Mon pc rame suite à une infection de YACFermé

Question

Bonsoir, récemment le logiciel YAC s'est installé sur mon ordi. J'ai pu le supprimer via le mode sans échec, et si je me fie à ce que je vois, il a actuellement disparu de mon ordi. Or, depuis que ce logiciel s'est installé, mon ordi rame, plusieurs minutes pour afficher une page et 90% du temps il y a "erreur réseau, la page n'a pas pu se charger", sachant qu'avant cette auto installation de YAC, mon ordi était nickel.

Du coup vous auriez des solutions ? Merci à vous

Malekal_morte- · Answer

Salut,

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site pjjoint et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.

Kazuko. · Answer

D'accord alors voici les liens pour les rapports :

https://pjjoint.malekal.com/files.php?read=20141206_k11u9y15m14t15
https://pjjoint.malekal.com/files.php?read=20141206_9s9p5s9w5
https://pjjoint.malekal.com/files.php?read=20141206_t7t1514x11j5

Malekal_morte- · Answer

Voici la correction à effectuer avec FRST. Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK. Copie/colle dedans ce qui suit : HKLM-x32\...\Run: [PennyBee] => C:\Program Files (x86)\PennyBee\PennyBeeW.exe HKU\S-1-5-21-717619380-2185781436-2511409447-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:56774;https=127.0.0.1:56774 [Attention - Possible Proxy Malicieux] ProxyServer: [S-1-5-21-717619380-2185781436-2511409447-1006] => 127.0.0.1:8080 [Pays US - 127.0.0.1] SearchScopes: HKU\S-1-5-21-717619380-2185781436-2511409447-1006 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: RoBoSaver -> {1DA4F277-CF22-1445-5876-4012E7F27641} -> C:\ProgramData\RoBoSaver\3wa.x64.dll No File BHO: YoutubeAdblocker -> {8C9267B1-2495-763C-0568-411519C79C7A} -> C:\Program Files (x86)\YoutubeAdblocker\IJ.x64.dll No File BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO: BlocckTheAdApp -> {BB5D7E13-B711-0525-5737-2020A78997CE} -> C:\ProgramData\BlocckTheAdApp\9vODq.x64.dll No File BHO: SiaveeNeWaApepz -> {C006F281-E9E2-88E1-1D7C-9276798E1246} -> C:\ProgramData\SiaveeNeWaApepz\IkL.x64.dll No File FF Extension: SearchNewTab - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\k1uvulxcg@ua-tk.org [2014-02-17] FF Extension: BlocckTheAdApp - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\lh1mha@aoyymq.co.uk [2014-02-17] FF Extension: FD_Plugin - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\jid0-5zkqw0l5jBWPCHzR9mnB6h7y1tU@jetpack.xpi [2013 FF Extension: No Name - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\extensions\faststartff@gmail.com [Not Found] CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> CD9356FDE92222AAA2A90CBA9415BDD6D410EFA7B0AF5F067FA7274FDBFC3649 CHR StartupUrls: Default -> hxxp://www.only-search.com/?babsrc=HP_ss&mntrId=1844889FFA1CDF32&affID=129489&tsp=5431 [Pays US - 198.20.96.164] S2 fc67e7a0; C:\Windows\system32\rundll32.exe c:\Program Files (x86)\DeltaFix\DeltaFix.dll,serv 2014-12-03 22:55 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2014-12-03 19:31 - 2014-12-06 11:15 - 00000522 ____H () C:\Windows\Tasks\LonghandStable-S-3793195989.job 2014-12-03 19:31 - 2014-12-06 11:15 - 00000518 ____H () C:\Windows\Tasks\SoftwareAssister-S-1752340467.job 2014-12-03 19:31 - 2014-12-03 19:31 - 00002768 _____ () C:\Windows\System32\Tasks\LonghandStable-S-3793195989 2014-12-03 19:31 - 2014-12-03 19:31 - 00002764 _____ () C:\Windows\System32\Tasks\SoftwareAssister-S-1752340467 2014-12-03 19:29 - 2014-12-03 19:29 - 00000000 ____D () C:\ProgramData\hdnfipblamdojbgokncoedbnkiogeefd 2014-12-03 19:29 - 2014-12-03 19:29 - 00000000 ____D () C:\ProgramData\addkglafffipihifihengjejacfcblee 2014-11-25 07:46 - 2014-11-25 07:46 - 00003286 _____ () C:\Windows\System32\Tasks\fVS2Y2TAOL9hkml 2014-11-25 07:46 - 2014-11-25 07:46 - 00003246 _____ () C:\Windows\System32\Tasks\64SSagZjCorpYuD 2014-11-25 07:46 - 2014-11-25 07:46 - 00003244 _____ () C:\Windows\System32\Tasks\RUTSPXSwGAgZqCm 2014-11-25 07:46 - 2014-11-25 07:46 - 00000000 ____D () C:\Users\Suigetsu\AppData\Roaming\F3uDPlE 2014-11-25 07:46 - 2014-11-25 07:46 - 00000000 ____D () C:\Users\Suigetsu\AppData\Roaming\5wwVYIG 2014-11-25 07:46 - 2014-11-25 07:46 - 00000000 ____D () C:\Users\Suigetsu\AppData\Roaming\1g61GtV 2014-12-06 11:15 - 2014-01-17 23:48 - 00000450 ____H () C:\Windows\Tasks\GBUpdate-S-663939348.job Une fois, le texte coller dans le bloc-note. Menu Fichier puis Enregistrer sous. A gauche, place toi sur le bureau. Dans le champs en bas, nom du fichier mets : fixlist.txt Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau. Relance FRST et clic sur le bouton Fix Selon comment un redémarrage est nécessaire (pas obligatoire). Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Kazuko. · Answer

Alors voici le contenu : Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014 Ran by Suigetsu at 2014-12-06 12:18:11 Run:1 Running from C:\Users\Suigetsu\Desktop Loaded Profiles: Suigetsu & (Available profiles: Suigetsu) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [PennyBee] => C:\Program Files (x86)\PennyBee\PennyBeeW.exe HKU\S-1-5-21-717619380-2185781436-2511409447-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:56774;https=127.0.0.1:56774 [Attention - Possible Proxy Malicieux] ProxyServer: [S-1-5-21-717619380-2185781436-2511409447-1006] => 127.0.0.1:8080 [Pays US - 127.0.0.1] SearchScopes: HKU\S-1-5-21-717619380-2185781436-2511409447-1006 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: RoBoSaver -> {1DA4F277-CF22-1445-5876-4012E7F27641} -> C:\ProgramData\RoBoSaver\3wa.x64.dll No File BHO: YoutubeAdblocker -> {8C9267B1-2495-763C-0568-411519C79C7A} -> C:\Program Files (x86)\YoutubeAdblocker\IJ.x64.dll No File BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File BHO: BlocckTheAdApp -> {BB5D7E13-B711-0525-5737-2020A78997CE} -> C:\ProgramData\BlocckTheAdApp\9vODq.x64.dll No File BHO: SiaveeNeWaApepz -> {C006F281-E9E2-88E1-1D7C-9276798E1246} -> C:\ProgramData\SiaveeNeWaApepz\IkL.x64.dll No File FF Extension: SearchNewTab - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\k1uvulxcg@ua-tk.org [2014-02-17] FF Extension: BlocckTheAdApp - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\lh1mha@aoyymq.co.uk [2014-02-17] FF Extension: FD_Plugin - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\jid0-5zkqw0l5jBWPCHzR9mnB6h7y1tU@jetpack.xpi [2013 FF Extension: No Name - C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\extensions\faststartff@gmail.com [Not Found] CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> CD9356FDE92222AAA2A90CBA9415BDD6D410EFA7B0AF5F067FA7274FDBFC3649 CHR StartupUrls: Default -> hxxp://www.only-search.com/?babsrc=HP_ss&mntrId=1844889FFA1CDF32&affID=129489&tsp=5431 [Pays US - 198.20.96.164] S2 fc67e7a0; C:\Windows\system32 undll32.exe c:\Program Files (x86)\DeltaFix\DeltaFix.dll,serv 2014-12-03 22:55 - 2014-11-03 10:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2014-12-03 19:31 - 2014-12-06 11:15 - 00000522 ____H () C:\Windows\Tasks\LonghandStable-S-3793195989.job 2014-12-03 19:31 - 2014-12-06 11:15 - 00000518 ____H () C:\Windows\Tasks\SoftwareAssister-S-1752340467.job 2014-12-03 19:31 - 2014-12-03 19:31 - 00002768 _____ () C:\Windows\System32\Tasks\LonghandStable-S-3793195989 2014-12-03 19:31 - 2014-12-03 19:31 - 00002764 _____ () C:\Windows\System32\Tasks\SoftwareAssister-S-1752340467 2014-12-03 19:29 - 2014-12-03 19:29 - 00000000 ____D () C:\ProgramData\hdnfipblamdojbgokncoedbnkiogeefd 2014-12-03 19:29 - 2014-12-03 19:29 - 00000000 ____D () C:\ProgramData\addkglafffipihifihengjejacfcblee 2014-11-25 07:46 - 2014-11-25 07:46 - 00003286 _____ () C:\Windows\System32\Tasks\fVS2Y2TAOL9hkml 2014-11-25 07:46 - 2014-11-25 07:46 - 00003246 _____ () C:\Windows\System32\Tasks\64SSagZjCorpYuD 2014-11-25 07:46 - 2014-11-25 07:46 - 00003244 _____ () C:\Windows\System32\Tasks\RUTSPXSwGAgZqCm 2014-11-25 07:46 - 2014-11-25 07:46 - 00000000 ____D () C:\Users\Suigetsu\AppData\Roaming\F3uDPlE 2014-11-25 07:46 - 2014-11-25 07:46 - 00000000 ____D () C:\Users\Suigetsu\AppData\Roaming\5wwVYIG 2014-11-25 07:46 - 2014-11-25 07:46 - 00000000 ____D () C:\Users\Suigetsu\AppData\Roaming\1g61GtV 2014-12-06 11:15 - 2014-01-17 23:48 - 00000450 ____H () C:\Windows\Tasks\GBUpdate-S-663939348.job ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\PennyBee => value deleted successfully. "HKU\S-1-5-21-717619380-2185781436-2511409447-1006\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable => value deleted successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer => value deleted successfully. HKU\S-1-5-21-717619380-2185781436-2511409447-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer => value deleted successfully. HKU\S-1-5-21-717619380-2185781436-2511409447-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DA4F277-CF22-1445-5876-4012E7F27641}" => Key deleted successfully. "HKCR\CLSID\{1DA4F277-CF22-1445-5876-4012E7F27641}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C9267B1-2495-763C-0568-411519C79C7A}" => Key deleted successfully. "HKCR\CLSID\{8C9267B1-2495-763C-0568-411519C79C7A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully. "HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB5D7E13-B711-0525-5737-2020A78997CE}" => Key deleted successfully. "HKCR\CLSID\{BB5D7E13-B711-0525-5737-2020A78997CE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C006F281-E9E2-88E1-1D7C-9276798E1246}" => Key deleted successfully. "HKCR\CLSID\{C006F281-E9E2-88E1-1D7C-9276798E1246}" => Key deleted successfully. C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\k1uvulxcg@ua-tk.org => Moved successfully. C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\lh1mha@aoyymq.co.uk => Moved successfully. C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\Extensions\jid0-5zkqw0l5jBWPCHzR9mnB6h7y1tU@jetpack.xpi => Moved successfully. C:\Users\Suigetsu\AppData\Roaming\Mozilla\Firefox\Profiles\sow57v0r.default\extensions\faststartff@gmail.com not found. CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry. Chrome HomePage deleted successfully. Chrome StartupUrls not detected. fc67e7a0 => Service deleted successfully. C:\Windows\system32\Drivers\iSafeNetFilter.sys => Moved successfully. C:\Windows\Tasks\LonghandStable-S-3793195989.job => Moved successfully. C:\Windows\Tasks\SoftwareAssister-S-1752340467.job => Moved successfully. C:\Windows\System32\Tasks\LonghandStable-S-3793195989 => Moved successfully. C:\Windows\System32\Tasks\SoftwareAssister-S-1752340467 => Moved successfully. C:\ProgramData\hdnfipblamdojbgokncoedbnkiogeefd => Moved successfully. C:\ProgramData\addkglafffipihifihengjejacfcblee => Moved successfully. C:\Windows\System32\Tasks\fVS2Y2TAOL9hkml => Moved successfully. C:\Windows\System32\Tasks\64SSagZjCorpYuD => Moved successfully. C:\Windows\System32\Tasks\RUTSPXSwGAgZqCm => Moved successfully. C:\Users\Suigetsu\AppData\Roaming\F3uDPlE => Moved successfully. C:\Users\Suigetsu\AppData\Roaming\5wwVYIG => Moved successfully. C:\Users\Suigetsu\AppData\Roaming\1g61GtV => Moved successfully. C:\Windows\Tasks\GBUpdate-S-663939348.job => Moved successfully. ==== End of Fixlog ====

Malekal_morte- · Answer

Si yac est encore là, tente la première étape de cette astuce : https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc

Kazuko. · Answer

En fait, YAC n'est pas présent dans mon ordi (enfin sur le disque dûr) mais par contre, une icône est toujours présente, donc j'avoue que je ne comprends pas 

http://img11.hostingpics.net/pics/185454Sanstitre.png

Malekal_morte- · Answer

iSafe a bien l'air d'avoir sauté.

Désinstalle Spybot,


Fais un checkdisk - paragraphe "Erreurs disque / Problème disque dur" 
=> https://forum.malekal.com/viewtopic.php?t=44006&start=

Kazuko. · Answer

Je sais pas si ça peut jouer, mais mon disque dur est à 975/984 Go. Enfin il est rempli autant depuis déjà longtemps et je n'ai eu aucun problème jusqu'à il y a quelques jours

Mon pc rame suite à une infection de YAC

8 réponses

Newsletters