5 réponses
Bonjour
• Télécharger sur le bureau : Yoog fix
• Double cliquez sur l'icône, une fenêtre d'avertissement d'usage apparaît cliquez sur OK si vous êtes d'accord.
• Yoog_Fix se lance tapez 1 et validez par Entrée lorsque celui-ci vous demande votre choix .
• Le logiciel commence à rechercher des traces de l'infection .
• Une fois la recherche terminée, une fenêtre s'affiche et vous demande d'appuyer sur une touche quelconque du clavier pour continuer la procédure, suivez cette recommandation .
• Le rapport s'ouvre, le but est maintenant de le poster dans un message sur le forum. Pour copier-coller le texte, utilisez le menu Edition / Sélectionner tout (ou CTRL + A) .
• Pour mettre le texte en mémoire, copiez le toujours via le menu Edition / Copier (ou CTRL + C).
• Collez ensuite le rapport sur le Forum pour que l'on vous indique la marche à suivre pour vous débarrasser de Yoog search.
• Télécharger sur le bureau : Yoog fix
• Double cliquez sur l'icône, une fenêtre d'avertissement d'usage apparaît cliquez sur OK si vous êtes d'accord.
• Yoog_Fix se lance tapez 1 et validez par Entrée lorsque celui-ci vous demande votre choix .
• Le logiciel commence à rechercher des traces de l'infection .
• Une fois la recherche terminée, une fenêtre s'affiche et vous demande d'appuyer sur une touche quelconque du clavier pour continuer la procédure, suivez cette recommandation .
• Le rapport s'ouvre, le but est maintenant de le poster dans un message sur le forum. Pour copier-coller le texte, utilisez le menu Edition / Sélectionner tout (ou CTRL + A) .
• Pour mettre le texte en mémoire, copiez le toujours via le menu Edition / Copier (ou CTRL + C).
• Collez ensuite le rapport sur le Forum pour que l'on vous indique la marche à suivre pour vous débarrasser de Yoog search.
Yoog_Fix 3.0.1 de Batch_Man | JeFlo (Administrateur)
Debut a 13:48 le 12/08/2009
Microsoft Windows XP Édition familiale(5.1.2600)
Processeur Intel Pentium III Xeon
Ram : 3583,1 Mo
Normal boot
Antivirus: avast! antivirus 4.8.1335 [VPS 090811-0] 4.8.1335 (Activated)
Lancé de "C:\Program Files\Windows Live\Mail\Yoog_Fix.bat"
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:49999 Mo/Free:3617 Mo)
D:\ [Fixed] - NTFS - (Total:188465 Mo/Free:1637 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
SUPPRIME - C:\WINDOWS\system32\noeusryebj.dll"
SUPPRIME - C:\Program Files\Mozilla Firefox\components\noeusryebj.dll
SUPPRIME - C:\Program Files\Mozilla Firefox\components\noeusryebj.dll
SUPPRIME - C:\WINDOWS\system32\noeusryebj.dll-uninst.exe
SUPPRIME - C:\WINDOWS\system32\noeusryebj.dll
SUPPRIME - HKLM\SOFTWARE\Classes\CLSID\{E8593AFB-6988-9F69-2AA7-6C90DB06523A}
SUPPRIME - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8593AFB-6988-9F69-2AA7-6C90DB06523A}
SUPPRIME - HKLM\SOFTWARE\Classes\CLSID\{E8593AFB-6988-9F69-2AA7-6C90DB06523A}
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q=");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.startup.homepage", "http://www27.yoog.com/");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q=");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.startup.homepage", "http://www27.yoog.com/");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q=");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q=");
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse de Firefox]
------------[Analyse de Firefox]
Mozilla Firefox 3.0.13 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: C:\Documents and Settings\JeFlo\Application Data\Mozilla\Firefox\Profiles\fwj9t66v.default
------------[Extensions Firefox]
[JeFlo] DTToolbar@toolbarnet.com = DAEMON Tools Toolbar
[JeFlo] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
jqs@sun.com = C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{20a82645-c095-46ed-80e3-08825760534b} = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
------------[Mozilla Plugins]
Path = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe® Flash® Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Web Player
Path = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
XPTPath = C:\Program Files\DivX\DivX Content Uploader\npUpload.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Content Upload Plugin
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Player Plugin
Path = C:\Program Files\ma-config.com\nphardwaredetection.dll
Vendor = CybelSoft
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
Version = 1.3
Vendor = Microsoft
ProductName = Microsoft Office Live Plug-in for Firefox
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8064.0206
Vendor = Microsoft
GeckoVersion = 1.7.2
Path = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nppl3260.xpt
Path = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nsJSRealPlayerPlugin.xpt
Path = C:\Program Files\VideoLAN\VLC\npvlc.dll
Vendor = VideoLAN
Version = 0.9.9
------------[Plugins de recherche]
[JeFlo] live-search.xml = https://outlook.live.com/owa/
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
------------[Listing de dossiers]
[05/08/2009 18:13 | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[05/08/2009 18:13 | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[25/07/2009 05:23 | 411368 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[28/09/2007 19:53 | 717312 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[28/09/2007 19:54 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[05/08/2009 18:13 | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 20:23 | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[27/02/2009 13:13 | 103792 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]
Internet Explorer : 7.0.5730.13
L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKCU\..\Main.Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Main.Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKCU\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKCU\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKCU\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
--------[Browser Helper Object]
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=3.0
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=AcroIEHelperStub
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB},@SANS NOM=3.0
BHO: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE},@SANS NOM=3.0
BHO: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE},@SANS NOM=Canon Easy Web Print Helper
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=3.0
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=Search Helper
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=3.0
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes],@DefaultScope={9D5BD211-422C-4164-9298-BB4186A30F31}
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}],@DisplayName=DAEMON Search
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{C9AD794B-CEBA-462C-A489-CC649297E869}],@DisplayName=Live Search
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={9D5BD211-422C-4164-9298-BB4186A30F31}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}],@DisplayName=DAEMON Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9AD794B-CEBA-462C-A489-CC649297E869}],@DisplayName=Live Search
--------[Extensions]
@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
--------[Clé Run]
------------[Autres infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Autres rapports]
[12/08/2009 13:50] C:\Yoog_Fix\Logs\Rapport_12_08_2009_n1.txt - (Choix 1 : Recherche / Suppression)
-------------------------->>
Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_12_08_2009_1.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html
Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com
+--------------[Fin à 13h 50min]
voici le rapport
en vous remerciant
cordialement
Debut a 13:48 le 12/08/2009
Microsoft Windows XP Édition familiale(5.1.2600)
Processeur Intel Pentium III Xeon
Ram : 3583,1 Mo
Normal boot
Antivirus: avast! antivirus 4.8.1335 [VPS 090811-0] 4.8.1335 (Activated)
Lancé de "C:\Program Files\Windows Live\Mail\Yoog_Fix.bat"
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:49999 Mo/Free:3617 Mo)
D:\ [Fixed] - NTFS - (Total:188465 Mo/Free:1637 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
J:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
SUPPRIME - C:\WINDOWS\system32\noeusryebj.dll"
SUPPRIME - C:\Program Files\Mozilla Firefox\components\noeusryebj.dll
SUPPRIME - C:\Program Files\Mozilla Firefox\components\noeusryebj.dll
SUPPRIME - C:\WINDOWS\system32\noeusryebj.dll-uninst.exe
SUPPRIME - C:\WINDOWS\system32\noeusryebj.dll
SUPPRIME - HKLM\SOFTWARE\Classes\CLSID\{E8593AFB-6988-9F69-2AA7-6C90DB06523A}
SUPPRIME - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8593AFB-6988-9F69-2AA7-6C90DB06523A}
SUPPRIME - HKLM\SOFTWARE\Classes\CLSID\{E8593AFB-6988-9F69-2AA7-6C90DB06523A}
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q=");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("browser.startup.homepage", "http://www27.yoog.com/");
SUPPRIME - prefs.js [JeFlo - fwj9t66v.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q=");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.startup.homepage", "http://www27.yoog.com/");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q=");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - user.js [JeFlo - fwj9t66v.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q=");
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse de Firefox]
------------[Analyse de Firefox]
Mozilla Firefox 3.0.13 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: C:\Documents and Settings\JeFlo\Application Data\Mozilla\Firefox\Profiles\fwj9t66v.default
------------[Extensions Firefox]
[JeFlo] DTToolbar@toolbarnet.com = DAEMON Tools Toolbar
[JeFlo] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
jqs@sun.com = C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{20a82645-c095-46ed-80e3-08825760534b} = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
------------[Mozilla Plugins]
Path = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe® Flash® Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Web Player
Path = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
XPTPath = C:\Program Files\DivX\DivX Content Uploader\npUpload.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Content Upload Plugin
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Player Plugin
Path = C:\Program Files\ma-config.com\nphardwaredetection.dll
Vendor = CybelSoft
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
Version = 1.3
Vendor = Microsoft
ProductName = Microsoft Office Live Plug-in for Firefox
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8064.0206
Vendor = Microsoft
GeckoVersion = 1.7.2
Path = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nppl3260.xpt
Path = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nsJSRealPlayerPlugin.xpt
Path = C:\Program Files\VideoLAN\VLC\npvlc.dll
Vendor = VideoLAN
Version = 0.9.9
------------[Plugins de recherche]
[JeFlo] live-search.xml = https://outlook.live.com/owa/
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
------------[Listing de dossiers]
[05/08/2009 18:13 | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[05/08/2009 18:13 | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[25/07/2009 05:23 | 411368 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[28/09/2007 19:53 | 717312 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[28/09/2007 19:54 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[05/08/2009 18:13 | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 20:23 | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[27/02/2009 13:13 | 103792 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]
Internet Explorer : 7.0.5730.13
L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKCU\..\Main.Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Main.Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKCU\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKCU\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKCU\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKU\S-1-5-21-606747145-796845957-1801674531-1004\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
--------[Browser Helper Object]
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=3.0
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=AcroIEHelperStub
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB},@SANS NOM=3.0
BHO: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE},@SANS NOM=3.0
BHO: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE},@SANS NOM=Canon Easy Web Print Helper
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=3.0
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B},@SANS NOM=Search Helper
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=3.0
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes],@DefaultScope={9D5BD211-422C-4164-9298-BB4186A30F31}
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}],@DisplayName=DAEMON Search
[HKEY_USERS\S-1-5-21-606747145-796845957-1801674531-1004\..\SearchScopes\{C9AD794B-CEBA-462C-A489-CC649297E869}],@DisplayName=Live Search
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={9D5BD211-422C-4164-9298-BB4186A30F31}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}],@DisplayName=DAEMON Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C9AD794B-CEBA-462C-A489-CC649297E869}],@DisplayName=Live Search
--------[Extensions]
@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
--------[Clé Run]
------------[Autres infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Autres rapports]
[12/08/2009 13:50] C:\Yoog_Fix\Logs\Rapport_12_08_2009_n1.txt - (Choix 1 : Recherche / Suppression)
-------------------------->>
Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_12_08_2009_1.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html
Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com
+--------------[Fin à 13h 50min]
voici le rapport
en vous remerciant
cordialement
RE
J'ai enfin pu retrouver une page d'accueil autre que yoog par défaut merci à vous
bonne continuation
cordialement
J'ai enfin pu retrouver une page d'accueil autre que yoog par défaut merci à vous
bonne continuation
cordialement
Pour voir si tu as d'autre infection.
• Télécharge : http://images.malwareremoval.com/random/RSIT.exe
/!\ Important (Sous Vista) /!\
Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
• Télécharge : http://images.malwareremoval.com/random/RSIT.exe
/!\ Important (Sous Vista) /!\
Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Yoog_Fix 3.0.1 by Batch_Man | enq (Limited account)
Start at 12:12 le 24/08/2009
Microsoft® Windows Vista(6.0.6002)
Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Ram : 1978,4 Mo
Normal boot
UAC : ON
Launched from "C:\Users\enq\AppData\Roaming\IDM\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:141828 Mo/Free:2163 Mo)
D:\ [Fixed] - NTFS - (Total:10794 Mo/Free:1756 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Option [1] 2 Search / Remove
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Remove: Files / Folders / Keys / Firefox prefs]
Not DELETED - C:\Program Files\Mozilla Firefox\components\6b85dab8-6b71-9ef4-04c3-833a3769570b.dll
Not DELETED - C:\Program Files\Mozilla Firefox\components\crpxpywyjptmae.dll
DELETED - C:\Windows\System32\fe5e9884-400d-b208-0040-ef0ed8f7a78c.exe
DELETED - C:\Windows\system32\crpxpywyjptmae.dll-uninst.exe
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fe5e9884-400d-b208-0040-ef0ed8f7a78c
DELETED - HKLM\SOFTWARE\Classes\CLSID\{ba2ca81b-d824-89f4-fefd-e1a28ddafcc9}
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba2ca81b-d824-89f4-fefd-e1a28ddafcc9}
DELETED - HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}
DELETED - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("browser.search.defaultenginename", "Yoog Search");
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.search.selectedEngine", "Yoog Search");
DELETED - user.js [enq - nzu9u33m.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.search.defaultenginename", "Yoog Search");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Search: Analysis of Firefox]
------------[Analysis of Firefox]
Mozilla Firefox 3.0.13 (fr)
Install Directory : C:\Program Files\Mozilla Firefox
Path: C:\Users\enq\AppData\Roaming\Mozilla\Firefox\Profiles\nzu9u33m.default
[basic\..\prefs.js] keyword.URL: "https://search.yahoo.com/web?fr=greentree_ff1"
[basic\..\prefs.js] browser.search.selectedEngine: "Yahoo"
[enq\..\prefs.js] browser.search.selectedEngine: "Google"
------------[Firefox Extensions]
[basic] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[enq] firebug@software.joehewitt.com = Firebug
[enq] FirePHPExtension-Build@firephp.org = FirePHP
[enq] twitternotifier@naan.net = TwitterFox
[enq] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[enq] {47624dda-b77e-4feb-820a-e4f077d5d4ca} = Boost for Facebook
[enq] {6AC85730-7D0F-4de0-B3FA-21142DD85326} = ColorZilla
{20a82645-c095-46ed-80e3-08825760534b} = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
------------[Mozilla Plugins]
Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe© Flash© Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.32.18
ProductName = Adobe Shockwave Player
Vendor = Adobe Systems Inc
Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
Version = 1100465
GeckoVersion = 1.7.5
Path = c:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
Version = 1.3
Vendor = Microsoft
ProductName = Microsoft Office Live Plug-in for Firefox
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8064.0206
Vendor = Microsoft
GeckoVersion = 1.7.2
Path = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nppl3260.xpt
Path = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nsJSRealPlayerPlugin.xpt
Path = C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
ProductName = Google Update
Vendor = Google
Version = 8
------------[Search Plugins]
[enq] live-search.xml = https://outlook.live.com/owa/
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
[Program Files] yahoo.xml = SearchForm
------------[Listing of folders]
[01/06/2009 11:07 | 1363456 bytes] C:\Program Files\Mozilla Firefox\Components\6b85dab8-6b71-9ef4-04c3-833a3769570b.dll
[05/08/2009 19:10 | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[05/08/2009 19:10 | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[27/05/2009 19:10 | 429056 bytes] C:\Program Files\Mozilla Firefox\Components\crpxpywyjptmae.dll
[10/04/2007 19:21 | 163256 bytes] C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[25/07/2009 06:23 | 411368 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[05/08/2009 19:10 | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[26/10/2006 22:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[27/02/2009 13:13 | 103792 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Search: Registry Analysis]
Internet Explorer : 8.0.6001.18813
L1 = HKLM\..\Main.Start Page = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
L1 = HKLM\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKCU\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKCU\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-19\..\Main.Start Page = https://www.broadcom.com/support/security-center
L1 = HKU\S-1-5-19\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-19\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-20\..\Main.Start Page = https://www.broadcom.com/support/security-center
L1 = HKU\S-1-5-20\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-20\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
L1 = HKCU\..\Main.Default_Page_URL = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Default_Page_URL = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
InPrivate = res://ieframe.dll/inprivate.htm
--------[Browser Helper Object]
BHO: {0055C089-8582-441B-A0BF-17B458C2A3A8},@SANS NOM=Helper
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C},@SANS NOM=add-on (mastermind)
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=not set)
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7},@SANS NOM=not set)
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D},@SANS NOM=not set)
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=Dictionary Compression sdch
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=not set)
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}}],@DisplayName=Yahoo! Search
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}}],@DisplayName=Yahoo! Search
--------[Extensions]
--------[Run Key]
------------[Others infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Others reports]
[24/08/2009 12:17] C:\Yoog_Fix\Logs\Rapport_24_08_2009_n1.txt - (Choice 1 : Search / Remove)
-------------------------->>
Please upload the file C:\Yoog_Fix\Backups\Backup_24_08_2009_1.zip at : http://batchdhelus.open-web.fr/upload
How to use : http://batchdhelus.open-web.fr/upload/procedure.html
If the procedure fails, please send the file at yoog.fix.sav@gmail.com
+--------------[End at 12h 17min]
Start at 12:12 le 24/08/2009
Microsoft® Windows Vista(6.0.6002)
Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Ram : 1978,4 Mo
Normal boot
UAC : ON
Launched from "C:\Users\enq\AppData\Roaming\IDM\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:141828 Mo/Free:2163 Mo)
D:\ [Fixed] - NTFS - (Total:10794 Mo/Free:1756 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Option [1] 2 Search / Remove
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Remove: Files / Folders / Keys / Firefox prefs]
Not DELETED - C:\Program Files\Mozilla Firefox\components\6b85dab8-6b71-9ef4-04c3-833a3769570b.dll
Not DELETED - C:\Program Files\Mozilla Firefox\components\crpxpywyjptmae.dll
DELETED - C:\Windows\System32\fe5e9884-400d-b208-0040-ef0ed8f7a78c.exe
DELETED - C:\Windows\system32\crpxpywyjptmae.dll-uninst.exe
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fe5e9884-400d-b208-0040-ef0ed8f7a78c
DELETED - HKLM\SOFTWARE\Classes\CLSID\{ba2ca81b-d824-89f4-fefd-e1a28ddafcc9}
DELETED - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba2ca81b-d824-89f4-fefd-e1a28ddafcc9}
DELETED - HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}
DELETED - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("browser.search.defaultenginename", "Yoog Search");
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
DELETED - prefs.js [enq - nzu9u33m.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.search.selectedEngine", "Yoog Search");
DELETED - user.js [enq - nzu9u33m.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.search.defaultenginename", "Yoog Search");
DELETED - user.js [enq - nzu9u33m.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Search: Analysis of Firefox]
------------[Analysis of Firefox]
Mozilla Firefox 3.0.13 (fr)
Install Directory : C:\Program Files\Mozilla Firefox
Path: C:\Users\enq\AppData\Roaming\Mozilla\Firefox\Profiles\nzu9u33m.default
[basic\..\prefs.js] keyword.URL: "https://search.yahoo.com/web?fr=greentree_ff1"
[basic\..\prefs.js] browser.search.selectedEngine: "Yahoo"
[enq\..\prefs.js] browser.search.selectedEngine: "Google"
------------[Firefox Extensions]
[basic] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[enq] firebug@software.joehewitt.com = Firebug
[enq] FirePHPExtension-Build@firephp.org = FirePHP
[enq] twitternotifier@naan.net = TwitterFox
[enq] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
[enq] {47624dda-b77e-4feb-820a-e4f077d5d4ca} = Boost for Facebook
[enq] {6AC85730-7D0F-4de0-B3FA-21142DD85326} = ColorZilla
{20a82645-c095-46ed-80e3-08825760534b} = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
------------[Mozilla Plugins]
Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe© Flash© Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.32.18
ProductName = Adobe Shockwave Player
Vendor = Adobe Systems Inc
Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
Version = 1100465
GeckoVersion = 1.7.5
Path = c:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
Version = 1.3
Vendor = Microsoft
ProductName = Microsoft Office Live Plug-in for Firefox
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8064.0206
Vendor = Microsoft
GeckoVersion = 1.7.2
Path = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nppl3260.xpt
Path = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
Version = 6.0.12.69
Vendor = RealNetworks
XPTPath = C:\Program Files\Real Alternative\browser\components\nsJSRealPlayerPlugin.xpt
Path = C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
ProductName = Google Update
Vendor = Google
Version = 8
------------[Search Plugins]
[enq] live-search.xml = https://outlook.live.com/owa/
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
[Program Files] yahoo.xml = SearchForm
------------[Listing of folders]
[01/06/2009 11:07 | 1363456 bytes] C:\Program Files\Mozilla Firefox\Components\6b85dab8-6b71-9ef4-04c3-833a3769570b.dll
[05/08/2009 19:10 | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[05/08/2009 19:10 | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[27/05/2009 19:10 | 429056 bytes] C:\Program Files\Mozilla Firefox\Components\crpxpywyjptmae.dll
[10/04/2007 19:21 | 163256 bytes] C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[25/07/2009 06:23 | 411368 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[05/08/2009 19:10 | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[26/10/2006 22:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[27/02/2009 13:13 | 103792 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[14/06/2009 18:34 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Search: Registry Analysis]
Internet Explorer : 8.0.6001.18813
L1 = HKLM\..\Main.Start Page = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
L1 = HKLM\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKCU\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKCU\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-19\..\Main.Start Page = https://www.broadcom.com/support/security-center
L1 = HKU\S-1-5-19\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-19\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-20\..\Main.Start Page = https://www.broadcom.com/support/security-center
L1 = HKU\S-1-5-20\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-20\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Start Page = https://www.msn.com/fr-fr
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Search Bar = http://www.bing.com/spresults.aspx
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
L1 = HKCU\..\Main.Default_Page_URL = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
L1 = HKU\S-1-5-21-4035731529-2718081389-3574937747-1000\..\Main.Default_Page_URL = https://www8.hp.com/emea_africa/fr/home.html?jumpid=ex_r11642_aa/fr/any/psg/touchpoint_iehome-ot-xx-xx-/chev
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
InPrivate = res://ieframe.dll/inprivate.htm
--------[Browser Helper Object]
BHO: {0055C089-8582-441B-A0BF-17B458C2A3A8},@SANS NOM=Helper
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C},@SANS NOM=add-on (mastermind)
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=not set)
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7},@SANS NOM=not set)
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D},@SANS NOM=not set)
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=Dictionary Compression sdch
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=not set)
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-4035731529-2718081389-3574937747-1000\..\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}}],@DisplayName=Yahoo! Search
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={6A1806CD-94D4-4689-BA73-E35EA1EA9990}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A87FA1C6-8456-4876-8B82-9D8A876E8D1F}}],@DisplayName=Yahoo! Search
--------[Extensions]
--------[Run Key]
------------[Others infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Others reports]
[24/08/2009 12:17] C:\Yoog_Fix\Logs\Rapport_24_08_2009_n1.txt - (Choice 1 : Search / Remove)
-------------------------->>
Please upload the file C:\Yoog_Fix\Backups\Backup_24_08_2009_1.zip at : http://batchdhelus.open-web.fr/upload
How to use : http://batchdhelus.open-web.fr/upload/procedure.html
If the procedure fails, please send the file at yoog.fix.sav@gmail.com
+--------------[End at 12h 17min]
