Un message bizarre sue Facebook Résolu/Fermé

Question

Bonjour, 
Sur mon Facebook en dessous de ma discussion instantané y a ça ( ads not by this site ) qui s'affiche plusieurs foire tout le long de ma fil d'actualité 
Quand je clic dessus ça m'ouvre sur cette page http://giant-savings.com/faq.php# 
Est ce que quelqu'un sais ce que sais et a quoi ça sert ? svp 
Merci

yoann090 · Answer

Bonjour,  

Tu as attrapé un adware,   

 Télécharge AdwCleaner ici : https://toolslib.net  
   

( d'Xplode ) sur ton bureau :   

Lance le, clique sur *[Recherche]* puis patiente le temps du scan.   
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.   

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

yoann090 · Answer

Bon j'ai bien recu les rapport de AdwCleaner en MP, fais maintenant un diagnostique en suivant ce tuto : http://www.security-helpzone.com/Thread-ZHPDiag-Generer-un-rapport

Héberge le sur http://cjoint.com, de toute maniere il sera trop long pour passer sur le forum.

yoann090 · Answer

Ok      

Plusieurs chose :      

Internet Explorer v7.0.6002.18005 , il faut que tu ouvres windows Update et que tu installes internet explorer 9. Profite en pour faire toutes les mises à jour qui te sont proposées;     

System drive C: has 13 GB (7%) free of 186 GB, il est recommandé de garder au moins 10% de libre donc s'il y a des choses qui ne te sont plus utile autant les désinstaller.   

Le disque E:\ c'est quoi ?  

Desinstalle : 

-Logiciel: Adobe Reader 9.5.3   
-Java 6 Update 31  
-Java 7 Update 10 

Enfin repasse AdwCleaner en suppression depuis le mode sans échec : ( https://www.commentcamarche.net/informatique/windows/113-demarrer-windows-10-en-mode-sans-echec/#demarrer-en-mode-sans-echec-avec-windows-7-vista-et-xp Voir : Démarrer en mode sans échec avec Windows 7, Vista et XP )

yoann090 · Answer

On va faire autrement, refais voir un diagnostique avec ZHPDiag : http://www.security-helpzone.com/Thread-ZHPDiag-Generer-un-rapport

et je te ferai un script pour la suppression parce que je vois pas comment t'expliquer autrement :/

yoann090 · Answer

Copie tout le texte en gras : 

SysRestore
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files (x86)\HBLite\bin\11.0.384.0\HBLiteSA.exe (.not file.)    => Infection BT (Adware.HotBar)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {1904A13B-A9BD-4E7A-9787-FA74781D918F}    => Infection PUP (Adware.Boxore)
O42 - Logiciel: Facemoods - (.Secure Digital Services.) [HKLM][64Bits] -- {D0198889-7766-424B-AB81-F16F8EDDFEF4}    => Infection PUP (Adware.Facemoods)
[HKCU\Software\AppDataLow\Software\imeshmediabartb]    => Infection PUP (PUP.iMesh)
[HKCU\Software\iMesh]    => Infection PUP (PUP.iMesh)
O43 - CFD: 02/10/2012 - 07:49:10 - [0] ----D C:\Program Files (x86)\Boxore    => Infection PUP (Adware.Boxore)
O43 - CFD: 03/02/2013 - 14:47:23 - [2,909] ----D C:\Program Files (x86)\Giant Savings    => Infection PUP (Adware.VidSaver)
O43 - CFD: 14/05/2010 - 15:47:31 - [0] ----D C:\Program Files (x86)\iMesh Applications    => Infection PUP (PUP.iMesh)
O43 - CFD: 02/08/2010 - 15:48:22 - [0] ----D C:\Program Files (x86)\Iminent    => Infection PUP (Adware.IMBooster)
O43 - CFD: 14/09/2012 - 10:53:58 - [2,532] ----D C:\Program Files (x86)\Software    => Infection PUP (Adware.Boxore)
O43 - CFD: 08/11/2011 - 11:19:16 - [0] ----D C:\Program Files (x86)\WebplayerTool    => Infection BT (Adware.SocialSkinz)
O43 - CFD: 08/11/2011 - 13:49:40 - [0] ----D C:\Program Files (x86)\zap    => Infection Diverse (Trojan.Agent)
O43 - CFD: 08/11/2011 - 10:41:41 - [0] ----D C:\ProgramData\Babylon    => Infection BT (Toolbar.Babylon)
O43 - CFD: 02/02/2013 - 14:53:53 - [5,428] ----D C:\ProgramData\Browser Manager    => Infection BT (Toolbar.Babylon)
O43 - CFD: 03/09/2011 - 16:35:39 - [0] ----D C:\Users\sylvie\AppData\Local\MediaGet2    => Infection PUP (PUP.MediaGet)
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher  [Key] . (...) -- C:\Users\sylvie\AppData\Roaming\rxuzytz.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MediaGet2  [Key] . (...) -- C:\Users\sylvie\AppData\Local\MediaGet2\mediaget.exe (.not file.)    => Infection PUP (PUP.MediaGet)
O53 - SMSR:HKLM\...\startupreg\soft2PC  [Key] . (...) -- C:\Program Files (x86)\Soft2PC\soft2pc.exe (.not file.)    => Infection PUP (Spyware.Soft2PC)
O87 - FAEL: "TCP Query User{94DB99C3-5E67-46C5-B951-C6B532D87F1E}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.)    => Infection PUP (PUP.iMesh)
O87 - FAEL: "UDP Query User{8530EF86-A7E6-4633-8A2C-6138D21A0B07}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.)    => Infection PUP (PUP.iMesh)
O87 - FAEL: "TCP Query User{E5BED1DB-084E-4891-9099-AEA433BD4246}C:\users\sylvie\appdata\local\mediaget2\mediaget.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\sylvie\appdata\local\mediaget2\mediaget.exe (.not file.)    => Infection PUP (PUP.MediaGet)
O87 - FAEL: "UDP Query User{1CF373D3-3CE2-4C1E-8D38-CD914BA9846F}C:\users\sylvie\appdata\local\mediaget2\mediaget.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\sylvie\appdata\local\mediaget2\mediaget.exe (.not file.)    => Infection PUP (PUP.MediaGet)
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}]    => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}]    => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}]    => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}]    => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}]    => Infection PUP (Adware.RecordNRip)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{346de098-61f9-4b42-89da-6dfba7091bb6}]    => Infection BT (Adware.IMBooster)
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}]    => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}]    => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]    => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A]
[HKLM\Software\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A]
[HKCU\Software\iMesh]    => Infection PUP (PUP.iMesh)
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB]    => Infection PUP (PUP.iMesh)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1904A13B-A9BD-4E7A-9787-FA74781D918F}]    => Infection PUP (Adware.Boxore)
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8]    => Infection PUP (Adware.Boxore)
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8]    => Infection PUP (Adware.Boxore)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8]    => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\Boxore    => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\Giant Savings    => Infection PUP (Adware.VidSaver)
C:\Program Files (x86)\iMesh Applications    => Infection PUP (PUP.iMesh)
C:\Program Files (x86)\Iminent    => Infection PUP (Adware.IMBooster)
C:\Program Files (x86)\Software    => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\WebplayerTool    => Infection BT (Adware.SocialSkinz)
C:\ProgramData\Babylon    => Infection BT (Toolbar.Babylon)
C:\ProgramData\Browser Manager    => Infection BT (Toolbar.Babylon)
C:\Users\sylvie\AppData\Local\MediaGet2    => Infection PUP (PUP.MediaGet)
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe    => Infection PUP (Adware.Facemoods)
O90 - PUC: "B31A4091DB9AA7E47978AF4787D119F8" . (.Boxore Client.) -- C:\Windows\Installer\{1904A13B-A9BD-4E7A-9787-FA74781D918F}\boxore.ico    => Infection PUP (Adware.Boxore)
O90 - PUC: "F479A18A22A86E3429341589FF57D81A" . (.SweetIM for Messenger 3.6.) -- C:\Windows\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}\ARPPRODUCTICON.exe    => Infection PUP (PUP.SweetIM)
G2 - GCE: Preference [User Data\Default] [ihhaabkajjciadoobdpnjmdomgbcbnao] FrameFox v.1.1 (Activé)    => Toolbar.Agent
O42 - Logiciel: FrameFox Extensions 1.0.6.0 - (.QwertyBox Team.) [HKLM][64Bits] -- {577F0F04-E354-44C8-8C2B-7B69C2EA7F10}    => Toolbar.Agent
O42 - Logiciel: QwertyBox 1.0.3.0 - (.QwertyBox Team.) [HKLM][64Bits] -- {836B2544-9D21-4C69-BC3A-FF5E6320B5A9}
[HKCU\Software\Duuqu]    => Toolbar.Duuqu
[HKCU\Software\YahooPartnerToolbar]    => Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Duuqu]    => Toolbar.Duuqu
O43 - CFD: 14/09/2012 - 11:09:36 - [3,813] ----D C:\Program Files (x86)\Duuqu    => Toolbar.Duuqu
O43 - CFD: 14/09/2012 - 11:09:55 - [0,273] ----D C:\Program Files (x86)\FrameFox    => Toolbar.Agent
O43 - CFD: 15/11/2012 - 13:25:25 - [1,196] ----D C:\Program Files (x86)\QwertyBox    => Toolbar.Duuqu
[HKCU\{6CE7C514-0D4F-4701-B70E-7A8DE3429FE3}]    => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]    => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]    => Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]    => Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]    => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]    => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]    => Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]    => Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]    => Toolbar.Skype
C:\Program Files (x86)\Duuqu    => Toolbar.Duuqu
C:\Program Files (x86)\FrameFox    => Toolbar.Agent
C:\Program Files (x86)\QwertyBox    => Toolbar.Duuqu
O90 - PUC: "4452B63812D996C4CBA3FFE536025B9A" . (.QwertyBox 1.0.3.0.) -- C:\Windows\Installer\{836B2544-9D21-4C69-BC3A-FF5E6320B5A9}\QwertyBox.ico
EmptyTemp
EmptyCLSID
FirewallRaz

Puis suis ce tutoriel : http://www.security-helpzone.com/Thread-ZHPFix-Script

yoann090 · Answer

Plus de messages bizarres sur Facebook  ?

yoann090 · Answer

Alors on termine. 

* Télécharge DelFix (d'Xplode) sur ton bureau.
* Lance le, laisse la case précochée, et coche aussi Réactiver l'UAC. 

* Clique ensuite sur Exécuter puis patiente pendant le processus de suppression.

Et dit moi quand c'est fait.