Bonsoir,
Avec ZHPDiag on y voit un peu plus clair qu'avec Hijackthis, ton PC est vachement infecté, en voici la liste:
O1 - Hosts: 74.208.10.249 gs.apple.com => Infection Hosts (Hosts.Redirection)
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} Clé orpheline => Infection BT (PUP.FBSearch)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Infection BT (Adware.AskSBar)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => Infection BT (AskSBar.Adw)
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (.Pas de propriétaire.) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) => Infection BT (Adware.AskBarDis)
[HKCU\Software\AppDataLow\AskToolbarInfo] => Infection BT (Adware.AskTBar)
[HKCU\Software\Ask.com] => Infection BT (Adware.AskBarDis)
[HKCU\Software\AskToolbar] => Infection BT (AskBarDis.Adw)
[HKCU\Software\OfferBox] => Infection PUP (PUP.OfferBox)
[HKCU\Software\Zugo] => Infection Diverse (Adware.Zugo)
[HKLM\Software\OfferBox] => Infection PUP (PUP.OfferBox)
O43 - CFD: 18/04/2011 - 17:50:30 - [95576] ----D- C:\Program Files\OfferBox => Infection PUP (PUP.OfferBox)
O43 - CFD: 03/11/2010 - 17:22:24 - [25] ----D- C:\Documents and Settings\AdminPC\Application Data\cacaoweb => Infection Diverse (Mal/TinyDL-T)
O43 - CFD: 18/04/2011 - 17:46:10 - [263902] ----D- C:\Documents and Settings\AdminPC\Application Data\OfferBox => Infection PUP (PUP.OfferBox)
[HKCR\nctaudiofile2.audiofile2] => Infection PUP (Adware.RecordNRip)
[HKCR\nctaudiofile2.audiofile2.2] => Infection PUP (Adware.RecordNRip)
[HKCR\nctaudiofile2.audiofile2lameenc] => Infection PUP (Adware.RecordNRip)
[HKCR\nctaudiofile2.audiofile2lameenc.1] => Infection PUP (Adware.RecordNRip)
[HKLM\Software\Canneverbe Limited\OpenCandy] => Infection PUP (Adware.OpenCandy)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47fd-81F3-EE91287F9465}] => Infection BT (Adware.ShopperReports)
[HKCR\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] => Infection BT (Adware.BHO)
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] => Infection BT (Adware.BHO)
[HKCR\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] => Infection BT (Adware.AskSBar)
[HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] => Infection BT (Adware.AskSBar)
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7}] => Infection BT (Adware.Softomate)
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Infection BT (Adware.AskSBar)
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Infection BT (Adware.AskSBar)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}] => Infection BT (Adware.SmartShopper)
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom] => Infection PUP (PUP.OfferBox)
C:\Program Files\OfferBox => Infection PUP (PUP.OfferBox)
C:\Documents and Settings\AdminPC\Application Data\OfferBox => Infection PUP (PUP.OfferBox)
Malware (31)
Donc dans un premier temps:
• Télécharge AD-Remover (de C_XX) sur ton Bureau.
http://www.teamxscript.org/adremoverTelechargement.html
Déconnecte toi et ferme toutes les applications en cours
• Double-clique sur l'icône AD-Remover
• Au menu principal, clique sur "Nettoyer"
• Confirme le lancement de l'analyse et laisse l'outil travailler
• Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )