bonjour suite a mon précédent problème qui a était réglé je vous resollicite pour mon deuxième ordinateur.
J'ai fait les premieres etapes :
- Rapport ZHPDiag : http://cjoint.com/12dc/BLBpzzjNnQc.htm
Merci pour votre aide
[HKCU\Software\1ClickDownload] => Infection BT (Adware.1ClickDownloader)
[HKCU\Software\vShare.tv] => Infection PUP (PUP.VShareRedir)
O43 - CFD: 26/05/2012 - 12:03:16 - [2,528] ----D C:\Program Files (x86)\1ClickDownload => Infection BT (Adware.1ClickDownloader)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Users\Damien\AppData\Roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O69 - SBI: SearchScopes [HKCU] {0D6AF57F-9320-41ad-9CA8-4E343227A235} - (Funmoods) - http://start.funmoods.com => Infection PUP (PUP.Funmoods)
O69 - SBI: SearchScopes [HKCU] {4A70172A-A2F4-1918-4FF9-0594AC48DE09} - (Web Search) - http://startsear.ch => Infection BT (Adware.Bandoo)
O69 - SBI: SearchScopes [HKCU] {97F1C5B4-FD2B-41F4-984A-3A424C876F22} - (Web Search) - http://startsear.ch => Infection BT (Adware.Bandoo)
[MD5.AC782786780CBD9A72FE0CAC0EE28107] [SPRF][21/12/2012] (...) -- C:\Users\Damien\AppData\Local\Temp\cacaonewd4dfc6.exe [436736]
O87 - FAEL: "TCP Query User{46B2B859-DDEE-47AA-8CB9-9C80C6F12BA6}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "UDP Query User{DC629120-C623-404A-AC0F-8A4329CCCD56}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "TCP Query User{413A65B8-028E-48F9-9B28-FF2CCB893D36}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "UDP Query User{4A60B295-DAE2-41CA-B50D-7879551089D9}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "TCP Query User{74E7A056-E450-4578-A7E0-6D6C0C5B421A}C:\program files (x86)\1clickdownload\1clickdownloader.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\1clickdownload\1clickdownloader.exe => Infection BT (Adware.1ClickDownloader)
O87 - FAEL: "UDP Query User{8B212655-D85C-46ED-922C-1D2F224E6236}C:\program files (x86)\1clickdownload\1clickdownloader.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\1clickdownload\1clickdownloader.exe => Infection BT (Adware.1ClickDownloader)
[HKCU\Software\1ClickDownload] => Infection BT (Adware.1ClickDownloader)
[HKCU\Software\vShare.tv] => Infection PUP (PUP.VShareRedir)
O87 - FAEL: "{8ABD58F4-ADE5-4992-9615-021C2B7AD459}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O87 - FAEL: "{196EC347-CCA7-42C1-8446-B8252B68DD82}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.)
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
R3 - URLSearchHook: (no name) [64Bits] - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) => Pando Networks - Pando Web Plugin
R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.) => Pando Networks - Pando Web Plugin
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2906552528-4104702087-150251034-1000Core] (.Google Inc..) -- C:\Users\Damien\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2906552528-4104702087-150251034-1000UA] (.Google Inc..) -- C:\Users\Damien\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [{905C3435-A1F8-4E8F-98A0-356319328725}] (...) -- F:\Jeux\The Witcher 2\gp.exe.exe (.not file.)
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E} => Pando Media Booster
[HKCU\Software\IncrediMail] => IncrediMail
O43 - CFD: 15/07/2011 - 15:52:36 - [0] ----D C:\Users\Damien\AppData\Local\The Witcher 2
O51 - MPSK:{f1fcc339-6a99-11e1-999c-6cf0497cabfa}\AutoRun\command. (...) -- F:\CMADownloader.exe (.not file.)
C:\Users\Damien\Jeux\LIMBO.v1.0r4.multi9.cracked-THETA\LIMBO.exe => Crack, KeyGen, Keymaker - Possible Malware
C:\Users\Damien\Jeux\LIMBO.v1.0r4.multi9.cracked-THETA\NFOviewer.exe => Crack, KeyGen, Keymaker - Possible Malware
C:\Users\Damien\Jeux\LIMBO.v1.0r4.multi9.cracked-THETA\LIMBO.exe => Crack, KeyGen, Keymaker - Possible Malware
C:\Users\Damien\Jeux\LIMBO.v1.0r4.multi9.cracked-THETA\NFOviewer.exe => Crack, KeyGen, Keymaker - Possible Malware
O87 - FAEL: "{0671F537-7CAC-4CC6-8E8B-2F7375A8CCB3}" | In - None - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{6BB3640E-83B8-47B3-AE7C-D979220E19FC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II Demo\StarCraft II.exe (.not file.)
O87 - FAEL: "{65F92CAC-BAEC-4F63-8A0E-2FC996C873A6}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II Demo\StarCraft II.exe (.not file.)
O87 - FAEL: "{D30C6A44-A86E-4CE4-BF64-180EA88EFEDA}" |In - Private - P6 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe (.not file.)
O87 - FAEL: "{1E2763AC-6DE0-43B0-B5DF-2AE408D5E44C}" |In - Private - P17 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe (.not file.)
O87 - FAEL: "{7B543422-648D-4AE2-900F-317857DA2327}" |In - Private - P6 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe (.not file.)
O87 - FAEL: "{1AE4CE81-BD1D-4670-9692-9839A442E1D7}" |In - Private - P17 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe (.not file.)
O87 - FAEL: "{49BCAFB7-6E55-4A94-A284-1DD1A2EF0156}" |In - Private - P6 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe (.not file.)
O87 - FAEL: "{B4DE6EBC-1811-49AB-B091-85BB2DCDB7B1}" |In - Private - P17 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe (.not file.)
O87 - FAEL: "{15657734-C88C-4343-A531-444DDB7A3B3D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe (.not file.)
O87 - FAEL: "{A0BE266E-732F-48C4-B73F-CED4E67B5085}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe (.not file.)
O87 - FAEL: "{A6CD5161-0426-4ECC-A28F-1612D0B98038}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{F404F22D-92C2-472E-ADBD-E760129C6570}" | In - Domain - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{428F9D18-D043-49A4-9B94-71D0AFC774C3}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{D75E2F5D-2A26-418E-8D71-E213104D603E}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{6B6CEA34-433E-4E27-996E-156AFA84B875}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
[MD5.00000000000000000000000000000000] [APT] [{752508E3-E7E0-41EF-87E4-C4C03F83AD3B}] (...) -- E:\setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O51 - MPSK:{ce41ead4-bd06-11df-afa0-6cf0497cabfa}\AutoRun\command. (...) -- G:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] => Toolbar.Skype
EmptyCLSID
EmptyTemp
EmptyFlash
FirewallRaz
ProxyFix
/!\ Désactives ton antivirus afin de ne pas ralentir l'analyse et d'afficher des messages d'alerte ! /!\
O43 - CFD: 26/05/2012 - 12:03:16 - [2,528] ----D C:\Program Files (x86)\1ClickDownload => Infection BT (Adware.1ClickDownloader)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Users\Damien\AppData\Roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "TCP Query User{46B2B859-DDEE-47AA-8CB9-9C80C6F12BA6}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "UDP Query User{DC629120-C623-404A-AC0F-8A4329CCCD56}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "TCP Query User{413A65B8-028E-48F9-9B28-FF2CCB893D36}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "UDP Query User{4A60B295-DAE2-41CA-B50D-7879551089D9}C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\damien\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) => Infection PUP (PUP.CacaoWeb)
O87 - FAEL: "TCP Query User{74E7A056-E450-4578-A7E0-6D6C0C5B421A}C:\program files (x86)\1clickdownload\1clickdownloader.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\1clickdownload\1clickdownloader.exe => Infection BT (Adware.1ClickDownloader)
O87 - FAEL: "UDP Query User{8B212655-D85C-46ED-922C-1D2F224E6236}C:\program files (x86)\1clickdownload\1clickdownloader.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\1clickdownload\1clickdownloader.exe => Infection BT (Adware.1ClickDownloader)
O87 - FAEL: "{8ABD58F4-ADE5-4992-9615-021C2B7AD459}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O87 - FAEL: "{196EC347-CCA7-42C1-8446-B8252B68DD82}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
[MD5.4458989C34FA84B5A75DD3ABCFBE786A] - (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624] [PID.5916]
C:\Users\Damien\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{905C3435-A1F8-4E8F-98A0-356319328725}] (...) -- F:\Jeux\The Witcher 2\gp.exe.exe (.not file.)
O87 - FAEL: "{6BB3640E-83B8-47B3-AE7C-D979220E19FC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II Demo\StarCraft II.exe (.not file.)
O87 - FAEL: "{65F92CAC-BAEC-4F63-8A0E-2FC996C873A6}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II Demo\StarCraft II.exe (.not file.)
O87 - FAEL: "{D30C6A44-A86E-4CE4-BF64-180EA88EFEDA}" |In - Private - P6 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe (.not file.)
O87 - FAEL: "{1E2763AC-6DE0-43B0-B5DF-2AE408D5E44C}" |In - Private - P17 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe (.not file.)
O87 - FAEL: "{7B543422-648D-4AE2-900F-317857DA2327}" |In - Private - P6 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe (.not file.)
O87 - FAEL: "{1AE4CE81-BD1D-4670-9692-9839A442E1D7}" |In - Private - P17 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe (.not file.)
O87 - FAEL: "{49BCAFB7-6E55-4A94-A284-1DD1A2EF0156}" |In - Private - P6 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe (.not file.)
O87 - FAEL: "{B4DE6EBC-1811-49AB-B091-85BB2DCDB7B1}" |In - Private - P17 - TRUE | .(...) -- C:\ProgramData\Battle.net\Agent\Agent.998\Agent.exe (.not file.)
O87 - FAEL: "{15657734-C88C-4343-A531-444DDB7A3B3D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe (.not file.)
O87 - FAEL: "{A0BE266E-732F-48C4-B73F-CED4E67B5085}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\StarCraft II 2012 Beta\StarCraft II Beta.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{752508E3-E7E0-41EF-87E4-C4C03F83AD3B}] (...) -- E:\setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj
O61 - LFC:Last File Created 30/12/1899 - 15:56:59 -SH-- C:\Users\Damien\Downloads\AlbumArt_{00000000-0000-0000-0000-000000000000}_Small.jpg [2368] => Dianlei download manager ou Infection Divers
O61 - LFC:Last File Created 30/12/1899 - 15:57:00 -SH-- C:\Users\Damien\Downloads\AlbumArt_{00000000-0000-0000-0000-000000000000}_Large.jpg [8314] => Dianlei download manager ou Infection Divers
[HKCU\Software\YahooPartnerToolbar] => Toolbar.Yahoo
EmptyTemp
EmptyFlash
FirewallRaz
ProxyFix
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 6 invités
.: Nous contacter :: Flux RSS :: Données personnelles :. |