Infection yoog
Résolu
britla
Messages postés
88
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
ma page d'accueil sur fire fox et rediriger vers yoog search alors j'ai fait une analyse avec yoog_fx,
voici le rapport de yoog_fx
Yoog_Fix 3.0.1 de Batch_Man | Mehdi (Administrateur)
Debut a 16:35 le 06/12/2009
Microsoft Windows XP Professionnel(5.1.2600)
Intel(R) Pentium(R) M processor 1.60GHz
Ram : 1263,4 Mo
Normal boot
Antivirus: VirusScan Enterprise + AntiSpyware Enterprise 8.5.0.781 (Activated)
Lancé de "C:\Documents and Settings\Mehdi\Bureau\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:15060 Mo/Free:3181 Mo)
D:\ [Fixed] - NTFS - (Total:23093 Mo/Free:2958 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Z:\ [Network] (Total:8001 Mo/Free:489 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
SUPPRIME - C:\WINDOWS\System32\406c29cc-7e34-663e-290f-d7784ce31346.exe
SUPPRIME - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\406c29cc-7e34-663e-290f-d7784ce31346
SUPPRIME - HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
SUPPRIME - HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse de Firefox]
------------[Analyse de Firefox]
Mozilla Firefox 3.5.2 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\id4ntbh5.default
------------[Extensions Firefox]
[Mehdi] {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} = FlashGot
[Mehdi] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
{20a82645-c095-46ed-80e3-08825760534b} = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
jqs@sun.com = C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{ABDE892B-13A8-4d1b-88E6-365A6E755758} = C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
------------[Mozilla Plugins]
Path = C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\System32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe® Flash® Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.32.18
Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
ProductName = iTunes Application Detector
Version = 8.2.0.23
Vendor = Apple Inc.
ProductName = DNA
Version = 1.0.0.1
Vendor = BitTorrent, Inc.
Path = C:\Program Files\DNA\plugins\npbtdna.dll
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX Web Player
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Player Plugin
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
Version = 1.3
Vendor = Microsoft
ProductName = Microsoft Office Live Plug-in for Firefox
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8081.0709
Vendor = Microsoft
GeckoVersion = 1.7.2
Path = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Version = 6.0.12.449
Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.xpt
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
Version = 1.0.3.448
Vendor = RealNetworks
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
Version = 6.0.12.448
Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nsJSRealPlayerPlugin.xpt
Path = C:\Documents and Settings\Mehdi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
ProductName = Yahoo! BrowserPlus
Version = 2.4.21
Vendor = Yahoo! Inc.
------------[Plugins de recherche]
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] xeoocom.xml = http://www.xeoo.com
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
------------[Listing de dossiers]
[18/08/2009 12:49 | 23544 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[18/08/2009 12:49 | 137208 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[01/05/2009 22:02 | 1044480 bytes] C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[10/04/2007 17:21 | 163256 bytes] C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[04/09/2008 01:11 | 54600 bytes] C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[25/07/2009 05:23 | 411368 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[12/05/2009 19:46 | 1650992 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[18/05/2009 23:41 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[18/08/2009 12:49 | 65016 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 19:23 | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[27/02/2009 12:13 | 103792 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[02/11/2009 14:02 | 140864 bytes] C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[02/11/2009 14:02 | 8192 bytes] C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[02/11/2009 14:02 | 94208 bytes] C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[01/05/2009 22:02 | 200704 bytes] C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]
Internet Explorer : 8.0.6001.18702
L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKCU\..\Main.Start Page = Cache_TIMESTAMP REG_BINARY 224407CB2C56CA01
L1 = HKCU\..\Main.Start Page = Cache REG_SZ https://www.msn.com/fr-fr?ocid=iehp
L1 = HKCU\..\Main.Start Page = Cache AcceptLangs REG_SZ fr
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = Cache_TIMESTAMP REG_BINARY 224407CB2C56CA01
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = Cache REG_SZ https://www.msn.com/fr-fr?ocid=iehp
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = Cache AcceptLangs REG_SZ fr
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Toolbar.LinksFolderName = Liens
L2 = HKCU\..\Internet Settings.ProxyOverride = *.local
L2 = HKCU\..\Internet Connection Wizard.ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x040c
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
InPrivate = res://ieframe.dll/inprivate.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
--------[Browser Helper Object]
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=3.0
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=AcroIEHelperStub
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA},@SANS NOM=3.0
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231},@SANS NOM=3.0
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231},@SANS NOM=scriptproxy
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl
BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000},@SANS NOM=3.0
BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000},@SANS NOM=DAPIELoader Class
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}}],@DisplayName=WeFiBar Customized Web Search
[HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\..\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}],@DisplayName=Ask Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}}],@DisplayName=WeFiBar Customized Web Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}],@DisplayName=Ask Search
--------[Extensions]
@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
--------[Clé Run]
------------[Autres infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Autres rapports]
[06/12/2009 16:39] C:\Yoog_Fix\Logs\Rapport_06_12_2009_n1.txt - (Choix 1 : Recherche / Suppression)
-------------------------->>
Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_06_12_2009_1.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html
Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com
+--------------[Fin à 16h 39min]
ma page d'accueil sur fire fox et rediriger vers yoog search alors j'ai fait une analyse avec yoog_fx,
voici le rapport de yoog_fx
Yoog_Fix 3.0.1 de Batch_Man | Mehdi (Administrateur)
Debut a 16:35 le 06/12/2009
Microsoft Windows XP Professionnel(5.1.2600)
Intel(R) Pentium(R) M processor 1.60GHz
Ram : 1263,4 Mo
Normal boot
Antivirus: VirusScan Enterprise + AntiSpyware Enterprise 8.5.0.781 (Activated)
Lancé de "C:\Documents and Settings\Mehdi\Bureau\Yoog_Fix.bat"
C:\ [Fixed] - NTFS - (Total:15060 Mo/Free:3181 Mo)
D:\ [Fixed] - NTFS - (Total:23093 Mo/Free:2958 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
Z:\ [Network] (Total:8001 Mo/Free:489 Mo)
Option [1] 2 3 Recherche / Suppression
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]
SUPPRIME - C:\WINDOWS\System32\406c29cc-7e34-663e-290f-d7784ce31346.exe
SUPPRIME - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\406c29cc-7e34-663e-290f-d7784ce31346
SUPPRIME - HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
SUPPRIME - HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
SUPPRIME - prefs.js [Mehdi - id4ntbh5.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.startup.homepage", "http://www28.yoog.com/");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.search.selectedEngine", "Yoog Search");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("keyword.URL", "http://www28.yoog.com/search.php?q=");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaultenginename", "Yoog Search");
SUPPRIME - user.js [Mehdi - id4ntbh5.default] user_pref("browser.search.defaulturl", "http://www28.yoog.com/search.php?q=");
------------[Suspects]
Aucun fichier suspect trouvé
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse de Firefox]
------------[Analyse de Firefox]
Mozilla Firefox 3.5.2 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\id4ntbh5.default
------------[Extensions Firefox]
[Mehdi] {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} = FlashGot
[Mehdi] {20a82645-c095-46ed-80e3-08825760534b} = Microsoft .NET Framework Assistant
{20a82645-c095-46ed-80e3-08825760534b} = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
jqs@sun.com = C:\Program Files\Java\jre6\lib\deploy\jqs\ff
{ABDE892B-13A8-4d1b-88E6-365A6E755758} = C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext
------------[Mozilla Plugins]
Path = C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\WINDOWS\System32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe® Flash® Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.32.18
Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
ProductName = iTunes Application Detector
Version = 8.2.0.23
Vendor = Apple Inc.
ProductName = DNA
Version = 1.0.0.1
Vendor = BitTorrent, Inc.
Path = C:\Program Files\DNA\plugins\npbtdna.dll
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX Web Player
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0
Vendor = DivX,Inc.
ProductName = DivX® Player Plugin
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0
Path = C:\Program Files\Microsoft\Office Live\npOLW.dll
Version = 1.3
Vendor = Microsoft
ProductName = Microsoft Office Live Plug-in for Firefox
Path = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
GeckoVersion = 1.0
ProductName = Windows Live Photo Gallery
Version = 14.0.8081.0709
Vendor = Microsoft
GeckoVersion = 1.7.2
Path = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5
Path = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Version = 6.0.12.449
Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.xpt
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
Version = 1.0.3.448
Vendor = RealNetworks
Path = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
Version = 6.0.12.448
Vendor = RealNetworks
XPTPath = C:\Program Files\Real\RealPlayer\Netscape6\nsJSRealPlayerPlugin.xpt
Path = C:\Documents and Settings\Mehdi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
ProductName = Yahoo! BrowserPlus
Version = 2.4.21
Vendor = Yahoo! Inc.
------------[Plugins de recherche]
[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] xeoocom.xml = http://www.xeoo.com
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/
------------[Listing de dossiers]
[18/08/2009 12:49 | 23544 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[18/08/2009 12:49 | 137208 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[01/05/2009 22:02 | 1044480 bytes] C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[10/04/2007 17:21 | 163256 bytes] C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[04/09/2008 01:11 | 54600 bytes] C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[25/07/2009 05:23 | 411368 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[12/05/2009 19:46 | 1650992 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[18/05/2009 23:41 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[18/08/2009 12:49 | 65016 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[22/03/2007 19:23 | 17248 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[27/02/2009 12:13 | 103792 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[02/11/2009 14:02 | 140864 bytes] C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[02/11/2009 16:54 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[02/11/2009 14:02 | 8192 bytes] C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[02/11/2009 14:02 | 94208 bytes] C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[01/05/2009 22:02 | 200704 bytes] C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]
Internet Explorer : 8.0.6001.18702
L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKCU\..\Main.Start Page = Cache_TIMESTAMP REG_BINARY 224407CB2C56CA01
L1 = HKCU\..\Main.Start Page = Cache REG_SZ https://www.msn.com/fr-fr?ocid=iehp
L1 = HKCU\..\Main.Start Page = Cache AcceptLangs REG_SZ fr
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = https://www.google.fr/?gws_rd=ssl
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = Cache_TIMESTAMP REG_BINARY 224407CB2C56CA01
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = Cache REG_SZ https://www.msn.com/fr-fr?ocid=iehp
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Start Page = Cache AcceptLangs REG_SZ fr
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKU\S-1-5-21-1715567821-616249376-839522115-1003\..\Toolbar.LinksFolderName = Liens
L2 = HKCU\..\Internet Settings.ProxyOverride = *.local
L2 = HKCU\..\Internet Connection Wizard.ShellNext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=6.0&plcid=0x040c
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm
InPrivate = res://ieframe.dll/inprivate.htm
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
--------[Browser Helper Object]
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=3.0
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3},@SANS NOM=AcroIEHelperStub
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA},@SANS NOM=3.0
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231},@SANS NOM=3.0
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231},@SANS NOM=scriptproxy
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=3.0
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl
BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000},@SANS NOM=3.0
BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000},@SANS NOM=DAPIELoader Class
--------[SearchScopes]
[HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}}],@DisplayName=WeFiBar Customized Web Search
[HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\..\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}}],@DisplayName=Live Search
[HKEY_USERS\S-1-5-21-1715567821-616249376-839522115-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}],@DisplayName=Ask Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}}],@DisplayName=WeFiBar Customized Web Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BF823F84-501C-4A3A-8506-478A91D3D2F8}}],@DisplayName=Live Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}],@DisplayName=Ask Search
--------[Extensions]
@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16}
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
--------[Clé Run]
------------[Autres infections]
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»» [Autres rapports]
[06/12/2009 16:39] C:\Yoog_Fix\Logs\Rapport_06_12_2009_n1.txt - (Choix 1 : Recherche / Suppression)
-------------------------->>
Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_06_12_2009_1.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html
Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com
+--------------[Fin à 16h 39min]
A voir également:
- Infection yoog
- Infection virus ✓ - Forum Virus
- Infection Bloom ? ✓ - Forum Virus
- Techscam...infection ✓ - Forum Virus
- Infection ad.doubleclick.net ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
1 réponse
Bonjour
Fait ceci stp merci:
1- Télécharge et installe le logiciel HijackThis :
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
(Ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer.
Clic droit sous VISTA (exécuter en tant que…)
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).
Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit
@+
Fait ceci stp merci:
1- Télécharge et installe le logiciel HijackThis :
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html
-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
(Ne lance pas ce prg pour l'instant et fais la suite ... )
2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
-> http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer.
Clic droit sous VISTA (exécuter en tant que…)
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).
Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit
@+
