif SoroAppDataLocalFacebookUpdateFacebookUpdate.exe (.not file.) [0] => Facebook Update Task User
    [MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002UA] (...) -- C:UsersAbdoulatif SoroAppDataLocalFacebookUpdateFacebookUpdate.exe (.not file.) [0] => Facebook Update Task User
    [MD5.00000000000000000000000000000000] [APT] [{5EF73F2F-3529-40FD-BFA5-C0E273E6E729}] (...) -- C:UsersAbdoulatif SoroAppDataLocalTempTemp1_GTAINSTALLER.ZIPGTAINSTALLER.exe (.not file.) [0] => Fichier absent
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002Core - (...) -- C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002Core.job [982] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002Core - (...) -- C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002Core [982] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002UA - (...) -- C:WindowsTasksFacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002UA.job [1004] => Facebook Update Task User
    O39 - APT: FacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002UA - (...) -- C:WindowsSystem32TasksFacebookUpdateTaskUserS-1-5-21-2293904734-3307545275-3294353840-1002UA [1004] => Facebook Update Task User
    O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems, Inc..) [HKLM][64Bits] -- {BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} => Adobe Systems
    O42 - Logiciel: Adobe Reader 8.1.2 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A81200000003} => Adobe Reader 8
    O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKCU][64Bits] -- uTorrent =>P2P.BitTorrent
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent
    [HKCUSoftwareSMAD?V]
    [HKLMSoftwareWow6432NodeistartsurfSoftware] =>PUP.IsStart
    O43 - CFD: 02/06/2014 - 21:41:30 - [] ----D C:Program Files (x86)NeedforSpeed
    O43 - CFD: 16/08/2014 - 23:17:56 - [] ----D C:Program Files (x86)Spybot - Search & Destroy 2 => Safer Networking Ltd - Spybot S&D
    O43 - CFD: 26/04/2014 - 22:27:50 - [] ----D C:ProgramDataInstallMate =>PUP.Tarma
    O43 - CFD: 24/02/2014 - 13:22:13 - [] ----D C:ProgramDataMcAfee
    O43 - CFD: 12/08/2014 - 09:46:33 - [] ----D C:ProgramDataProductData
    O43 - CFD: 16/08/2014 - 21:52:31 - [] ----D C:ProgramDataSpybot - Search & Destroy => Safer Networking Ltd - Spybot S&D
    O43 - CFD: 04/06/2014 - 09:37:08 - [] ----D C:ProgramDataSUPPORTDIR
    O43 - CFD: 03/03/2014 - 13:36:07 - [] ----D C:ProgramDataZombieJewel
    O43 - CFD: 03/05/2014 - 16:36:35 - [0] ----D C:ProgramData{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} => Empty Folder not necessary
    O43 - CFD: 19/05/2014 - 22:36:18 - [] ----D C:ProgramData{D76294E6-03B8-4971-AF2E-3F846161A690}
    O43 - CFD: 19/05/2014 - 22:36:18 - [] ----D C:ProgramData{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
    O43 - CFD: 08/06/2014 - 15:37:27 - [] ----D C:UsersYoundhanfolo SoroAppDataRoamingclear.fiMVPSDK21
    O43 - CFD: 13/12/2013 - 23:27:24 - [] ----D C:UsersYoundhanfolo SoroAppDataRoaminglm
    O43 - CFD: 02/06/2014 - 21:42:43 - [] ----D C:UsersYoundhanfolo SoroAppDataRoamingProductData
    O43 - CFD: 17/04/2014 - 13:02:20 - [] RSH-D C:UsersYoundhanfolo SoroAppDataRoamingsys
    O43 - CFD: 16/08/2014 - 23:17:10 - [] ----D C:UsersYoundhanfolo SoroAppDataRoaminguTorrent =>P2P.µTorrent
    O43 - CFD: 29/12/2013 - 15:25:43 - [0] ----D C:UsersYoundhanfolo SoroAppDataLocalDoc => Empty Folder not necessary
    O43 - CFD: 28/04/2014 - 06:50:42 - [] ----D C:UsersYoundhanfolo SoroAppDataRoamingMicrosoftWindowsStart MenuProgramsOutil de téléchargement USB DVD Windows 7
    O51 - MPSK:{2dd84425-db04-11e3-bece-208984ce3eeb}AutoRuncommand. (...) -- E:Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
    O58 - SDL:30/12/2011 - 08:11:12 ---A- . (.Beceem communications pvt ltd. - Beceem Communications Inc. WiMAX driver.) -- C:WindowsSystem32Driversdrxvi314_64.sys [382848]
    O61 - LFC: 15/08/2014 - 12:59:56 ---A- . (...) -- C:UsersYoundhanfolo SoroAppDataLocalTempQuarantine.exe [377107] => Temporary file not necessary
    O61 - LFC: 18/08/2014 - 12:59:34 ---A- . (.Solid State Networks.) -- C:UsersYoundhanfolo SoroAppDataLocalAdobedownloader.dll [755000]
    [MD5.A7F9E6A31C15D2E275FDA31DF515C95E] [SPRF][06/05/2014] (...) -- C:UsersYoundhanfolo SoroDesktopLetMeSleep.exe [446464]
    O87 - FAEL: "UDP Query User{FCCC45C6-921D-4822-87D5-74538C84012B}C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe =>P2P.BitTorrent
    O87 - FAEL: "TCP Query User{DA4BF6D3-E718-447A-A1B2-3BED82CF0C17}C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe =>P2P.BitTorrent
    O87 - FAEL: "TCP Query User{22153DBC-3144-4611-831E-065685212368}C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe =>P2P.BitTorrent
    O87 - FAEL: "UDP Query User{7E4B9FFD-2608-4A99-AF31-42AB72CBFE7F}C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:usersyoundhanfolo soroappdataroamingutorrentutorrent.exe =>P2P.BitTorrent
    O87 - FAEL: "{E8D40AB9-0D17-49F9-9C3F-E303285F590A}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:UsersYoundhanfolo SoroAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    O87 - FAEL: "{D9F3D313-2827-4F0B-ADD4-17FC6D591A96}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:UsersYoundhanfolo SoroAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
    OPT:SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:Program Files (x86)BonjourmDNSResponder.exe
    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstalluTorrent] =>P2P.BitTorrent^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:uTorrent =>P2P.BitTorrent^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:UsersYoundhanfolo SoroAppDataRoaminguTorrent =>P2P.µTorrent^
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
    [HKLMSoftwareWow6432NodeistartsurfSoftware] =>PUP.IsStart^
    ProxyFix
    EmptyPrefetch
    EmptyFlash
    SysRestore
    FirewallRAZ
    EmptyTemp

  • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c’est le cas, Clic sur “GO


    exemple :

  • Confirmes les nettoyages des données en cliquant sur “Oui
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

ALORS :
– Tu passes le script et tu acceptes les désinstalations puis tu fais les mises à jour avec les liens fournis plus haut !!

😉