cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 03/04/2015
Heure de l'examen: 16:00:37
Fichier journal: rapport malwarebytes 2.txt
Administrateur: Oui

Version: 2.01.4.1018
Base de donn�es Malveillants: v2015.04.03.05
Base de donn�es Rootkits: v2015.03.31.01
Licence: Gratuit
Protection contre les malveillants: D�sactiv�(e)
Protection contre les sites Web malveillants: D�sactiv�(e)
Auto-protection: D�sactiv�(e)

Syst�me d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: Yassou

Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 390866
Temps �coul�: 10 min, 12 sec

M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: Activ�(e)
Heuristique: Activ�(e)
PUP: Activ�(e)
PUM: Activ�(e)

Processus: 0
(Aucun �l�ment malicieux d�tect�)

Modules: 0
(Aucun �l�ment malicieux d�tect�)

Cl�s du Registre: 12
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, , [0a275018147634025ecee54d649fc937],
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [6bc66afea1e9a39319d66509ea1911ef],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, , [6bc66afea1e9a39319d66509ea1911ef],
PUP.Optional.SweetIM.A, HKU\S-1-5-18\SOFTWARE\SweetIM, , [41f0ff69800ac373fa0a7e490af91be5],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, , [50e1fc6c5b2fad89fa589f84788d2cd4],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\SweetIM, , [be733c2c07831a1cf2123691729142be],
PUP.Optional.CinemaPlus, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\APPDATALOW\SOFTWARE\Cinema-Plus-1.7cV05.01, , [62cfa5c3ee9cb383af312caffd0608f8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [d0610a5e36546bcb9de11818a95c847c],
PUP.Optional.iWebar.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, , [da572a3e11791125645aefd14cb74fb1],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [ad84d791bdcd0630c8c10501e420639d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\INSTALLCORE, , [a38ea4c4c6c4f5413b2146d6da2b27d9],
PUP.Optional.Qone8, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [250cadbb107a46f03ba9da4d49bc14ec],

Valeurs du Registre: 17
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, MYSTART, , [50e1fc6c5b2fad89fa589f84788d2cd4]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\INSTALLCORE|tb, 0A2O0R1R1H2Z1S1G0H1F, , [a38ea4c4c6c4f5413b2146d6da2b27d9]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?type=ds&ts=1420451921&from=amt&uid=WDCXWD7500BPKX-22HPJT0_WD-WX51A73S8074S8074&q={searchTerms}, , [191871f77515dc5ac65d51fa7491c33d]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele1202&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0EyCzz0AtD0C0BtCtD0FtN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1134646921&ir=, , [dd54a2c66327c5716fddaa0a0df64cb4]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|TopResultURLFallback, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele1202&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0EyCzz0AtD0C0BtCtD0FtN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1134646921&ir=, , [d160650358322d094efe843056adf808]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconURL, http://start.mysearchdial.com/favicon.ico, , [b8790b5d761479bdc08ccfe5e41fa060]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, , [51e05a0eb8d2f93dea62456ff70c38c8]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconURLFallback, http://start.mysearchdial.com/favicon.ico, , [f140b7b11b6f51e5bc90ded660a347b9]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Mysearchdial, , [86aba0c891f950e6bb91e8cc897aae52]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|DisplayName, Mysearchdial, , [1a17ea7e5139f64076d6bff518eb0bf5]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconURLFallback, http://start.mysearchdial.com/favicon.ico, , [41f0e187f199c86e1a32377d26dd6799]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, , [37fa1355c7c3ef47074571437a89ec14]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|DisplayName, Mysearchdial, , [240df77156341d1963e9e3d125de0bf5]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele0103&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0EyCzz0AtD0C0BtCtD0FtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1525553138&ir=, , [58d94a1e8703e452ed5f169e15ee3cc4]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|TopResultURLFallback, http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele0103&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0EyCzz0AtD0C0BtCtD0FtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1525553138&ir=, , [ce63d69297f368ceb29abdf736cd8a76]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|FaviconURL, http://start.mysearchdial.com/favicon.ico, , [6ec37cec01891d1953f9268ecf34be42]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, Mysearchdial, , [0e2392d6a7e3ae88d17b7242be45f808]

Donn�es du Registre: 1
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3872571102-877409145-1784088797-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&ts=1420451921&from=amt&uid=WDCXWD7500BPKX-22HPJT0_WD-WX51A73S8074S8074, Bon: (www.google.com), Mauvais: (http://www.mystartsearch.com/?type=hp&ts=1420451921&from=amt&uid=WDCXWD7500BPKX-22HPJT0_WD-WX51A73S8074S8074),,[fd34afb93a5039fd30243eadf114669a]

Dossiers: 2
Rogue.Multiple, C:\ProgramData\2355320829, , [1a17fc6c0486ce689491a0d08f741de3],
PUP.Optional.MySpeedDial.A, C:\Users\Yassou\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, , [c46d4622c9c1ae880eea860444bf7d83],

Fichiers: 7
PUP.Optional.OpenCandy, C:\Users\M'hamed\AppData\Roaming\PowerISO\Upgrade\PowerISO5-x64.exe, , [4ae7c5a3afdb3bfb7d43e03d848260a0],
PUP.Optional.OpenCandy, C:\Users\M'hamed\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe, , [70c1cc9ce4a60630833d38e573933ac6],
PUP.Optional.XTab.A, C:\Users\Yassou\AppData\Roaming\ZHP\Quarantine\protectservice.exe.VIR, , [4ae754148703b87e358912ffc33fc23e],
PUP.Optional.ELEX, C:\Users\Yassou\AppData\Roaming\ZHP\Quarantine\HPNotify.exe, , [0f2278f05238979f9922a48ebd45c23e],
PUP.Optional.OpenCandy, C:\Users\Yassou\Downloads\PowerISO5 [1].exe, , [989977f1ccbe3df9dde360bdac5a54ac],
PUP.Optional.Conduit.A, C:\Users\Yassou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, , [76bb1157840688ae70fce30c47bc4ab6],
PUP.Optional.Conduit.A, C:\Users\Yassou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage-journal, , [7eb3c99f107a78be6ffd09e6768ddb25],

Secteurs physiques: 0
(Aucun �l�ment malicieux d�tect�)


(end)

Publicité


Signaler le contenu de ce document

Publicité