My browser opens on its own...
Solved
Eternall
Posted messages
154
Status
Member
-
zouhair -
zouhair -
Hello,
I recently reinstalled my PC, and since then, my browser opens automatically with an advertisement page. This happens with Internet Explorer, Mozilla Firefox, and Google Chrome.
I have just installed my system and its updates, a free antivirus (Avira AntiVir), and Google Chrome.
I scanned my computer using Spybot, Ad-Aware, and Malwarebytes, and deleted the issues they found, but it seems that did not solve the problem.
I am seeking your help before I have to consider reinstalling everything :)
Thank you
Configuration: Windows 7 / Safari 534.24
I recently reinstalled my PC, and since then, my browser opens automatically with an advertisement page. This happens with Internet Explorer, Mozilla Firefox, and Google Chrome.
I have just installed my system and its updates, a free antivirus (Avira AntiVir), and Google Chrome.
I scanned my computer using Spybot, Ad-Aware, and Malwarebytes, and deleted the issues they found, but it seems that did not solve the problem.
I am seeking your help before I have to consider reinstalling everything :)
Thank you
Configuration: Windows 7 / Safari 534.24
24 answers
- 1
- 2
Next
-
Hello,
* Download AD-Remover to your Desktop.
http://www.teamxscript.org/adremoverTelechargement.html
/!\ Close all running applications /!\
- Double-click on the Ad-remover icon on your Desktop.
- On the page, click the “search” button
- Confirm the scan launch
- Let the tool work.
- Post the report that appears at the end.
(The report is also saved under C:\Ad-report(Scan/clean).Txt)
(CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)
@
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Member, Contributor
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50:00, on 01/06/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\zouhair\Desktop\zik\hijackthis_telechargement_01net.exe
C:\Users\zouhair\AppData\Local\Temp\01net\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [autoupdater] C:\Users\zouhair\AppData\Roaming\PCTuto\PCTuto\autoupdater.exe -runonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [REVAService] C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\zouhair\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Statistiques d'Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www1.tellmemorecampus.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A99CDC1F-4EBC-422A-9053-B99A2181812F}: NameServer = 172.16.21.1,212.217.0.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: alfrescoMySQL - Unknown owner - C:\Alfresco1\mysql\bin\mysqld.exe
O23 - Service: alfrescoTomcat - Apache Software Foundation - C:\ALFRES~1\tomcat\bin\tomcat6.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
--
End of file - 8304 bytes
-
-
Hello, and thank you for this quick response!
Here is the report:
======= AD-REMOVER REPORT 2.0.0.2,G | WINDOWS XP/VISTA/7 ONLY =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 09:46:01 on 06/06/2011, Normal mode
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Mickael@MICKAEL-PC ( )
============== SEARCH ==============
Folder found: C:\Users\Mickael\AppData\Roaming\PCtuto
Folder found: C:\Users\Mickael\AppData\Local\PCTuto
Folder found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
Folder found: C:\Program Files\PCTuto
Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto
============== ADDITIONAL SCAN ==============
**** Google Chrome Version [11.0.696.77] ****
Extension\kincjchfokkeneeofpeefomkikfkiedl (C:\Program Files\Object\chromeaddon.crx) (x)
-- C:\Users\Mickael\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.fr/
Preferences - homepage_is_newtabpage: false
Plugin - Chrome NaCl (Enabled: false) (C:\Users\Mickael\AppData\Local\Google\Chrome\Application\11.0.696.77\ppGoogleNaClPluginChrome.dll)
Plugin - "Chrome NaCl" (Enabled: false)
========================================
**** Internet Explorer Version [9.0.8112.16421] ****
HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU_Main|Start Page - hxxp://www.google.fr/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)
C:\Ad-Report-SCAN[1].txt - 06/06/2011 09:46:28 (2386 Bytes)
End at: 09:46:56, 06/06/2011
============== E.O.F ============== -
Re, here is the report for step 1:
======= AD-REMOVER REPORT 2.0.0.2,G | WINDOWS ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Website: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 10:03:19 on 06/06/2011, Normal mode
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Mickael@MICKAEL-PC ( )
============== ACTION(S) ==============
Folder deleted: C:\Users\Mickael\AppData\Roaming\PCtuto
Folder deleted: C:\Users\Mickael\AppData\Local\PCTuto
Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
Folder deleted: C:\Program Files\PCTuto
(!) -- Temporary files deleted.
Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto
============== ADDITIONAL SCAN ==============
**** Google Chrome Version [11.0.696.77] ****
Extension\kincjchfokkeneeofpeefomkikfkiedl (C:\Program Files\Object\chromeaddon.crx) (x)
-- C:\Users\Mickael\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.fr/
Preferences - homepage_is_newtabpage: false
Plugin - Chrome NaCl (Enabled: false) (C:\Users\Mickael\AppData\Local\Google\Chrome\Application\11.0.696.77\ppGoogleNaClPluginChrome.dll)
Plugin - "Chrome NaCl" (Enabled: false)
========================================
**** Internet Explorer Version [9.0.8112.16421] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
========================================
C:\Program Files\Ad-Remover\Quarantine: 21 File(s)
C:\Program Files\Ad-Remover\Backup: 15 File(s)
C:\Ad-Report-CLEAN[1].txt - 06/06/2011 10:03:22 (2689 Bytes)
C:\Ad-Report-SCAN[1].txt - 06/06/2011 09:46:28 (2524 Bytes)
Finished at: 10:05:28, 06/06/2011
============== E.O.F ==============
I'll be back in a moment for step 2 .... -
And here is the link to the second report:
https://pjjoint.malekal.com/files.php?id=5ce000e04b7510
Thank you, -
O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM] -- PCTuto_is1 => Infection BT (Spyware.AgenceExclusive)
O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM] -- PCTuto Avast_is1 => Infection BT (Spyware.AgenceExclusive)
O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM] -- UpdatePCTuto_is1 => Infection BT (Spyware.AgenceExclusive)
[HKCU\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
[HKLM\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
[HKCU\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
[HKLM\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1]
FirewallRAZ
EmptyTemp
EmptyFlash
-
Re,
Here is the report for the first part;
ZHPFix Report 1.12.330 by Nicolas Coolman, Update of 06/05/2011
Registry Export File: C:\ZHPExportRegistry-06-06-2011-20-40-45.txt
Run by Mickael at 06/06/2011 20:40:45
Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
Website: http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Software(s) ==========
ABSENT Uninstall Process: c:\program files\pctuto\unins000.exe
ABSENT Uninstall Process: c:\program files\pctuto\unins001.exe
ABSENT Uninstall Process: c:\users\mickael\appdata\roaming\pctuto\updatepctuto\unins000.exe
========== Registry Key(s) ==========
DELETE [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto_is1]
DELETE [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1]
DELETE [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1]
DELETE HKCU\Software\PCTuto
DELETE HKLM\Software\PCTuto
ABSENT HKCU\Software\PCTuto
ABSENT HKLM\Software\PCTuto
ABSENT HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1
ABSENT HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1
ABSENT HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1
========== Registry Value(s) ==========
ABSENT Standard Profile Value: FirewallRaz :
ABSENT Domain Profile Value: FirewallRaz :
========== Folder(s) ==========
DELETE Windows Temp: : 19
DELETE Flash Cookies: 17
========== File(s) ==========
DELETE Windows Temp: : 59
DELETE Flash Cookies: 6
========== Summary ==========
10: Registry Key(s)
2: Registry Value(s)
2: Folder(s)
2: File(s)
3: Software(s)
End of the scan
I will post the rest in a few minutes. -
Re, and here is the continuation:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 6788
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
06/06/2011 23:12:50
mbam-log-2011-06-06 (23-12-48).txt
Scan type: Full scan (C:\|D:\|F:\|)
Item(s) scanned: 491872
Elapsed time: 2 hour(s), 25 minute(s), 12 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected registry key(s): 0
Infected registry value(s): 0
Infected registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful item detected)
Infected memory module(s):
(No harmful item detected)
Infected registry key(s):
(No harmful item detected)
Infected registry value(s):
(No harmful item detected)
Infected registry data item(s):
(No harmful item detected)
Infected folder(s):
(No harmful item detected)
Infected file(s):
(No harmful item detected) -
Here it is, it's late, I'm going to bed. I wanted to point out that since your intervention and the manipulations you made me do, I haven't had a single webpage open.
I look forward to seeing your response, but I already thank you for all the help you have given me :) -
Hello,
You're welcome :)
Please prepare a new ZHPDiag report to continue...
See you later
--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Member, Contributor
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -
-
Re,
1/
I advise you to uninstall: Ad-Aware, it's useless!
2/
How's your PC?
Do you have any other issues?
@+
--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Member, Contributor
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -
Here, I have uninstalled Ad-Aware :)
Can I uninstall the programs ZHPDiag and MBRcheck?
Thank you :) -
Hi,
We'll take care of everything, but first tell me if you have any issues?
See you soon
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Member, Contributor
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -
Well, everything seems to be working fine now :)
I haven't had the browser opening on its own even once. So everything is great :) -
Re,
To finish:
1/
IMPORTANT
Purge the system restore points:
Download OneClick2RestorePoint
http://www.multifa7.be/Laddy/OneClick2RP.exe
Mirrors if not accessible:
http://batchdhelus.open-web.fr/Laddy/OneClick2RP.exe
https://app.box.com/s/cqcsz5m0oz
* Double-click on OneClick2RP to run it (Right-click choose Run as administrator under Vista/Seven)
* Click on the "Purge" button, the Windows cleaning tool will open
* Choose your main hard drive in general (C:\) ... Wait during the scan...
* Go to the "Other options" tab
* In the system restore section, click on the clean button and then on the Delete button.
* The system restore points will be purged except for the last one created.
Then with the same tool
Create a new recognizable restore point
Help HERE
2/
Download DelFix to your desktop.
* Launch it, type removal then validate
Wait during the scan until the report opens.
* Copy/Paste the content of the report into your next reply.
Note: The report is also located under C:\DelFix.txt
You can uninstall it
3/
Java Update
* You can check your Java Console:
Install the new version if needed (in this case uninstall the old version first).
Here’s how to uninstall:
JavaRa
Unzip the file on the Desktop (Right-click > Extract all).
* Double-click (right-click "as administrator" for Vista) on the JavaRa directory.
* Then double-click on the JavaRa.exe file (the exe may not be displayed).
* Choose French then click on Select.
* Click on Check for updates.
* Select Update via jucheck.exe then click on Search.
* Allow the process to connect if prompted, click on Install and follow the installation instructions which take a few minutes.
* The installation is complete, return to the JavaRa screen and click on Remove old versions.
* Click Yes to confirm. Let it work and then click OK, then OK again.
* A report will open. Post it in your next reply.
* Close the application.
Note: the report can also be found in C:\ under the name JavaRa.log.
4/
Download and install:
CCleaner Slim version
* Launch it. (Right-click "as administrator" for Vista and Seven) Go to Options then
Advanced and uncheck the box Clear only files etc....
* Go to Cleaner, choose Analyze. Once done, start the cleaning.
* Then choose Registry, then Search for issues. Once done, fix
all errors as many times as found during the scan.
**************** Help HERE ******************
You can use CCleaner once a week
5/
Download updatechecker to inform you of outdated software and also allow you to perform these updates
Make sure to update Adobe Reader
6/
You can also keep Malwarebytes and use it once a week.
7/
I recommend using the Firefox browser and installing the add-ons
WOT to indicate suspicious files and Adblock Plus to block ads...
8/
A bit of reading:
* The dangers of Peer-To-Peer, Emule etc..
* How to Secure your Computer...
I await the reports ...
--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Member, Contributor
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* -
Alright, I'll get started on all of this in the evening as soon as I get back, and I'll keep track of my progress as I go.
See you later :) -
Step 1: completed
Step 2:
# DelFix v8.0 - Report created on 07/06/2011 at 18:47
# Updated on 01/06/11 at 1:00 PM by Xplode
# Operating system: Windows 7 Ultimate (32 bits) [version 6.1.7601] Service Pack 1
# Username: Mickael - MICKAEL-PC (Administrator)
# Executed from: C:\Users\Mickael\Desktop\delfix.exe
# Option [Removal]
~~~~~~ Folder(s) ~~~~~~
Deleted: C:\Program Files\Ad-Remover
Deleted: C:\Program Files\ZHPDiag
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
~~~~~~ File(s) ~~~~~~
Deleted: C:\Ad-Report-CLEAN[1].txt
Deleted: C:\Ad-Report-SCAN[1].txt
Deleted: C:\PhysicalDisk0_MBR.bin
Deleted: C:\ZHPExportRegistry-06-06-2011-20-40-45.txt
Deleted: C:\Users\Mickael\Desktop\OneClick2RP.exe
~~~~~~ Registry ~~~~~~
Key Deleted: HKCU\SOFTWARE\Ad-Remover
Key Deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Key Deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~~~~~~ Other ~~~~~~
-> Prefetch cleared
########## EOF - "C:\DelFixSuppr.txt" - [1154 bytes] ########## -
Step 3:
When deleting the old versions, it fails to create the report.
A txt file opens but it is empty. -
Step 4: completed
Step 5: Update checker does not seem to start.
Step 6: Ok
Step 7: Do I need to uninstall Google Chrome? Is it worse than Firefox?
Step 8: OK :)
I’m waiting for your response to see if everything is good. -
Re,
1/
For step 3, click HERE to install the latest version of Java (Java 6 Update 26).
Uninstall all lower versions.
2/
For step 5
Install Adobe Reader here, and also uninstall the lower versions.
3/
Step 7
You can keep Google Chrome, but Firefox is recommended with these add-ons.
@+
--
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Member, Contributor
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
- 1
- 2
Next