Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 24/08/2014 Heure de l'examen: 17:28:44 Fichier journal: malware.txt Administrateur: Oui Version: 2.00.2.1012 Base de données Malveillants: v2014.08.24.03 Base de données Rootkits: v2014.08.21.01 Licence: Essai Protection contre les malveillants: Activé(e) Protection contre les sites Web malveillants: Activé(e) Self-protection: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Schukka Type d'examen: Examen "Menaces" Résultat: Terminé Objets analysés: 419199 Temps écoulé: 13 min, 8 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Désactivé(e) Heuristics: Activé(e) PUP: Avertir PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Clés du Registre: 4 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [98cbfdcd483387afbbf5f24616eeb54b], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [c2a12aa098e379bd1c826187e022e51b], PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [1a49f5d590eb2f07753bb97f0301ca36], PUP.Optional.Qone8, HKU\S-1-5-21-1365627989-1550815974-3705189505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [abb876542c4f2412911e4bedbf456e92], Valeurs du Registre: 1 PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Schukka\AppData\Roaming\Mozilla\Firefox\Profiles\z3x46fhb.default\extensions\faststartff@gmail.com, , [263d8e3c3348ba7cae94d9738b79a35d] Données du Registre: 9 PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (Chrome.exe), Mauvais: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[fc67963497e4c4721052f4df27ddab55] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[bfa4a3273546d85ed484d201e51fc838] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[2a3924a62c4fc472076a29b54abad62a] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (Chrome.exe), Mauvais: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[d88bbb0ff08b49ed085a1eb52ada05fb] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[2043e5e55d1ea3931345c40f27ddb947] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms}),,[8fd4c7030f6ce650f46252818282b24e] PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[baa9428892e9d066272dd4ff6b99b947] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[c89b6268c4b7cf673c359c42ae565da3] PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1365627989-1550815974-3705189505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[075c9c2ec5b63501cf8ac40fad576898] Dossiers: 0 (No malicious items detected) Fichiers: 4 Hacktool.Agent, C:\Users\Schukka\AppData\Roaming\ZHP\Quarantine\windows loader.exe.VIR, , [cd969535403b93a359d926301be65da3], PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, , [194ad0fabac123139d36f1f8748e46ba], PUP.Optional.IStartSurf.A, C:\Users\Schukka\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: ( "startup_urls": [ "http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94" ],), ,[184b28a26f0c6fc7fddc49c5c63f728e] PUP.Optional.IStartSurf.A, C:\Users\Schukka\AppData\Roaming\Mozilla\Firefox\Profiles\z3x46fhb.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.newtab.url", "http://www.istartsurf.com/newtab/?type=nt&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94");), ,[9cc74e7c91eaa393dcfbea241de83bc5] Secteurs physiques: 0 (No malicious items detected) (end)