Un message bizarre sue Facebook
Résoluyoann090 Messages postés 10597 Statut Contributeur sécurité -
Sur mon Facebook en dessous de ma discussion instantané y a ça ( ads not by this site ) qui s'affiche plusieurs foire tout le long de ma fil d'actualité
Quand je clic dessus ça m'ouvre sur cette page http://giant-savings.com/faq.php#
Est ce que quelqu'un sais ce que sais et a quoi ça sert ? svp
Merci
7 réponses
Des publicités 'ads not by this site' apparaissent sous une discussion et redirigent vers giant-savings.com/faq.php#, ce qui suggère une injection publicitaire ou une contamination potentielle par logiciels malveillants. Pour y remédier, les réponses préconisent l’utilisation d’AdwCleaner pour détecter et supprimer les programmes indésirables, puis un diagnostic approfondi avec ZHPDiag et le script ZHPFix ou Delfix pour nettoyer les traces résiduelles. D’autres étapes évoquées incluent le redémarrage en mode sans échec pour relancer les outils et vérifier l’absence d’infections rémanentes, afin d’éviter les réinfections et les publicités persistantes.
-
Bonjour,
Tu as attrapé un adware,
Télécharge AdwCleaner ici : https://toolslib.net
( d'Xplode ) sur ton bureau :
Lance le, clique sur *[Recherche]* puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt -
Bon j'ai bien recu les rapport de AdwCleaner en MP, fais maintenant un diagnostique en suivant ce tuto : http://www.security-helpzone.com/Thread-ZHPDiag-Generer-un-rapport
Héberge le sur http://cjoint.com, de toute maniere il sera trop long pour passer sur le forum. -
Ok
Plusieurs chose :
Internet Explorer v7.0.6002.18005 , il faut que tu ouvres windows Update et que tu installes internet explorer 9. Profite en pour faire toutes les mises à jour qui te sont proposées;
System drive C: has 13 GB (7%) free of 186 GB, il est recommandé de garder au moins 10% de libre donc s'il y a des choses qui ne te sont plus utile autant les désinstaller.
Le disque E:\ c'est quoi ?
Desinstalle :
-Logiciel: Adobe Reader 9.5.3
-Java 6 Update 31
-Java 7 Update 10
Enfin repasse AdwCleaner en suppression depuis le mode sans échec : ( https://www.commentcamarche.net/informatique/windows/113-demarrer-windows-10-en-mode-sans-echec/#demarrer-en-mode-sans-echec-avec-windows-7-vista-et-xp Voir : Démarrer en mode sans échec avec Windows 7, Vista et XP ) -
On va faire autrement, refais voir un diagnostique avec ZHPDiag : http://www.security-helpzone.com/Thread-ZHPDiag-Generer-un-rapport
et je te ferai un script pour la suppression parce que je vois pas comment t'expliquer autrement :/ -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Copie tout le texte en gras :
SysRestore
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files (x86)\HBLite\bin\11.0.384.0\HBLiteSA.exe (.not file.) => Infection BT (Adware.HotBar)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {1904A13B-A9BD-4E7A-9787-FA74781D918F} => Infection PUP (Adware.Boxore)
O42 - Logiciel: Facemoods - (.Secure Digital Services.) [HKLM][64Bits] -- {D0198889-7766-424B-AB81-F16F8EDDFEF4} => Infection PUP (Adware.Facemoods)
[HKCU\Software\AppDataLow\Software\imeshmediabartb] => Infection PUP (PUP.iMesh)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
O43 - CFD: 02/10/2012 - 07:49:10 - [0] ----D C:\Program Files (x86)\Boxore => Infection PUP (Adware.Boxore)
O43 - CFD: 03/02/2013 - 14:47:23 - [2,909] ----D C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)
O43 - CFD: 14/05/2010 - 15:47:31 - [0] ----D C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
O43 - CFD: 02/08/2010 - 15:48:22 - [0] ----D C:\Program Files (x86)\Iminent => Infection PUP (Adware.IMBooster)
O43 - CFD: 14/09/2012 - 10:53:58 - [2,532] ----D C:\Program Files (x86)\Software => Infection PUP (Adware.Boxore)
O43 - CFD: 08/11/2011 - 11:19:16 - [0] ----D C:\Program Files (x86)\WebplayerTool => Infection BT (Adware.SocialSkinz)
O43 - CFD: 08/11/2011 - 13:49:40 - [0] ----D C:\Program Files (x86)\zap => Infection Diverse (Trojan.Agent)
O43 - CFD: 08/11/2011 - 10:41:41 - [0] ----D C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
O43 - CFD: 02/02/2013 - 14:53:53 - [5,428] ----D C:\ProgramData\Browser Manager => Infection BT (Toolbar.Babylon)
O43 - CFD: 03/09/2011 - 16:35:39 - [0] ----D C:\Users\sylvie\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (...) -- C:\Users\sylvie\AppData\Roaming\rxuzytz.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MediaGet2 [Key] . (...) -- C:\Users\sylvie\AppData\Local\MediaGet2\mediaget.exe (.not file.) => Infection PUP (PUP.MediaGet)
O53 - SMSR:HKLM\...\startupreg\soft2PC [Key] . (...) -- C:\Program Files (x86)\Soft2PC\soft2pc.exe (.not file.) => Infection PUP (Spyware.Soft2PC)
O87 - FAEL: "TCP Query User{94DB99C3-5E67-46C5-B951-C6B532D87F1E}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.) => Infection PUP (PUP.iMesh)
O87 - FAEL: "UDP Query User{8530EF86-A7E6-4633-8A2C-6138D21A0B07}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.) => Infection PUP (PUP.iMesh)
O87 - FAEL: "TCP Query User{E5BED1DB-084E-4891-9099-AEA433BD4246}C:\users\sylvie\appdata\local\mediaget2\mediaget.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\sylvie\appdata\local\mediaget2\mediaget.exe (.not file.) => Infection PUP (PUP.MediaGet)
O87 - FAEL: "UDP Query User{1CF373D3-3CE2-4C1E-8D38-CD914BA9846F}C:\users\sylvie\appdata\local\mediaget2\mediaget.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\sylvie\appdata\local\mediaget2\mediaget.exe (.not file.) => Infection PUP (PUP.MediaGet)
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] => Infection PUP (Adware.RecordNRip)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{346de098-61f9-4b42-89da-6dfba7091bb6}] => Infection BT (Adware.IMBooster)
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A]
[HKLM\Software\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A]
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB] => Infection PUP (PUP.iMesh)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1904A13B-A9BD-4E7A-9787-FA74781D918F}] => Infection PUP (Adware.Boxore)
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] => Infection PUP (Adware.Boxore)
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] => Infection PUP (Adware.Boxore)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\Boxore => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)
C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
C:\Program Files (x86)\Iminent => Infection PUP (Adware.IMBooster)
C:\Program Files (x86)\Software => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\WebplayerTool => Infection BT (Adware.SocialSkinz)
C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
C:\ProgramData\Browser Manager => Infection BT (Toolbar.Babylon)
C:\Users\sylvie\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe => Infection PUP (Adware.Facemoods)
O90 - PUC: "B31A4091DB9AA7E47978AF4787D119F8" . (.Boxore Client.) -- C:\Windows\Installer\{1904A13B-A9BD-4E7A-9787-FA74781D918F}\boxore.ico => Infection PUP (Adware.Boxore)
O90 - PUC: "F479A18A22A86E3429341589FF57D81A" . (.SweetIM for Messenger 3.6.) -- C:\Windows\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}\ARPPRODUCTICON.exe => Infection PUP (PUP.SweetIM)
G2 - GCE: Preference [User Data\Default] [ihhaabkajjciadoobdpnjmdomgbcbnao] FrameFox v.1.1 (Activé) => Toolbar.Agent
O42 - Logiciel: FrameFox Extensions 1.0.6.0 - (.QwertyBox Team.) [HKLM][64Bits] -- {577F0F04-E354-44C8-8C2B-7B69C2EA7F10} => Toolbar.Agent
O42 - Logiciel: QwertyBox 1.0.3.0 - (.QwertyBox Team.) [HKLM][64Bits] -- {836B2544-9D21-4C69-BC3A-FF5E6320B5A9}
[HKCU\Software\Duuqu] => Toolbar.Duuqu
[HKCU\Software\YahooPartnerToolbar] => Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Duuqu] => Toolbar.Duuqu
O43 - CFD: 14/09/2012 - 11:09:36 - [3,813] ----D C:\Program Files (x86)\Duuqu => Toolbar.Duuqu
O43 - CFD: 14/09/2012 - 11:09:55 - [0,273] ----D C:\Program Files (x86)\FrameFox => Toolbar.Agent
O43 - CFD: 15/11/2012 - 13:25:25 - [1,196] ----D C:\Program Files (x86)\QwertyBox => Toolbar.Duuqu
[HKCU\{6CE7C514-0D4F-4701-B70E-7A8DE3429FE3}] => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
C:\Program Files (x86)\Duuqu => Toolbar.Duuqu
C:\Program Files (x86)\FrameFox => Toolbar.Agent
C:\Program Files (x86)\QwertyBox => Toolbar.Duuqu
O90 - PUC: "4452B63812D996C4CBA3FFE536025B9A" . (.QwertyBox 1.0.3.0.) -- C:\Windows\Installer\{836B2544-9D21-4C69-BC3A-FF5E6320B5A9}\QwertyBox.ico
EmptyTemp
EmptyCLSID
FirewallRaz
Puis suis ce tutoriel : http://www.security-helpzone.com/Thread-ZHPFix-Script-
ça donne ça :
SysRestore
[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files (x86)\HBLite\bin\11.0.384.0\HBLiteSA.exe (.not file.) => Infection BT (Adware.HotBar)
O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {1904A13B-A9BD-4E7A-9787-FA74781D918F} => Infection PUP (Adware.Boxore)
O42 - Logiciel: Facemoods - (.Secure Digital Services.) [HKLM][64Bits] -- {D0198889-7766-424B-AB81-F16F8EDDFEF4} => Infection PUP (Adware.Facemoods)
[HKCU\Software\AppDataLow\Software\imeshmediabartb] => Infection PUP (PUP.iMesh)
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
O43 - CFD: 02/10/2012 - 07:49:10 - [0] ----D C:\Program Files (x86)\Boxore => Infection PUP (Adware.Boxore)
O43 - CFD: 03/02/2013 - 14:47:23 - [2,909] ----D C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)
O43 - CFD: 14/05/2010 - 15:47:31 - [0] ----D C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
O43 - CFD: 02/08/2010 - 15:48:22 - [0] ----D C:\Program Files (x86)\Iminent => Infection PUP (Adware.IMBooster)
O43 - CFD: 14/09/2012 - 10:53:58 - [2,532] ----D C:\Program Files (x86)\Software => Infection PUP (Adware.Boxore)
O43 - CFD: 08/11/2011 - 11:19:16 - [0] ----D C:\Program Files (x86)\WebplayerTool => Infection BT (Adware.SocialSkinz)
O43 - CFD: 08/11/2011 - 13:49:40 - [0] ----D C:\Program Files (x86)\zap => Infection Diverse (Trojan.Agent)
O43 - CFD: 08/11/2011 - 10:41:41 - [0] ----D C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
O43 - CFD: 02/02/2013 - 14:53:53 - [5,428] ----D C:\ProgramData\Browser Manager => Infection BT (Toolbar.Babylon)
O43 - CFD: 03/09/2011 - 16:35:39 - [0] ----D C:\Users\sylvie\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (...) -- C:\Users\sylvie\AppData\Roaming\rxuzytz.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MediaGet2 [Key] . (...) -- C:\Users\sylvie\AppData\Local\MediaGet2\mediaget.exe (.not file.) => Infection PUP (PUP.MediaGet)
O53 - SMSR:HKLM\...\startupreg\soft2PC [Key] . (...) -- C:\Program Files (x86)\Soft2PC\soft2pc.exe (.not file.) => Infection PUP (Spyware.Soft2PC)
O87 - FAEL: "TCP Query User{94DB99C3-5E67-46C5-B951-C6B532D87F1E}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.) => Infection PUP (PUP.iMesh)
O87 - FAEL: "UDP Query User{8530EF86-A7E6-4633-8A2C-6138D21A0B07}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.) => Infection PUP (PUP.iMesh)
O87 - FAEL: "TCP Query User{E5BED1DB-084E-4891-9099-AEA433BD4246}C:\users\sylvie\appdata\local\mediaget2\mediaget.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\sylvie\appdata\local\mediaget2\mediaget.exe (.not file.) => Infection PUP (PUP.MediaGet)
O87 - FAEL: "UDP Query User{1CF373D3-3CE2-4C1E-8D38-CD914BA9846F}C:\users\sylvie\appdata\local\mediaget2\mediaget.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\sylvie\appdata\local\mediaget2\mediaget.exe (.not file.) => Infection PUP (PUP.MediaGet)
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Wow6432Node\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Wow6432Node\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] => Infection PUP (Adware.RecordNRip)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{346de098-61f9-4b42-89da-6dfba7091bb6}] => Infection BT (Adware.IMBooster)
[HKLM\Software\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] => Infection PUP (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] => Infection BT (Toolbar.Babylon)
[HKLM\Software\Classes\Installer\Features\F479A18A22A86E3429341589FF57D81A]
[HKLM\Software\Classes\Installer\Products\F479A18A22A86E3429341589FF57D81A]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F479A18A22A86E3429341589FF57D81A]
[HKCU\Software\iMesh] => Infection PUP (PUP.iMesh)
[HKCU\Software\AppDataLow\Software\iMeshMediabarTB] => Infection PUP (PUP.iMesh)
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1904A13B-A9BD-4E7A-9787-FA74781D918F}] => Infection PUP (Adware.Boxore)
[HKLM\Software\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8] => Infection PUP (Adware.Boxore)
[HKLM\Software\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8] => Infection PUP (Adware.Boxore)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8] => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\Boxore => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\Giant Savings => Infection PUP (Adware.VidSaver)
C:\Program Files (x86)\iMesh Applications => Infection PUP (PUP.iMesh)
C:\Program Files (x86)\Iminent => Infection PUP (Adware.IMBooster)
C:\Program Files (x86)\Software => Infection PUP (Adware.Boxore)
C:\Program Files (x86)\WebplayerTool => Infection BT (Adware.SocialSkinz)
C:\ProgramData\Babylon => Infection BT (Toolbar.Babylon)
C:\ProgramData\Browser Manager => Infection BT (Toolbar.Babylon)
C:\Users\sylvie\AppData\Local\MediaGet2 => Infection PUP (PUP.MediaGet)
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe => Infection PUP (Adware.Facemoods)
O90 - PUC: "B31A4091DB9AA7E47978AF4787D119F8" . (.Boxore Client.) -- C:\Windows\Installer\{1904A13B-A9BD-4E7A-9787-FA74781D918F}\boxore.ico => Infection PUP (Adware.Boxore)
O90 - PUC: "F479A18A22A86E3429341589FF57D81A" . (.SweetIM for Messenger 3.6.) -- C:\Windows\Installer\{A81A974F-8A22-43E6-9243-5198FF758DA1}\ARPPRODUCTICON.exe => Infection PUP (PUP.SweetIM)
G2 - GCE: Preference [User Data\Default] [ihhaabkajjciadoobdpnjmdomgbcbnao] FrameFox v.1.1 (Activé) => Toolbar.Agent
O42 - Logiciel: FrameFox Extensions 1.0.6.0 - (.QwertyBox Team.) [HKLM][64Bits] -- {577F0F04-E354-44C8-8C2B-7B69C2EA7F10} => Toolbar.Agent
O42 - Logiciel: QwertyBox 1.0.3.0 - (.QwertyBox Team.) [HKLM][64Bits] -- {836B2544-9D21-4C69-BC3A-FF5E6320B5A9}
[HKCU\Software\Duuqu] => Toolbar.Duuqu
[HKCU\Software\YahooPartnerToolbar] => Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Duuqu] => Toolbar.Duuqu
O43 - CFD: 14/09/2012 - 11:09:36 - [3,813] ----D C:\Program Files (x86)\Duuqu => Toolbar.Duuqu
O43 - CFD: 14/09/2012 - 11:09:55 - [0,273] ----D C:\Program Files (x86)\FrameFox => Toolbar.Agent
O43 - CFD: 15/11/2012 - 13:25:25 - [1,196] ----D C:\Program Files (x86)\QwertyBox => Toolbar.Duuqu
[HKCU\{6CE7C514-0D4F-4701-B70E-7A8DE3429FE3}] => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
C:\Program Files (x86)\Duuqu => Toolbar.Duuqu
C:\Program Files (x86)\FrameFox => Toolbar.Agent
C:\Program Files (x86)\QwertyBox => Toolbar.Duuqu
O90 - PUC: "4452B63812D996C4CBA3FFE536025B9A" . (.QwertyBox 1.0.3.0.) -- C:\Windows\Installer\{836B2544-9D21-4C69-BC3A-FF5E6320B5A9}\QwertyBox.ico
EmptyTemp
EmptyCLSID
FirewallRaz -
-
-
-
-
-
Plus de messages bizarres sur Facebook ?
-
Alors on termine.
* Télécharge DelFix (d'Xplode) sur ton bureau.
* Lance le, laisse la case précochée, et coche aussi Réactiver l'UAC.
* Clique ensuite sur Exécuter puis patiente pendant le processus de suppression.
Et dit moi quand c'est fait.