Répondre à : Comment supprimer Nation zoom / nationzoom.com 2016-09-08T13:23:52+00:00
H.A.W.X
Participant
Nombre d'articles : 1809

[font=Comic Sans MS:13qicwb7]

Que fait Nation Zoom / My Nation Zoom sur mon PC ?[/center:13qicwb7][/font:13qicwb7]

Contrairement à certaines “infections” Nation Zoom va créer des fichiers et modifier des clés de registres.[/center:13qicwb7]

Voici les fichiers créés :[/center:13qicwb7]

1. ========================= SEAF 1.0.1.0 – C_XX
2.
3. Commencé à: 08:26:45 le 03/12/2013
4.
5. Valeur(s) recherchée(s):
6. nationzoom
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) — Calcul du Hash “MD5”
11. (!) — Affichage des dossiers
12.
13. ====== Fichier(s) ======
14.
15.
16. “C:Program Files (x86)Mozilla Firefoxbrowsersearchpluginsnationzoom.xml” [ ARCHIVE | 562 o ]
17. TC: 03/12/2013,08:18:13 | TM: 03/12/2013,08:18:13 | DA: 03/12/2013,08:18:13
18.
19. Hash MD5: 5572966D4270366DD7A7991A3E845090
20.
21.
22. =========================
23.
24.
25. “C:UsersSOSVirusAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE51ONH4PSEnationzoom_com[1].htm” [ NOT_CONTENT_INDEXED|ARCHIVE | 63 Ko ]
26. TC: 03/12/2013,08:19:22 | TM: 03/12/2013,08:19:22 | DA: 03/12/2013,08:19:22
27.
28. Hash MD5: 85B7B04AC975D291235F2209B61C3FEF
29.
30.
31. =========================
32.
33.
34. “C:UsersSOSVirusAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5ESBSVQYJnationzoom_com[1].htm” [ NOT_CONTENT_INDEXED|ARCHIVE | 63 Ko ]
35. TC: 03/12/2013,08:25:05 | TM: 03/12/2013,08:25:06 | DA: 03/12/2013,08:25:05
36.
37. Hash MD5: 85B7B04AC975D291235F2209B61C3FEF
38.
39.
40. =========================
41.
42.
43. “C:UsersSOSVirusAppDataLocalTempDMbincssnationzoom.css” [ NOT_CONTENT_INDEXED|ARCHIVE | 2 Ko ]
44. TC: 28/11/2013,17:18:58 | TM: 28/11/2013,17:18:58 | DA: 03/12/2013,08:16:24
45.
46. Hash MD5: 1100FBFB83152CB6314D3CB9B719210E
47.
48.
49. =========================
50.
51.
52. “C:UsersSOSVirusAppDataLocalTempDMsoftwaretugs_nationzoom.exe” [ NOT_CONTENT_INDEXED|ARCHIVE | 565 Ko ]
53. TC: 03/12/2013,08:17:26 | TM: 03/12/2013,08:17:29 | DA: 03/12/2013,08:17:26
54.
55. Hash MD5: 9BBEFBEEF84F224F34C08DC3ADF7388B
56.
57.
58. =========================
59.
60.
61. “C:UsersSOSVirusAppDataLocalLowMicrosoftInternet ExplorerDOMStoreADX28VA2www.nationzoom[1].xml” [ NOT_CONTENT_INDEXED|ARCHIVE | 13 o ]
62. TC: 03/12/2013,08:19:24 | TM: 03/12/2013,08:19:24 | DA: 03/12/2013,08:19:24
63.
64. Hash MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
65.
66.
67. =========================
68.
69.
70. “C:UsersSOSVirusAppDataRoamingMicrosoftWindowsCookiesLowsosvirus@nationzoom[2].txt” [ NOT_CONTENT_INDEXED|ARCHIVE | 318 o ]
71. TC: 03/12/2013,08:19:22 | TM: 03/12/2013,08:19:22 | DA: 03/12/2013,08:19:22
72.
73. Hash MD5: AD82F58F0142C092A5006D82FD8E7D69
74.
75.
76. =========================
77.
78.
79. “C:WindowsPrefetchTUGS_NATIONZOOM.EXE-844B565B.pf” [ NOT_CONTENT_INDEXED|ARCHIVE | 26 Ko ]
80. TC: 03/12/2013,08:17:39 | TM: 03/12/2013,08:17:39 | DA: 03/12/2013,08:17:39
81.
82. Hash MD5: 24D0FCDF9E294D07A130401F32B280A3
83.
84.
85. =========================
86.
87.
88. =========================
89.
90. Fin à: 08:29:17 le 03/12/2013
91. 84431 Éléments analysés
92.
93. =========================
94. E.O.F

Voici les clés de registres modifiés et créées :[/center:13qicwb7]

1. ========================= SEAF 1.0.1.0 – C_XX
2.
3. Commencé à: 08:55:15 le 03/12/2013
4.
5. Valeur(s) recherchée(s):
6. nationzoom
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) — Recherche registre seulement
11.
12. ====== Entrée(s) du registre ======
13.
14.
15. [HKLMSoftwareMicrosoftInternet ExplorerMAIN]
16. “Default_Search_URL”=”http://www.nationzoom.com/web/?type=ds&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085&q={searchTerms}” (REG_SZ)
17.
18. [HKLMSoftwareMicrosoftInternet ExplorerMAIN]
19. “Default_Page_URL”=”http://www.nationzoom.com/?type=hp&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” (REG_SZ)
20.
21. [HKLMSoftwareMicrosoftInternet ExplorerMAIN]
22. “Start Page”=”http://www.nationzoom.com/?type=hp&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” (REG_SZ)
23.
24. [HKLMSoftwareMicrosoftInternet ExplorerMAIN]
25. “Search Page”=”http://www.nationzoom.com/web/?type=ds&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085&q={searchTerms}” (REG_SZ)
26.
27. [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
28. “DisplayName”=”nationzoom” (REG_SZ)
29.
30. [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
31. “URL”=”http://www.nationzoom.com/web/?type=ds&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085&q={searchTerms}” (REG_SZ)
32.
33. [HKLMSoftwarenationzoomSoftware]
34. DA: 03/12/2013 08:30:03
35.
36. [HKLMSoftwareClientsStartMenuInternetFIREFOX.EXEshellopencommand]
37. “”=””C:Program Files (x86)Mozilla Firefoxfirefox.exe” http://www.nationzoom.com/?type=sc&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” onclick=”window.open(this.href);return false;” (REG_SZ)
38.
39. [HKLMSoftwareClientsStartMenuInternetGoogle Chromeshellopencommand]
40. “”=””C:Program Files (x86)GoogleChromeApplicationchrome.exe” http://www.nationzoom.com/?type=sc&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” onclick=”window.open(this.href);return false;” (REG_SZ)
41.
42. [HKLMSoftwareClientsStartMenuInternetIEXPLORE.EXEshellopencommand]
43. “”=”C:Program Files (x86)Internet Exploreriexplore.exe http://www.nationzoom.com/?type=sc&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” onclick=”window.open(this.href);return false;” (REG_SZ)
44.
45. [HKLMSoftwareClientsStartMenuInternetOperaStableshellopencommand]
46. “”=””C:Program Files (x86)OperaLauncher.exe” http://www.nationzoom.com/?type=sc&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” onclick=”window.open(this.href);return false;” (REG_SZ)
47.
48. [HKUS-1-5-21-399137232-1219587761-3561054718-1001SoftwareMicrosoftInternet ExplorerMain]
49. “Start Page”=”http://www.nationzoom.com/?type=hp&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” (REG_SZ)
50.
51. [HKUS-1-5-21-399137232-1219587761-3561054718-1001SoftwareMicrosoftInternet ExplorerMain]
52. “Default_Page_URL”=”http://www.nationzoom.com/?type=hp&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085” (REG_SZ)
53.
54. [HKUS-1-5-21-399137232-1219587761-3561054718-1001SoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
55. “DisplayName”=”nationzoom” (REG_SZ)
56.
57. [HKUS-1-5-21-399137232-1219587761-3561054718-1001SoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
58. “URL”=”http://www.nationzoom.com/web/?type=ds&ts=1386055091&from=tugs&uid=VBOXXHARDDISK_VB205d0a76-39f7c085&q={searchTerms}” (REG_SZ)
59.
60. =========================
61.
62. Fin à: 08:56:24 le 03/12/2013
63. 136716 Éléments analysés
64.
65. =========================
66. E.O.F