Publicité intempestive RON ads by blueskyadge
polochon92
-
Batch_Man Messages postés 26 Statut Membre -
Batch_Man Messages postés 26 Statut Membre -
Bonjour,
J'ai un probleme des fenetres de publicité RON ads by blueskyadgency apparaissent frequemment sur mon ordinateur cela le plante parfois et ca le ralentit pas mal. J'ai scanner avec spybot et ad aware mais ils ne trouvent rien avast detecte parfois un virus quand une fenetre apparait mais n'arrive pas a le supprimer.
J'ai fait un scan avec hijackthis et voila le resultat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:58, on 05/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Paul\AppData\Local\etrdrspp\etrdrspp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: blueskyadagency browser enhancer - {376DF96A-F7BE-1EFA-CBB8-D3FA389D24B9} - C:\Windows\system32\fvfqbnskvoaag.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [etrdrspp] "C:\Users\Paul\AppData\Local\etrdrspp\etrdrspp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [axurgwxeoartsuqay] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\fvfqbnskvoaag.dll"
O4 - HKLM\..\Run: [UACEnableEntry] regedit.exe /s C:\Users\Paul\AppData\Local\Temp\\UAC_Enable.reg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9a4a5d180ad40) (gupdate1c9a4a5d180ad40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
J'ai un probleme des fenetres de publicité RON ads by blueskyadgency apparaissent frequemment sur mon ordinateur cela le plante parfois et ca le ralentit pas mal. J'ai scanner avec spybot et ad aware mais ils ne trouvent rien avast detecte parfois un virus quand une fenetre apparait mais n'arrive pas a le supprimer.
J'ai fait un scan avec hijackthis et voila le resultat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:58, on 05/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Paul\AppData\Local\etrdrspp\etrdrspp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: blueskyadagency browser enhancer - {376DF96A-F7BE-1EFA-CBB8-D3FA389D24B9} - C:\Windows\system32\fvfqbnskvoaag.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [etrdrspp] "C:\Users\Paul\AppData\Local\etrdrspp\etrdrspp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [axurgwxeoartsuqay] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\fvfqbnskvoaag.dll"
O4 - HKLM\..\Run: [UACEnableEntry] regedit.exe /s C:\Users\Paul\AppData\Local\Temp\\UAC_Enable.reg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9a4a5d180ad40) (gupdate1c9a4a5d180ad40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
A voir également:
- Publicité intempestive RON ads by blueskyadge
- Supprimer publicité - Guide
- To be filled by o.e.m - Forum Windows
- Message bounced by administrator - Forum Mail
- Photos liked by ne fonctionne plus ✓ - Forum Facebook
- Un bloqueur de publicité empêche la lecture. veuillez le désactiver pour démarrer la vidéo. ✓ - Forum Mozilla Firefox
11 réponses
Ok, on continue :
! Déconnecte toi et ferme toutes les applications en cours !
Relance "Ad-remover" en faisant un clic-droit sur le raccourci et en cliquant sur "Exécuter en temps qu'administrateur", et choisis l'option "B" au menu principal
Coche à l'écran de sélection :
Suppression Autres adwares
Puis choisis "S" , le programme va travailler,
Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
Aide en images ( Nettoyage ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_nettoyage.html
Ensuite :
• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici
! Déconnecte toi et ferme toutes les applications en cours !
Relance "Ad-remover" en faisant un clic-droit sur le raccourci et en cliquant sur "Exécuter en temps qu'administrateur", et choisis l'option "B" au menu principal
Coche à l'écran de sélection :
Suppression Autres adwares
Puis choisis "S" , le programme va travailler,
Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
Aide en images ( Nettoyage ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_nettoyage.html
Ensuite :
• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici
Bonjour,
Désactive le contrôle des comptes utilisateurs : Menu démarrer --> panneau de configuration --> comptes utilisateurs --> activer ou désactiver le controle des comptes utilisateur --> décoche la case "utiliser le contrôle....." Puis redémarre ton ordinateur.
Télécharge Ad-Remover (de C_XX) sur ton Bureau.
/!\ Déconnecte toi et ferme toutes les applications en cours /!\
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton Bureau / Fais un clic-droit sur le raccourci créé et clique sur "Exécuter en temps qu'administrateur"
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
Remarque : si ton antivirus fait une alerte sur process.exe, ignore la et désactive ton antivirus. C'est un composant d'Ad-Remover, détecté comme outil à risque, mais qui est tout à fait légitime.
Aide en images ( Installation ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_instal.html
Aide en images ( Recherche ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_recherche.html
Désactive le contrôle des comptes utilisateurs : Menu démarrer --> panneau de configuration --> comptes utilisateurs --> activer ou désactiver le controle des comptes utilisateur --> décoche la case "utiliser le contrôle....." Puis redémarre ton ordinateur.
Télécharge Ad-Remover (de C_XX) sur ton Bureau.
/!\ Déconnecte toi et ferme toutes les applications en cours /!\
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton Bureau / Fais un clic-droit sur le raccourci créé et clique sur "Exécuter en temps qu'administrateur"
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )
Remarque : si ton antivirus fait une alerte sur process.exe, ignore la et désactive ton antivirus. C'est un composant d'Ad-Remover, détecté comme outil à risque, mais qui est tout à fait légitime.
Aide en images ( Installation ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_instal.html
Aide en images ( Recherche ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/ad_r_recherche.html
Bonjour,
télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau
dézippe le dossier, double-clique sur GenProc.bat [img]http://forum.telecharger.01net.com/forum/[/img] et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau
dézippe le dossier, double-clique sur GenProc.bat [img]http://forum.telecharger.01net.com/forum/[/img] et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Salut,
J'ai le même problème, voici mon log :
Rapport GenProc 2.516 [1] - 06.04.2009 à 14:07:35 - Windows XP
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :
C:\WINDOWS\system32\xwbebvwcqgfovcjbh.dll
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
Qu'en penses-tu ? C'est étonnant de me dire qu'il n'y a rien !!!
Merci a ++ Simon
J'ai le même problème, voici mon log :
Rapport GenProc 2.516 [1] - 06.04.2009 à 14:07:35 - Windows XP
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Fais scanner le(s) fichier(s) suivant(s) sur ce site https://www.virustotal.com/gui/ :
C:\WINDOWS\system32\xwbebvwcqgfovcjbh.dll
et poste le(s) rapport(s) obtenu(s) dans ta prochaine réponse.
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
Qu'en penses-tu ? C'est étonnant de me dire qu'il n'y a rien !!!
Merci a ++ Simon
Merci d'avoir repondu si vite,
J'ai fait le scan avec ad remover et voici le resultat
------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------
Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/
Start at: 19:15:03, Sun 05/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: PC-DE-PAUL
Current User: Paul - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 93
+-----------------| Boonty/Boonty Games Elements Found:
.
.
+-----------------| Eorezo Elements Found:
.
+-----------------| Infected Poker Softwares Elements Found:
.
+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:
.
.
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
============ Other Adwares Found ============
.
.
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\searchplugins\Yoog Search.xml
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[2].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bs.serving-sys[2].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@rotator.its.adjuggler[2].txt
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.8 ----
ProfilePath: auvxqmwc.default (Paul)
.
Prefs.js: Browser.Search.DefaultEngineName: "Yoog Search"
Prefs.js: Browser.Search.SelectedEngine: "Yoog Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(Prefs.js) FOUND: user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) FOUND: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(Prefs.js) FOUND: user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) FOUND: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
.
.
.
User.js: Browser.Search.DefaultEngineName: "Yoog Search"
User.js: Browser.Search.SelectedEngine: "Yoog Search"
User.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(User.js) FOUND: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) FOUND: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(User.js) FOUND: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) FOUND: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
---- Internet Explorer Version 7.0.6001.18000 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://google.atcomet.com/b/
+-[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://google.atcomet.com/b/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
3827 Byte(s) - C:\Ad-Report-Scan-05.04.2009.log
0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 19:20:51 | 05/04/2009
.
+-----------------| E.O.F - 76 Lines
.
J'ai fait le scan avec ad remover et voici le resultat
------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------
Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/
Start at: 19:15:03, Sun 05/04/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: PC-DE-PAUL
Current User: Paul - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 93
+-----------------| Boonty/Boonty Games Elements Found:
.
.
+-----------------| Eorezo Elements Found:
.
+-----------------| Infected Poker Softwares Elements Found:
.
+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:
.
.
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
============ Other Adwares Found ============
.
.
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\searchplugins\Yoog Search.xml
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[2].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bs.serving-sys[2].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@rotator.its.adjuggler[2].txt
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.8 ----
ProfilePath: auvxqmwc.default (Paul)
.
Prefs.js: Browser.Search.DefaultEngineName: "Yoog Search"
Prefs.js: Browser.Search.SelectedEngine: "Yoog Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(Prefs.js) FOUND: user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) FOUND: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(Prefs.js) FOUND: user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) FOUND: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
.
.
.
User.js: Browser.Search.DefaultEngineName: "Yoog Search"
User.js: Browser.Search.SelectedEngine: "Yoog Search"
User.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(User.js) FOUND: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) FOUND: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(User.js) FOUND: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) FOUND: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
---- Internet Explorer Version 7.0.6001.18000 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://google.atcomet.com/b/
+-[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://google.atcomet.com/b/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
3827 Byte(s) - C:\Ad-Report-Scan-05.04.2009.log
0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 19:20:51 | 05/04/2009
.
+-----------------| E.O.F - 76 Lines
.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour Pipo-ch,
Si tu es infecté par Yoog Search toi aussi.
Mais tu ne dois pas intervenir sur le poste de quelqu'un d'autre, créé ton propre sujet avec le rapport de Genproc et un rapport Hijackthis.
Bonne désinfection, Batch_Man.
Si tu es infecté par Yoog Search toi aussi.
Mais tu ne dois pas intervenir sur le poste de quelqu'un d'autre, créé ton propre sujet avec le rapport de Genproc et un rapport Hijackthis.
Bonne désinfection, Batch_Man.
J'ai effectué les scans :
resultat de ad remover:
------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------
Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/
**** LIMITED TO ****
Other Adwares
********************
Start at: 16:19:59, Mon 06/04/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: PC-DE-PAUL
Current User: Paul - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 88
(!) ---- IE start pages/Tabs reset
============ Other Adwares Deleted ============
.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\goccbjhvsqzq
.
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\searchplugins\Yoog Search.xml
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[1].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bs.serving-sys[2].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@rotator.its.adjuggler[2].txt
---- Complementary Cleaning + Heuristic ----
Removed - C:\Program Files\Mozilla FireFox\Components\c2415b2f-2053-9833-5040-799b98acd423.dll
... Done !
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------| Added Scan :
---- Mozilla FireFox Version 3.0.8 ----
ProfilePath: auvxqmwc.default (Paul)
.
Prefs.js: Browser.Search.DefaultEngineName: "Yoog Search"
Prefs.js: Browser.Search.SelectedEngine: "Yoog Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(Prefs.js) REMOVED: user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) REMOVED: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(Prefs.js) REMOVED: user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) REMOVED: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
.
.
.
User.js: Browser.Search.DefaultEngineName: "Yoog Search"
User.js: Browser.Search.SelectedEngine: "Yoog Search"
User.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(User.js) REMOVED: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) REMOVED: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(User.js) REMOVED: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) REMOVED: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
---- Internet Explorer Version 7.0.6001.18000 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
4181 Byte(s) - C:\Ad-Report-Clean-06.04.2009.log
4067 Byte(s) - C:\Ad-Report-Scan-05.04.2009.log
2 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
5 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 16:24:59 | 06/04/2009
.
+-----------------| E.O.F - 77 Lines
.
Resultat de malwarebytes:
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1945
Windows 6.0.6001 Service Pack 1
06/04/2009 18:15:03
mbam-log-2009-04-06 (18-15-03).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 318037
Temps écoulé: 1 hour(s), 38 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DPS (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376df96a-f7be-1efa-cbb8-d3fa389d24b9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{376df96a-f7be-1efa-cbb8-d3fa389d24b9} (Adware.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\axurgwxeoartsuqay (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\DVDTool\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Adware.IEtoolbar) -> Quarantined and deleted successfully.
C:\Windows\xnrs74341.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\kitf44602.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDTool\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\fvfqbnskvoaag.dll (Trojan.Agent) -> Quarantined and deleted successfully.
resultat de ad remover:
------- LOGFILE OF AD-REMOVER 1.1.2.5 | ONLY XP/VISTA -------
Updated by C_XX on 01/04/2009 at 20:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/
**** LIMITED TO ****
Other Adwares
********************
Start at: 16:19:59, Mon 06/04/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 (version 6.0.6001)
Computer Name: PC-DE-PAUL
Current User: Paul - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\Windows\
System Directory: C:\Windows\System32\
--- Running Processes: 88
(!) ---- IE start pages/Tabs reset
============ Other Adwares Deleted ============
.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\goccbjhvsqzq
.
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\searchplugins\Yoog Search.xml
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@atdmt[1].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@bs.serving-sys[2].txt
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Cookies\paul@rotator.its.adjuggler[2].txt
---- Complementary Cleaning + Heuristic ----
Removed - C:\Program Files\Mozilla FireFox\Components\c2415b2f-2053-9833-5040-799b98acd423.dll
... Done !
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+-----------------| Added Scan :
---- Mozilla FireFox Version 3.0.8 ----
ProfilePath: auvxqmwc.default (Paul)
.
Prefs.js: Browser.Search.DefaultEngineName: "Yoog Search"
Prefs.js: Browser.Search.SelectedEngine: "Yoog Search"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(Prefs.js) REMOVED: user_pref("browser.search.defaultenginename", "Yoog Search");
(Prefs.js) REMOVED: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(Prefs.js) REMOVED: user_pref("browser.search.selectedEngine", "Yoog Search");
(Prefs.js) REMOVED: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
.
.
.
User.js: Browser.Search.DefaultEngineName: "Yoog Search"
User.js: Browser.Search.SelectedEngine: "Yoog Search"
User.js: Browser.Search.DefaultUrl: "hxxp://www14.yoog.com/search.php?q="
.
(User.js) REMOVED: user_pref("browser.search.defaultenginename", "Yoog Search");
(User.js) REMOVED: user_pref("browser.search.defaulturl", "http://www14.yoog.com/search.php?q=");
(User.js) REMOVED: user_pref("browser.search.selectedEngine", "Yoog Search");
(User.js) REMOVED: user_pref("keyword.URL", "http://www14.yoog.com/search.php?q=");
---- Internet Explorer Version 7.0.6001.18000 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://ieframe.dll/tabswelcome.htm
+---------------------------------------------------------------------------+
4181 Byte(s) - C:\Ad-Report-Clean-06.04.2009.log
4067 Byte(s) - C:\Ad-Report-Scan-05.04.2009.log
2 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
5 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE
End at: 16:24:59 | 06/04/2009
.
+-----------------| E.O.F - 77 Lines
.
Resultat de malwarebytes:
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1945
Windows 6.0.6001 Service Pack 1
06/04/2009 18:15:03
mbam-log-2009-04-06 (18-15-03).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 318037
Temps écoulé: 1 hour(s), 38 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DPS (Adware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376df96a-f7be-1efa-cbb8-d3fa389d24b9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{376df96a-f7be-1efa-cbb8-d3fa389d24b9} (Adware.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\axurgwxeoartsuqay (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\DVDTool (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\DVDTool\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Adware.IEtoolbar) -> Quarantined and deleted successfully.
C:\Windows\xnrs74341.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\kitf44602.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDTool\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\fvfqbnskvoaag.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Re,
• Télécharge Yoog_Fix (de Batch_Man) sur ton Bureau.
• Pour le lancer, fais un clic-droit dessus et choisis "Exécuter en temps qu'administrateur"
• Au menu principal, choisis l'option 1 ( Recherche )
• Attend que le scan se fasse, un rapport va s'ouvrir (C:\Yoog_Fix.txt)
• Poste le dans ta prochaine réponse.
• Télécharge Yoog_Fix (de Batch_Man) sur ton Bureau.
• Pour le lancer, fais un clic-droit dessus et choisis "Exécuter en temps qu'administrateur"
• Au menu principal, choisis l'option 1 ( Recherche )
• Attend que le scan se fasse, un rapport va s'ouvrir (C:\Yoog_Fix.txt)
• Poste le dans ta prochaine réponse.
Voici le resultat :
Yoog_Fix 2.02 de Batch_Man
Debut a 19:37 le 06/04/2009
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
Internet Explorer 7.0.6001.18000
Mozilla Firefox 3.0.8 (fr)
C:\ [Fixed] - NTFS - (Total:229021 Mo/Free:1028 Mo)
D:\ [Fixed] - NTFS - (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
UAC: OFF
Option [1] 2 Recherche
+---------------\\ Processus cachés/bloqués
4 -Locked- System
1260 -Locked- audiodg.exe
+---------------\\ Recherche
----------\\ Recherche de fichiers
----------\\ Recherche dans prefs.js
----------\\ Recherche dans le registre
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}] @DisplayName=Yoog Search
[HKCU\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKCU\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}] @DisplayName=Yoog Search
----------\\ Infections associées possibles
----------\\ Suspects ( PAS FORCEMENT INFECTIEUX )
+---> Registre
+---> Fichiers
[--a------ + 21/01/2008 04:24 + 23552] C:\Windows\system32\nshhttp.dll
[--a------ + 21/01/2008 04:24 + 352256] C:\Windows\system32\nshipsec.dll
[--a------ + 21/01/2008 04:24 + 8192] C:\Windows\system32\nsi.dll
[--a------ + 21/01/2008 04:24 + 18432] C:\Windows\system32\nsisvc.dll
+---------------\\Analyse complémentaire
+---------\\ Tâches planifiées
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\GoogleUpdateTaskMachine.job
C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - Paul.job
C:\Windows\Tasks\SCHEDLGU.TXT
----------\\ Analyse de Firefox
[C:\Users\Paul\..\prefs.js] browser.startup.homepage: https://www.google.com/?gws_rd=ssl
[C:\Users\Paul\..\prefs.js] browser.startup.homepage: https://www.google.com/?gws_rd=ssl
----------\\ Extensions Firefox
[User: Paul (auvxqmwc.default)] - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[User: Paul (auvxqmwc.default)] - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[User: Paul (auvxqmwc.default)] - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
----------\\ Plugins de recherche
[10/09/2006 13:35|1516] - C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml: Amazon.fr - Recherche Amazon.fr: https://www.amazon.fr/
[28/09/2008 09:10|757] - C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml: eBay France - eBay - Enchères en ligne: http://search.ebay.fr/
[16/04/2008 06:08|1706] - C:\Program Files\Mozilla Firefox\searchplugins\google.xml: Google - Google Search: https://www.google.com/
[10/09/2006 13:35|748] - C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml: MediaDICO - Les Dictionnaires Mediadico: http://www.dictionnaire-mediadico.com/dictionnaires.asp
[29/03/2008 15:59|1426] - C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml: Wikipédia (fr) - Wikipédia, l'encyclopédie libre: https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[12/09/2006 20:49|652] - C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml: Yahoo - Recherche Yahoo: https://fr.search.yahoo.com/
----------\\ Listing de dossiers
[02/12/2008 10:04 | --a------ | 348427 bytes] C:\Program Files\Mozilla Firefox\Components\browser.xpt
[28/03/2009 21:55 | --a------ | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[28/03/2009 21:55 | --a------ | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[30/06/2008 14:44 | --a------ | 324976 bytes] C:\Program Files\Mozilla Firefox\Components\coFFPlgn.dll
[26/12/2007 15:50 | --a------ | 179 bytes] C:\Program Files\Mozilla Firefox\Components\nsIBitCometAgent.xpt
[17/03/2009 22:52 | --a------ | 2394 bytes] C:\Program Files\Mozilla Firefox\Components\nsIQTScriptablePlugin.xpt
[28/12/2008 23:17 | d-------- | 0 bytes] C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT
[10/04/2007 18:21 | --a------ | 163256 bytes] C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[11/11/2008 09:38 | --a------ | 663552 bytes] C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[21/11/2008 23:45 | --a------ | 1332224 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[21/11/2008 23:45 | --a------ | 1607 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.xpt
[21/11/2008 23:45 | --a------ | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[28/03/2009 21:55 | --a------ | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 20:23 | --a------ | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[14/10/2008 22:33 | --a------ | 95600 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[23/10/2006 02:26 | --a------ | 6144 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[21/11/2008 23:45 | --a------ | 297 bytes] C:\Program Files\Mozilla Firefox\plugins\nsIDivxPlayerPlugin.xpt
[17/03/2009 22:52 | --a------ | 4208 bytes] C:\Program Files\Mozilla Firefox\plugins\QuickTimePlugin.class
[30/03/2007 11:43 | --a------ | 149569 bytes] C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin License.rtf
[30/03/2007 11:43 | --a------ | 3352 bytes] C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin RelNotes.txt
----------\\ Analyse d'Internet Explorer
HKEY_CURRENT_USER\..\Internet Explorer,Start Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\..\Internet Explorer,Search Page: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\..\Internet Explorer,Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\..\Internet Explorer,Start Page: https://www.msn.com/fr-fr
HKEY_LOCAL_MACHINE\..\Internet Explorer,Default_Search_URL: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
----------\\ Browser Helper Object
----------\\ SearchScopes
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}],@DisplayName=Yoog Search
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{62A30616-C8CE-4F6E-AC27-42818F62EACF}],@DisplayName=Kelkoo
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{68FAD7D9-18EE-45D6-9971-EA6D4A2702CB}],@DisplayName=Softonic_France_TC Customized Web Search
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}],@DisplayName=AOL Recherche
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{CE68D540-D98D-42B0-94A7-B61EC751A4DD}],@DisplayName=Google
[HKCU\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKCU\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}],@DisplayName=Yoog Search
[HKCU\..\SearchScopes\{62A30616-C8CE-4F6E-AC27-42818F62EACF}],@DisplayName=Kelkoo
[HKCU\..\SearchScopes\{68FAD7D9-18EE-45D6-9971-EA6D4A2702CB}],@DisplayName=Softonic_France_TC Customized Web Search
[HKCU\..\SearchScopes\{98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}],@DisplayName=AOL Recherche
[HKCU\..\SearchScopes\{CE68D540-D98D-42B0-94A7-B61EC751A4DD}],@DisplayName=Google
[HKLM\..\SearchScopes],@DefaultScope={98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}
[HKLM\..\SearchScopes\{62A30616-C8CE-4F6E-AC27-42818F62EACF}],@DisplayName=Kelkoo
[HKLM\..\SearchScopes\{98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}],@DisplayName=AOL Recherche
----------\\ Extensions
+--------------- Fin à 19h 38min
Yoog_Fix 2.02 de Batch_Man
Debut a 19:37 le 06/04/2009
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
Internet Explorer 7.0.6001.18000
Mozilla Firefox 3.0.8 (fr)
C:\ [Fixed] - NTFS - (Total:229021 Mo/Free:1028 Mo)
D:\ [Fixed] - NTFS - (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
UAC: OFF
Option [1] 2 Recherche
+---------------\\ Processus cachés/bloqués
4 -Locked- System
1260 -Locked- audiodg.exe
+---------------\\ Recherche
----------\\ Recherche de fichiers
----------\\ Recherche dans prefs.js
----------\\ Recherche dans le registre
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}] @DisplayName=Yoog Search
[HKCU\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKCU\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}] @DisplayName=Yoog Search
----------\\ Infections associées possibles
----------\\ Suspects ( PAS FORCEMENT INFECTIEUX )
+---> Registre
+---> Fichiers
[--a------ + 21/01/2008 04:24 + 23552] C:\Windows\system32\nshhttp.dll
[--a------ + 21/01/2008 04:24 + 352256] C:\Windows\system32\nshipsec.dll
[--a------ + 21/01/2008 04:24 + 8192] C:\Windows\system32\nsi.dll
[--a------ + 21/01/2008 04:24 + 18432] C:\Windows\system32\nsisvc.dll
+---------------\\Analyse complémentaire
+---------\\ Tâches planifiées
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\GoogleUpdateTaskMachine.job
C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complŠte du systŠme - Paul.job
C:\Windows\Tasks\SCHEDLGU.TXT
----------\\ Analyse de Firefox
[C:\Users\Paul\..\prefs.js] browser.startup.homepage: https://www.google.com/?gws_rd=ssl
[C:\Users\Paul\..\prefs.js] browser.startup.homepage: https://www.google.com/?gws_rd=ssl
----------\\ Extensions Firefox
[User: Paul (auvxqmwc.default)] - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[User: Paul (auvxqmwc.default)] - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\auvxqmwc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[User: Paul (auvxqmwc.default)] - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
----------\\ Plugins de recherche
[10/09/2006 13:35|1516] - C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml: Amazon.fr - Recherche Amazon.fr: https://www.amazon.fr/
[28/09/2008 09:10|757] - C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml: eBay France - eBay - Enchères en ligne: http://search.ebay.fr/
[16/04/2008 06:08|1706] - C:\Program Files\Mozilla Firefox\searchplugins\google.xml: Google - Google Search: https://www.google.com/
[10/09/2006 13:35|748] - C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml: MediaDICO - Les Dictionnaires Mediadico: http://www.dictionnaire-mediadico.com/dictionnaires.asp
[29/03/2008 15:59|1426] - C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml: Wikipédia (fr) - Wikipédia, l'encyclopédie libre: https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[12/09/2006 20:49|652] - C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml: Yahoo - Recherche Yahoo: https://fr.search.yahoo.com/
----------\\ Listing de dossiers
[02/12/2008 10:04 | --a------ | 348427 bytes] C:\Program Files\Mozilla Firefox\Components\browser.xpt
[28/03/2009 21:55 | --a------ | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[28/03/2009 21:55 | --a------ | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[30/06/2008 14:44 | --a------ | 324976 bytes] C:\Program Files\Mozilla Firefox\Components\coFFPlgn.dll
[26/12/2007 15:50 | --a------ | 179 bytes] C:\Program Files\Mozilla Firefox\Components\nsIBitCometAgent.xpt
[17/03/2009 22:52 | --a------ | 2394 bytes] C:\Program Files\Mozilla Firefox\Components\nsIQTScriptablePlugin.xpt
[28/12/2008 23:17 | d-------- | 0 bytes] C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT
[10/04/2007 18:21 | --a------ | 163256 bytes] C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[11/11/2008 09:38 | --a------ | 663552 bytes] C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[21/11/2008 23:45 | --a------ | 1332224 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[21/11/2008 23:45 | --a------ | 1607 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.xpt
[21/11/2008 23:45 | --a------ | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[28/03/2009 21:55 | --a------ | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 20:23 | --a------ | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[14/10/2008 22:33 | --a------ | 95600 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[23/10/2006 02:26 | --a------ | 6144 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[17/03/2009 22:52 | --a------ | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[21/11/2008 23:45 | --a------ | 297 bytes] C:\Program Files\Mozilla Firefox\plugins\nsIDivxPlayerPlugin.xpt
[17/03/2009 22:52 | --a------ | 4208 bytes] C:\Program Files\Mozilla Firefox\plugins\QuickTimePlugin.class
[30/03/2007 11:43 | --a------ | 149569 bytes] C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin License.rtf
[30/03/2007 11:43 | --a------ | 3352 bytes] C:\Program Files\Mozilla Firefox\plugins\WMP Firefox Plugin RelNotes.txt
----------\\ Analyse d'Internet Explorer
HKEY_CURRENT_USER\..\Internet Explorer,Start Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\..\Internet Explorer,Search Page: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\..\Internet Explorer,Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\..\Internet Explorer,Start Page: https://www.msn.com/fr-fr
HKEY_LOCAL_MACHINE\..\Internet Explorer,Default_Search_URL: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
----------\\ Browser Helper Object
----------\\ SearchScopes
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}],@DisplayName=Yoog Search
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{62A30616-C8CE-4F6E-AC27-42818F62EACF}],@DisplayName=Kelkoo
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{68FAD7D9-18EE-45D6-9971-EA6D4A2702CB}],@DisplayName=Softonic_France_TC Customized Web Search
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}],@DisplayName=AOL Recherche
[HKEY_USERS\S-1-5-21-987188373-1824329948-4267097014-1000\..\SearchScopes\{CE68D540-D98D-42B0-94A7-B61EC751A4DD}],@DisplayName=Google
[HKCU\..\SearchScopes],@DefaultScope={00046011-B50C-4661-82D8-1C84C73A6CC5}
[HKCU\..\SearchScopes\{00046011-B50C-4661-82D8-1C84C73A6CC5}],@DisplayName=Yoog Search
[HKCU\..\SearchScopes\{62A30616-C8CE-4F6E-AC27-42818F62EACF}],@DisplayName=Kelkoo
[HKCU\..\SearchScopes\{68FAD7D9-18EE-45D6-9971-EA6D4A2702CB}],@DisplayName=Softonic_France_TC Customized Web Search
[HKCU\..\SearchScopes\{98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}],@DisplayName=AOL Recherche
[HKCU\..\SearchScopes\{CE68D540-D98D-42B0-94A7-B61EC751A4DD}],@DisplayName=Google
[HKLM\..\SearchScopes],@DefaultScope={98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}
[HKLM\..\SearchScopes\{62A30616-C8CE-4F6E-AC27-42818F62EACF}],@DisplayName=Kelkoo
[HKLM\..\SearchScopes\{98B7A3BD-0ED9-4F10-B1A4-75F8376F6E7E}],@DisplayName=AOL Recherche
----------\\ Extensions
+--------------- Fin à 19h 38min
On peut passer à la suppression ;)
• Fais un clic-droit sur le raccourci de Yoog_Fix et choisis "Exécuter en temps qu'administrateur"
• Au menu principal, choisis l'option 2 ( Suppression )
• Attend que la suppression se finisse.
• Ensuite appuie sur une touche, un rapport s'ouvre
• Poste-le dans ta prochaine réponse stp
Ensuite, fais redémarrer ton ordinateur et poste un nouveau rapport hijackthis
• Fais un clic-droit sur le raccourci de Yoog_Fix et choisis "Exécuter en temps qu'administrateur"
• Au menu principal, choisis l'option 2 ( Suppression )
• Attend que la suppression se finisse.
• Ensuite appuie sur une touche, un rapport s'ouvre
• Poste-le dans ta prochaine réponse stp
Ensuite, fais redémarrer ton ordinateur et poste un nouveau rapport hijackthis
