Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 24/10/2014
Heure de l'examen: 16:38:49
Fichier journal: malwarebytes rapport.txt
Administrateur: Oui

Version: 2.00.3.1025
Base de données Malveillants: v2014.10.24.05
Base de données Rootkits: v2014.10.22.01
Licence: Gratuit
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: stephane

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 310889
Temps écoulé: 19 min, 10 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 2
PUP.Optional.WiseEnhance.A, C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe, 2052, Supprimé-au-redémarrage, [d8ad29ef87f5221473809edf29d81be5]
PUP.Optional.WiseEnhance.A, C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe, 2508, Supprimé-au-redémarrage, [6e17a27644388ea89162740946bb6997]

Modules: 0
(Aucun élément malicieux detecté)

Clés du Registre: 17
PUP.Optional.WiseEnhance.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update WiseEnhance, Mis en quarantaine, [d8ad29ef87f5221473809edf29d81be5], 
PUP.Optional.WiseEnhance.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util WiseEnhance, Mis en quarantaine, [6e17a27644388ea89162740946bb6997], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Mis en quarantaine, [d1b41602fe7e2511e82bfbe328da46ba], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Mis en quarantaine, [d1b41602fe7e2511e82bfbe328da46ba], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Mis en quarantaine, [7510d6427b01f3439e8add0138ca22de], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Mis en quarantaine, [7510d6427b01f3439e8add0138ca22de], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2442689183-2197710624-2519730625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Mis en quarantaine, [ee973fd9b0cc43f3913a4b5916ec2ed2], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Mis en quarantaine, [ee973fd9b0cc43f3913a4b5916ec2ed2], 
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64, Mis en quarantaine, [483dda3e156779bd6496deafeb19cc34], 
PUP.Optional.WiseEnhance.A, HKLM\SOFTWARE\WOW6432NODE\WiseEnhance, Mis en quarantaine, [a8dd9a7efd7fe650a402113bd72c0ff1], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, Mis en quarantaine, [e79ef721f78539fd316a6ffe49bb09f7], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mysearchdial, Mis en quarantaine, [5d28f523087490a6d2f2bb78b3501ce4], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2442689183-2197710624-2519730625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial, Mis en quarantaine, [5d28f91fde9e0630f24b006fe81cd729], 
PUP.Optional.WiseEnhance.A, HKU\S-1-5-21-2442689183-2197710624-2519730625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WiseEnhance, Mis en quarantaine, [4f361ff9770566d0931283c98a799070], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2442689183-2197710624-2519730625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Mis en quarantaine, [fa8bd93f710bd5619657f95e2ed5d12f], 
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2442689183-2197710624-2519730625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\mysearchdial, Mis en quarantaine, [3d483ade413b2511717a9dd52ed6857b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2442689183-2197710624-2519730625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Mis en quarantaine, [295cda3e611bde58201fcca22ed6bd43], 

Valeurs du Registre: 2
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Mis en quarantaine, [4e3719ffc9b359dd970054395fa5857b]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2442689183-2197710624-2519730625-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0R1F1E1Rzr1M1J1N1J, Mis en quarantaine, [295cda3e611bde58201fcca22ed6bd43]

Données du Registre: 1
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=tele_14_18_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtDtByE0CyEyCtAzztC0BtN0D0Tzu0SzzyDtCtN1L2XzutBtFtBtDtFyCtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtBtAtDyEzy0F0FtG0CtBtAtBtGtAtDzyyCtG0B0BtDyDtGtCyB0FtB0DyCyE0D0AtCyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0F0DyD0F0AtDtG0B0EzytAtGyCyEyBtCtGyEzz0BzytGtDtA0DzzyByEyD0EzyyEyCyD2Q&cr=1043331190&ir=, Bon: (www.google.com), Mauvais: (http://start.mysearchdial.com/?f=1&a=tele_14_18_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtDtByE0CyEyCtAzztC0BtN0D0Tzu0SzzyDtCtN1L2XzutBtFtBtDtFyCtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtBtAtDyEzy0F0FtG0CtBtAtBtGtAtDzyyCtG0B0BtDyDtGtCyB0FtB0DyCyE0D0AtCyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0F0DyD0F0AtDtG0B0EzytAtGyCyEyBtCtGyEzz0BzytGtDtA0DzzyByEyD0EzyyEyCyD2Q&cr=1043331190&ir=),Remplacé,[f491fd1b502c61d574a256d530d520e0]

Dossiers: 2
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe, Mis en quarantaine, [9aeb8c8cc5b7e84e77087c9f27dcda26], 
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe\1.0.1_0, Mis en quarantaine, [9aeb8c8cc5b7e84e77087c9f27dcda26], 

Fichiers: 14
PUP.Optional.WiseEnhance.A, C:\Program Files (x86)\WiseEnhance\updateWiseEnhance.exe, Supprimé-au-redémarrage, [d8ad29ef87f5221473809edf29d81be5], 
PUP.Optional.WiseEnhance.A, C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe, Supprimé-au-redémarrage, [6e17a27644388ea89162740946bb6997], 
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Local\Temp\is42483369\83694800_stp\setup_wiseenhance.exe, Mis en quarantaine, [bec7c553760658de5311887870952cd4], 
PUP.Optional.NextInt, C:\Users\stephane\Downloads\Dropbox 2.6.31.exe, Mis en quarantaine, [22631107fb817abcaf7701ff2dd8e020], 
PUP.Optional.MySearchDial.A, C:\Windows\System32\Tasks\MySearchDial, Mis en quarantaine, [a2e31ff926566ccac26f1520946f966a], 
PUP.Optional.MySearchDial.A, C:\Windows\Tasks\MySearchDial.job, Mis en quarantaine, [b9ccc850463660d624c494a2f11232ce], 
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Roaming\Mozilla\Firefox\Profiles\uzuaag0w.default\extensions\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}.xpi, Mis en quarantaine, [93f2c1575527b77f69ceb49071928b75], 
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys, Mis en quarantaine, [483dda3e156779bd6496deafeb19cc34], 
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe\1.0.1_0\background.js, Mis en quarantaine, [9aeb8c8cc5b7e84e77087c9f27dcda26], 
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe\1.0.1_0\content.js, Mis en quarantaine, [9aeb8c8cc5b7e84e77087c9f27dcda26], 
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe\1.0.1_0\icon.png, Mis en quarantaine, [9aeb8c8cc5b7e84e77087c9f27dcda26], 
PUP.Optional.WiseEnhance.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe\1.0.1_0\manifest.json, Mis en quarantaine, [9aeb8c8cc5b7e84e77087c9f27dcda26], 
PUP.Optional.MySearchDial.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: (   "homepage": "http://start.mysearchdial.com/?f=1&a=tele_14_18_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtDtByE0CyEyCtAzztC0BtN0D0Tzu0SzzyDtCtN1L2XzutBtFtBtDtFyCtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtBtAtDyEzy0F0FtG0CtBtAtBtGtAtDzyyCtG0B0BtDyDtGtCyB0FtB0DyCyE0D0AtCyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0F0DyD0F0AtDtG0B0EzytAtGyCyEyBtCtGyEzz0BzytGtDtA0DzzyByEyD0EzyyEyCyD2Q&cr=1043331190&ir=",), Remplacé,[1372c058b1cbb18595b51f42877e49b7]
PUP.Optional.MySearchDial.A, C:\Users\stephane\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: (      "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=tele_14_18_ie&cd=2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtDtByE0CyEyCtAzztC0BtN0D0Tzu0SzzyDtCtN1L2XzutBtFtBtDtFyCtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StBtBtAtDyEzy0F0FtG0CtBtAtBtGtAtDzyyCtG0B0BtDyDtGtCyB0FtB0DyCyE0D0AtCyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtD0F0DyD0F0AtDtG0B0EzytAtGyCyEyBtCtGyEzz0BzytGtDtA0DzzyByEyD0EzyyEyCyD2Q&cr=1043331190&ir=", "http://www.google.com/" ],), Remplacé,[0d7812068af27bbb3b3db1b06f9660a0]

Secteurs physiques: 0
(Aucun élément malicieux detecté)


(end)