Répondre à : Demande d’analyse 2016-09-08T12:57:45+00:00
Photo du profil de Esteban RandoEsteban Rando
Participant
Nombre d'articles : 12

adw:http://cjoint.com/?CCEstlD5oVn

Mon premier fix de zhp diag : [MD5.506708142BC63DABA64F2D3AD1DCD5BF] – (.Google Inc. – Programme d’installation de Google.) — C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [116648] [PID.3376]
R0 – HKCUSOFTWAREClassesSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.chatzum.com” onclick=”window.open(this.href);return false; => Toolbar.Agent
O4 – HKCU..Run: [Steam] . (.Valve Corporation – Steam.) — C:Program Files (x86)Steamsteam.exe => Valve/GameSpy Industries%Steam
O4 – HKUSS-1-5-21-1869064902-2026740602-366681729-1003-1869064902-2026740602-366681729-1001..Run: [Steam] . (.Valve Corporation – Steam.) — C:Program Files (x86)Steamsteam.exe => Valve/GameSpy Industries%Steam
O4 – Global Startup: C:UsersmanuDesktopAssassin’s Creed III.lnk – Clé orpheline => Orphean Key not necessary
O4 – Global Startup: C:UsersmanuDesktopCrysis® 2 – Raccourci.lnk – Clé orpheline => Orphean Key not necessary
O4 – Global Startup: C:UsersmanuDesktopexecuter.lnk – Clé orpheline => Orphean Key not necessary
O4 – Global Startup: C:UsersmanuAppDataRoamingMicrosoftInternet ExplorerQuick LaunchIncrediMail 2.0.lnk . (.IncrediMail, Ltd..) — C:Program Files (x86)IncrediMailBinIncMail.exe
O4 – Global Startup: C:UsersmanuAppDataRoamingMicrosoftInternet ExplorerQuick LaunchµTorrent.lnk . (.BitTorrent, Inc..) — C:Program Files (x86)uTorrentuTorrent.exe => P2P.BitTorrent*
O39 – APT:Automatic Planified Task – C:WindowsTasksGoogleUpdateTaskMachineCore.job => Google Update Task User*
O39 – APT:Automatic Planified Task – C:WindowsTasksGoogleUpdateTaskMachineUA.job => Google Update Task User*
[MD5.00000000000000000000000000000000] [APT] [4614] (…) — C:UsersmanuAppDataLocalTemplaunchie.vbs \B (.not file.) => Fichier absent [MD5.88155D3D23CA8A1DFB1F45EE3E4C8DF8] [APT] [{11D7B7C5-4D74-4824-BEAA-1B80C90916D4}] (.BitTorrent, Inc..) — C:Program Files (x86)uTorrentuTorrent.exe => P2P.BitTorrent* [MD5.00000000000000000000000000000000] [APT] [{29106313-967F-443C-9781-4FF46F993943}] (…) — C:UsersmanuAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE54XNHVMHNblazing_angels_2_1.01.exe (.not file.) => Microsoft Internet Explorer Fichiers Temporaires
[MD5.00000000000000000000000000000000] [APT] [{36677D77-53D0-46D1-8743-D93622EF8B3F}] (…) — C:UsersmanuDesktoptranslateclient51546.exe (.not file.) => Fichier absent [MD5.00000000000000000000000000000000] [APT] [{66003127-CF1C-43D5-96A3-7A8989CFBBDD}] (…) — C:UsersmanuDesktopHexDecCharEditor.exe (.not file.) => Fichier absent [MD5.00000000000000000000000000000000] [APT] [{77FAEE98-FEA7-418D-B726-40B49F1D213D}] (…) — C:UsersmanuAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5VIUNNID5Babylon9_setup.exe (.not file.) => Microsoft Internet Explorer Fichiers Temporaires
[MD5.00000000000000000000000000000000] [APT] [{A111517B-5058-45D8-8602-24BD2C333AC7}] (…) — C:UsersmanuDesktopSystem.Mechanic.Pro.v7.5.10.5.MultilanguageSystemMechanic7Pro.exe (.not file.) => Fichier absent
O42 – Logiciel: IncrediMail – (.IncrediMail.) [HKLM][64Bits] — {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 – Logiciel: IncrediMail 2.0 – (.IncrediMail Ltd..) [HKLM][64Bits] — IncrediMail
O42 – Logiciel: µTorrent – (.BitTorrent Inc..)
[HKLM][64Bits] — uTorrent => P2P.BitTorrent*
[HKCUSoftwareAppDataLowSoftwareuTorrentBar_FR] => P2P.µTorrent*
[HKCUSoftwareBitTorrent] => P2P.BitTorrent*
[HKCUSoftwareIncrediMail] => IncrediMail [HKCUSoftwareSave Tube Video] => Infection BT (Adware.SkyLab)
O43 – CFD: 26/06/2012 – 10:45:56 – [26,457] —-D C:Program Files (x86)IncrediMail => IncrediMail
O43 – CFD: 30/12/2012 – 15:19:33 – [0,337] —-D C:Program Files (x86)SProtector => Infection PUP (PUP.AdvancedSystemProtector)
O43 – CFD: 12/12/2012 – 17:44:49 – [0,924] —-D C:Program Files (x86)uTorrent => P2P.µTorrent*
O43 – CFD: 26/06/2012 – 10:14:54 – [0,000] —-D C:ProgramDataIM => Messaging.IncrediMail
O43 – CFD: 30/10/2012 – 22:13:27 – [6,512] —-D C:ProgramDataIncrediMail => IncrediMail
O43 – CFD: 30/12/2012 – 15:19:34 – [0,004] —-D C:ProgramDataOptimizerPro1 => Infection PUP (PUP.OptimizerPro)
O43 – CFD: 15/12/2012 – 12:13:21 – [0,076] —-D C:ProgramDataSpybot – Search & Destroy => Spybot – Search & Destroy
O43 – CFD: 6/10/2012 – 15:25:09 – [0] -SH-D C:ProgramData{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} => Toolbar.TuneUp
O43 – CFD: 21/12/2012 – 20:50:58 – [5,261] —-D C:UsersmanuAppDataRoaminguTorrent => P2P.µTorrent*
O43 – CFD: 24/11/2012 – 19:38:08 – [0] —-D C:UsersmanuAppDataLocalESN => Empty Folder not necessary
O43 – CFD: 26/06/2012 – 12:07:20 – [53,769] —-D C:UsersmanuAppDataLocalIM => Messaging.IncrediMail
O44 – LFC:[MD5.81B50E6C08FAB980C9AA8408168790E7] – 1/01/2013 – 12:32:59 —A- . (…) — C:AdwCleaner[S10].txt [2227] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.99A196925F5724D05571FF8FB6BBA6B4] – 1/01/2013 – 12:35:39 —A- . (…) — C:AdwCleaner[R13].txt [2174] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.E74E828FFDC3DCA04B73AEF4577F0FE3] – 1/01/2013 – 12:36:09 —A- . (…) — C:AdwCleaner[R14].txt [2235] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.8E7B34FCA9C5EE7650F735658CFAA88D] – 1/01/2013 – 12:36:16 —A- . (…) — C:AdwCleaner[S11].txt [2298] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.3E66A5E3DBA1418901CB03BA18C952AE] – 31/12/2012 – 19:08:30 —A- . (…) — C:AdwCleaner[S9].txt [2402] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.46B5F5842D427C8B3733C9168EF17079] – 31/12/2012 – 19:08:15 —A- . (…) — C:AdwCleaner[R12].txt [2336] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.7033851818E0875C50B5308F70F05A89] – 31/12/2012 – 14:13:18 —A- . (…) — C:AdwCleaner[R11].txt [2275] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.DF305F4FA0DA7712DC255E5DB3005196] – 31/12/2012 – 14:10:34 —A- . (…) — C:AdwCleaner[R10].txt [2214] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.A659FEC0200E8815E52AB66E5687F8D8] – 31/12/2012 – 14:08:31 —A- . (…) — C:AdwCleaner[R9].txt [2152] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.E119C02BA11D726FFC622EB49C8EA630] – 26/12/2012 – 22:33:22 —A- . (…) — C:AdwCleaner[R8].txt [1734] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.B9ACA6541B22C0D4E432541EB40CEB01] – 26/12/2012 – 22:33:09 —A- . (…) — C:AdwCleaner[R7].txt [1674] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.B1D26638F2722161959D0E21E2BA4524] – 26/12/2012 – 22:31:18 —A- . (…) — C:AdwCleaner[S6].txt [2282] => XPlode – AdwCleaner Tool O44 – LFC:[MD5.744F6EECE9C6C0F42F1BA548DFFC9F8C] – 26/12/2012 – 22:31:04 —A- . (…) — C:AdwCleaner[R6].txt [2113] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.F9CAD4E6F530C443AE90924ECFA2E42B] – 22/12/2012 – 16:39:09 —A- . (…) — C:AdwCleaner[R5].txt [1505] => XPlode – AdwCleaner Tool
O44 – LFC:[MD5.66F29DCB6768ED409D4814C92EDF6D2A] – 22/12/2012 – 16:37:19 —A- . (…) — C:AdwCleaner[R4].txt [2124] => XPlode – AdwCleaner Tool
O49 – CSB:Control Safe Boot HKLM…CCSMinimal12037181.sys . (…) — C:WindowsSystem32Drivers12037181.sys (.not file.) => Fichier absent
O49 – CSB:Control Safe Boot HKLM…CCSMinimal56880824.sys . (…) — C:WindowsSystem32Drivers56880824.sys (.not file.) => Fichier absent
O49 – CSB:Control Safe Boot HKLM…CCSNetwork12037181.sys . (…) — C:WindowsSystem32Drivers12037181.sys (.not file.) => Fichier absent
O49 – CSB:Control Safe Boot HKLM…CCSNetwork56880824.sys . (…) — C:WindowsSystem32Drivers56880824.sys (.not file.) => Fichier absent
O51 – MPSK:{90c5fe03-e85b-11e1-a6d2-4061862e4ea7}AutoRuncommand – Clé orpheline => Orphean Key not necessary
O51 – MPSK:{b0e2e25e-ebc1-11e1-9ea1-4061862e4ea7}AutoRuncommand – Clé orpheline => Orphean Key not necessary
O61 – LFC:Last File Created 30/12/2012 – 19:07:18 —A- C:UsersmanuAppDataRoamingMalwarebytesMalwarebytes’ Anti-MalwareLogsmbam-log-2012-12-30 (18-50-06).txt [2218] => Rubber DuckY MBAM logs
O61 – LFC:Last File Created 31/12/2012 – 14:05:33 —A- C:UsersmanuAppDataRoamingMalwarebytesMalwarebytes’ Anti-MalwareLogsmbam-log-2012-12-31 (12-56-04).txt [2242] => Rubber DuckY MBAM logs
O61 – LFC:Last File Created 31/12/2012 – 16:01:31 —A- C:UsersmanuAppDataRoamingMalwarebytesMalwarebytes’ Anti-MalwareLogsmbam-log-2012-12-31 (16-01-15).txt [2212] => Rubber DuckY MBAM logs
O61 – LFC:Last File Created 31/12/2012 – 20:48:04 —A- C:UsersmanuAppDataRoamingMalwarebytesMalwarebytes’ Anti-MalwareLogsmbam-log-2012-12-31 (20-19-16).txt [2174] => Rubber DuckY MBAM logs
O87 – FAEL: “{FEA713B9-3BBA-4E12-A67B-D5FDEED486FE}” | In – None – P6 – TRUE | .(.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe => P2P.BitTorrent*
O87 – FAEL: “{FAED8459-0095-468F-97A2-45DEBFFEBE43}” | In – None – P17 – TRUE | .(.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe => P2P.BitTorrent*
O87 – FAEL: “{8FE8E75E-878B-4DAE-9BC6-0B9FFD0B7AE8}” | In – Private – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program Files (x86)IncrediMailBinIncMail.exe
O87 – FAEL: “{51A098A7-8C1E-4D07-9D8B-7F2768108EB2}” | In – Private – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program Files (x86)IncrediMailBinIncMail.exe [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D6533F74-218B-41BE-9D91-5BD471FECFFD}] => Toolbar.Conduit [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregDataMngr] => Infection PUP (PUP.BearShare)* [HKCUSoftwareSave Tube Video] => Infection BT (Adware.SkyLab) [HKCUSoftwareAppDataLowSoftwareuTorrentBar_FR] => P2P.µTorrent*
EmptyCLSID
Emptytemp
EmptyFlash

Mon deuxieme avec un proxy trouvé:O61 – LFC: 26/02/2013 – 21:59:37 —A- C:UsersmanuAppDataLocalTempHomePage22find.exe [744837] => Infection BT (Hijacker.22find)*
[MD5.5116DB8B204EB3B2FBDDA6B095E50B1E] [SPRF][26/02/2013] (…) — C:UsersmanuAppDataLocalTempHomePage22find.exe [744837] => Infection BT (Hijacker.22find)*
C:UsersmanuAppDataLocalTempHomePage22find.exe => Infection BT (Hijacker.22find)*
R0 – HKCUSOFTWAREClassesSoftwareMicrosoftInternet ExplorerMain,Start Page = ChatZum Search => Toolbar.Agent
[HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Toolbar.Bing
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] => Toolbar.Bing
[HKLMSoftwareClassesIncrediSpooler.DeltaSync] => Toolbar.DeltaSearch
[HKLMSoftwareClassesIncrediSpooler.DeltaSync.1] => Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesIncrediSpooler.DeltaSync] => Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesIncrediSpooler.DeltaSync.1]

FirewallRaz
EmptyFlash
Emptytemp
MERCi