Ton ordinateur est bourré d'infection.
• Copies le contenu du cadre ci dessous dans un fichier.txt
(Clique-droit sur ton bureau et tu choisis "Nouveau > Document Texte")
- Code: Tout sélectionner
O2 - BHO: Interest recogniser for Moovida (powered by Spointer) - {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} . (...) -- C:\Program Files\Fluendo\Moovida\spointer\extensions\moovida_air_ie.dll (.not file.) => Infection BT (Adware.SPointer)
[HKCU\Software\Grand Virtual] => Infection PUP (PUP.GrandVirtual)
[HKCU\Software\PopCap] => Infection BT (Adware.PopCap)
[HKLM\Software\PopCap] => Infection BT (Adware.PopCap)
O43 - CFD: 03/09/2011 - 14:11:29 - [26,383] ----D C:\Program Files\Everest Poker => Infection BT (PUP.Casino)
O43 - CFD: 08/03/2012 - 19:49:24 - [16,208] ----D C:\Program Files\PopCap Games => Infection BT (Adware.PopCap)
O43 - CFD: 08/03/2012 - 19:49:24 - [9,818] ----D C:\ProgramData\PopCap Games => Infection BT (Adware.PopCap)
O87 - FAEL: "TCP Query User{47018D43-293C-4CC6-A709-797E48F4C10D}C:\program files\fluendo\moovida\moovida.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\fluendo\moovida\moovida.exe (.not file.) => Infection BT (Adware.SPointer)
O87 - FAEL: "UDP Query User{E94D7CDC-34D1-4EBD-987C-BCA5319319B9}C:\program files\fluendo\moovida\moovida.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\fluendo\moovida\moovida.exe (.not file.) => Infection BT (Adware.SPointer)
O87 - FAEL: "TCP Query User{D30C4CF4-5099-4C3F-8C07-BF82B6851408}C:\program files\1clickdownload\1clickdownload.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\1clickdownload\1clickdownload.exe (.not file.) => Infection BT (Adware.1ClickDownloader)
O87 - FAEL: "UDP Query User{092F96D6-4F94-4200-B833-996AFA610996}C:\program files\1clickdownload\1clickdownload.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\1clickdownload\1clickdownload.exe (.not file.) => Infection BT (Adware.1ClickDownloader)
O87 - FAEL: "TCP Query User{F6326607-C096-4615-A998-A3B859FBA0A5}C:\program files\1clickdownload\1clickdownloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\1clickdownload\1clickdownloader.exe (.not file.) => Infection BT (Adware.1ClickDownloader)
O87 - FAEL: "UDP Query User{9C8C1D18-5A69-4C4A-90E1-F4B9998D4F87}C:\program files\1clickdownload\1clickdownloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\1clickdownload\1clickdownloader.exe (.not file.) => Infection BT (Adware.1ClickDownloader)
[HKLM\Software\Classes\TypeLib\{14816CF6-426C-40D7-904C-E5600F015EC2}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\TypeLib\{282D18C0-5424-44F4-A531-55F9AC5B8FD8}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\CLSID\{58EFBE9C-4621-4d79-90E7-8BEE265CA951}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Classes\CLSID\{7935436E-8F14-4C84-9ECF-BEB791296619}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Classes\Interface\{7935436E-8F14-4C84-9ECF-BEB791296619}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Classes\Interface\{7CF4E72E-C9C0-4CA8-A039-1F5BAD426CCE}] => Infection BT (Adware.BHO)
[HKLM\Software\Classes\Interface\{81B32B9F-AFDC-4F7E-8F13-E39BB8ECF638}] => Infection BT (Adware.BHO)
[HKLM\Software\Classes\Interface\{925C24DC-0C0B-4AE7-98F5-18252822C89C}] => Infection BT (Adware.BHO)
[HKLM\Software\Classes\CLSID\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Classes\Interface\{B3DBB2D5-5F06-4EC2-904D-812ECE520509}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Classes\CLSID\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4A743DE-EAAC-4cd0-9BF6-378E8141868B}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Classes\Interface\{CA1BC665-4B6B-435C-80C1-0E12D993ED49}] => Infection BT (Adware.BHO)
[HKLM\Software\Classes\Interface\{D5AB027D-C91A-4324-8C78-12CF1A588C48}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\CLSID\{DCE997C8-5920-4c09-99EE-59F46634FE2C}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCE997C8-5920-4c09-99EE-59F46634FE2C}] => Infection BT (Adware.SmartShopper)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] => Infection BT (Adware.SPointer)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\CLSID\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] => Infection BT (Adware.SPointer)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2A7BD67-0EAF-497f-B05B-748D7BF3C421}] => Infection BT (Adware.SPointer)
[HKLM\Software\Classes\Interface\{E5DB89B8-5BE1-461C-A7EF-89B68211889D}] => Infection PUP (PUP.OfferBox)
[HKLM\Software\Classes\TypeLib\{FD06B491-1EA6-4F5C-86D2-C86D3A3A3731}] => Infection PUP (PUP.OfferBox)
[HKCU\Software\Grand Virtual] => Infection PUP (PUP.GrandVirtual)
[HKCU\Software\PopCap] => Infection BT (Adware.PopCap)
[HKLM\Software\PopCap] => Infection BT (Adware.PopCap)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\everest poker]
[HKLM\Software\Mozilla\Firefox\Extensions]:moovida@spointer.com
C:\Program Files\Everest Poker => Infection BT (PUP.Casino)
C:\Program Files\PopCap Games => Infection BT (Adware.PopCap)
C:\ProgramData\PopCap Games => Infection BT (Adware.PopCap)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Everest Poker => Infection BT (PUP.Casino)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moovida => Infection BT (Adware.SPointer)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games => Infection BT (Adware.PopCap)
O90 - PUC: "112C48061A10E464790A9077E221B205" . (.Moovida.) -- C:\Windows\Installer\{6084C211-01A1-464E-97A0-09772E122B50}\ARPPRODUCTICON.exe => Infection BT (Adware.SPointer)
O87 - FAEL: "{7175E1A4-A0F3-4815-8D41-C5B7DF74D090}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{5B072134-154D-433B-8A69-CC94105F654A}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{A311EF33-FB9E-48C2-B53A-1B197D25FEF7}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{FF74709D-3D30-497E-BBA8-9C48F8B2DF90}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O51 - MPSK:{12409bc6-e3b7-11df-baa0-002268032dac}\AutoRun\command. (...) -- J:\AutoRunCD.exe (.not file.)
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files\WildTangent Games\App\GamesAppService.exe
C:\Users\Ramucho\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.)
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (...) -- C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll
O4 - Global Startup: C:\Users\Ramucho\Desktop\WebTarot.lnk . (.AtoutWeb.) -- C:\Program Files\Webtarot\webtarot.exe
O4 - Global Startup: C:\Users\Ramucho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.fr.lnk . (.PokerStars.) -- C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe
O4 - Global Startup: C:\Users\Ramucho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spider Solitaire.LNK - Clé orpheline
O4 - Global Startup: C:\Users\Ramucho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WildTangent Games App - hp.lnk . (.WildTangent.) -- C:\Program Files\WildTangent Games\App\GameConsole-wt.exe
O4 - Global Startup: C:\Users\Nikolaidis\Desktop\Ordinateur.lnk - Clé orpheline
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Google Update Task
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Google Update Task
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [{6CCC297C-7FD2-4DD3-AAB6-BAAF0A9A858C}] (...) -- C:\Users\Ramucho\Documents\Homefront\Installer.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{8EEBCAD1-D591-4B03-A59C-58C521E495F5}] (...) -- J:\Dossier PC\Programmes\installer_Zuma_Deluxe.exe (.not file.)
O51 - MPSK:{a37a1a0f-3157-11df-8f2b-002268032dac}\AutoRun\command. (...) -- K:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
[MD5.07DEB75CE87C2E92DEEF48F73A91620F] [SPRF][30/12/2012] (...) -- C:\Users\Ramucho\AppData\Local\Temp\dump.dat [1658880]
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) => Toolbar.Ask
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B} => Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKLM\Software\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] => Toolbar.SFR
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DB24F50-8C65-4772-9844-47FE8701BE57}] => Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{56C049BE-79E9-4502-BEA7-9754A3E60F9B}] => Toolbar.Agent
EmptyCLSID
EmptyTemp
EmptyFlash
FirewallRaz
ProxyFix
•
DÉCONNECTES TOI D'INTERNET ET FERMES TOUTES TES APPLICATIONS/!\ Utilisateur de Windows Vista et Windows Seven : Clique droit sur le logo de ZHPFix, « Exécuter en tant qu'Administrateur » /!\• Lances ZHPFix qui est sur ton Bureau.
• Copies & Colles le texte qui est dans ton Document Texte sur ton Bureau.
• Cliques sur le
deuxième bouton en partant de la gauche "Coller le Presse-Papier".
• Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaître.
• Cliques sur le bouton
GO.
• Patientes le temps de la Suppression.
• ZHPFix va copier le rapport d'analyse sur le Bureau sous le nom ZHPFixReport.txt
• Héberges le rapport ZHPFixReport.txt sur
CJoint.com• Postes le lien donné.
______________
• Vas sur
VirusTotal.com• Cliques sur
Choose File et dans Nom de Fichier, mets ceci:
C:\WINDOWS\system32\Drivers\AFD.sys• Puis cliques sur
Scan It!• Patientes le temps de l'UpLoad ...
/!\ Si tu as un messages signifiant "File already analysed", cliques sur
Reanalyse /!\
• Attends ton tour et attends l'analyse des antivirus.
• Une fois l'analyse terminée, copies le lien dans la barre d'adresse et postes la moi.