cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 22/04/2015
Heure de l'examen: 14:31:40
Fichier journal: ScanLog MBAM.txt
Administrateur: Oui

Version: 2.01.4.1018
Base de donn�es Malveillants: v2015.04.22.03
Base de donn�es Rootkits: v2015.04.21.01
Licence: Gratuit
Protection contre les malveillants: D�sactiv�(e)
Protection contre les sites Web malveillants: D�sactiv�(e)
Auto-protection: D�sactiv�(e)

Syst�me d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: ROMEO

Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 409644
Temps �coul�: 19 min, 28 sec

M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: D�sactiv�(e)
Heuristique: Activ�(e)
PUP: Activ�(e)
PUM: Activ�(e)

Processus: 0
(Aucun �l�ment malicieux d�tect�)

Modules: 0
(Aucun �l�ment malicieux d�tect�)

Cl�s du Registre: 4
PUP.Optional.Iminent.A, HKU\S-1-5-21-885995558-725125712-3178212999-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Mis en quarantaine, [2d6e422de0aa082ee83d265539ca1be5],
PUP.Optional.BrowsersApp.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps +, Mis en quarantaine, [6f2c2a453852e25422f5e109cb38ce32],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-885995558-725125712-3178212999-1000\SOFTWARE\INSTALLCORE, Mis en quarantaine, [dcbf5e11bfcba393343366c043c2ba46],
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-885995558-725125712-3178212999-1004\SOFTWARE\SMARTBAR, Mis en quarantaine, [8417d49bfd8d85b18e44390d986d7888],

Valeurs du Registre: 6
PUP.Optional.Iminent.A, HKU\S-1-5-21-885995558-725125712-3178212999-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}, Mis en quarantaine, [e5b667080f7bfc3a219793e7d23132ce],
PUP.Optional.Iminent.A, HKU\S-1-5-21-885995558-725125712-3178212999-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}, �?éz�??�?¯èEž ây�?? â�?, Mis en quarantaine, [e5b667080f7bfc3a219793e7d23132ce]
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_application, http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s, Mis en quarantaine, [0c8f2748d9b1e3535863356157ad1de3]
Hijacker.Application, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_Application, http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s, Mis en quarantaine, [2774ea859cee51e569522b6b56aeb24e]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-885995558-725125712-3178212999-1000\SOFTWARE\INSTALLCORE|tb, 1X1B1M1J1M0Q1Q1HtGtByCtI0M, Mis en quarantaine, [dcbf5e11bfcba393343366c043c2ba46]
PUP.Optional.ShoppingHelper.A, HKU\S-1-5-21-885995558-725125712-3178212999-1004\SOFTWARE\SMARTBAR|publisher, ShoppingHelper, Mis en quarantaine, [8417d49bfd8d85b18e44390d986d7888]

Donn�es du Registre: 6
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}),Remplac�,[75263c338cfed95d4d88976da75fbd43]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}),Remplac�,[e7b4cca36d1d0d296e67867eee18fe02]
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application, http://www.helpmeopen.com/?n=app&ext=%s, Bon: (http://shell.windows.com/fileassoc/Mauvais: (http://www.helpmeopen.com/?n=app&ext=%s),Remplac�,[8714016e3456e65064a9d82abc4a6799]x/xml/redir.asp?Ext=%s), %5
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}),Remplac�,[e5b63639e9a164d27a5b14f017efe818]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/web/?type=ds&ts=1403970001&from=cor&uid=WDCXWD10EADX-22TDHB0_WD-WCAV5P72465824658&q={searchTerms}),Remplac�,[19829ed17a10082ec015887c5fa7c43c]
Hijacker.Application, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application, http://www.helpmeopen.com/?n=app&ext=%s, Bon: (http://shell.windows.com/fileassoc/Mauvais: (http://www.helpmeopen.com/?n=app&ext=%s),Remplac�,[c4d72d42ec9e7eb8b558c83a22e418e8]x/xml/redir.asp?Ext=%s), %5

Dossiers: 0
(Aucun �l�ment malicieux d�tect�)

Fichiers: 17
PUP.Optional.BrowserWatch, C:\Users\ROMEO\AppData\Roaming\ZHP\Quarantine\BrowerWatchCH.dll, Mis en quarantaine, [445796d905855fd768538ae507f9c040],
PUP.Optional.BrowserWatch, C:\Users\ROMEO\AppData\Roaming\ZHP\Quarantine\BrowerWatchFF.dll, Mis en quarantaine, [8a1183ecc1c98fa77942046b2fd116ea],
PUP.Optional.SearchProtect, C:\Users\ROMEO\AppData\Roaming\ZHP\Quarantine\BrowserAction.dll, Mis en quarantaine, [2378452a2c5e1d197d6153ef09f9857b],
PUP.Optional.ELEX, C:\Users\ROMEO\AppData\Roaming\ZHP\Quarantine\HPNotify.exe, Mis en quarantaine, [0d8eeb848703ce680357a1927f83e917],
PUP.Optional.SearchProtect, C:\Users\ROMEO\AppData\Roaming\ZHP\Quarantine\IeWatchDog.dll, Mis en quarantaine, [b6e51e518208c2740a9a34c1f80d45bb],
PUP.Optional.XTab.A, C:\Users\ROMEO\AppData\Roaming\ZHP\Quarantine\ProtectService.exe, Mis en quarantaine, [b4e7abc47317fe381a5d1bf70bf7718f],
PUP.Optional.SupTab.A, C:\Users\ROMEO\AppData\Roaming\ZHP\Quarantine\SupTab.dll, Mis en quarantaine, [6f2c8fe023670e28c2cd44f3e719bb45],
PUP.Optional.Linkey.A, C:\Users\ROMEO\AppData\Local\Temp\sr_SettingsManagerSetup.exe, Mis en quarantaine, [3f5c76f96f1b4ee8ac61eccbd130a25e],
PUP.OfferBundler.ST, C:\Users\JSB\Downloads\SoftonicDownloader_pour_dropbox.exe, Mis en quarantaine, [9ffc2c4305850036d74d724aa65a5da3],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI1C4A.tmp-\Smartbar.Installer.CustomActions.dll, Mis en quarantaine, [8e0d82edd1b9aa8c1e41959b7a86e917],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI7332.tmp-\Smartbar.Installer.CustomActions.dll, Mis en quarantaine, [63382b444446c76fd18ef33d09f73cc4],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf, Mis en quarantaine, [bfdcb0bfddade3539d7504cdad56857b],
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, Mis en quarantaine, [92093b34eb9fcb6bed20966e669eca36],
PUP.Optional.WebSearch.A, C:\Users\JSB\AppData\Roaming\Mozilla\Firefox\Profiles\e09kfj0i.default\searchplugins\Web Search.xml, Mis en quarantaine, [514aaac5bfcb979fe6577e89fe06ff01],
PUP.Optional.SnapDo.A, C:\Users\JSB\AppData\Roaming\Mozilla\Firefox\Profiles\e09kfj0i.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.newtab.url", "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOqRYTCJ8HEP8FJFSUJkYd0XAbVWS_HaxRS1T7dq1CXGq0dc6sdYHsMRr3QQE4kqqO1lG2I0I1N-2xWKyK3whiG24c0k6EI9ZlAnu0YNi1k5iXpfwCDw_jQ9oCXBrjGtbnVq5mkmNy3PLQ,,");), Remplac�,[9a01c6a90288e84e141e2e14729409f7]
PUP.Optional.SnapDo.A, C:\Users\JSB\AppData\Roaming\Mozilla\Firefox\Profiles\e09kfj0i.default\prefs.js, Bon: (), Mauvais: (user_pref("keyword.URL", "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOqRYTCJ8HEP8FJFSUJkYd0XAbVWS_HaxRS1T7dq1CXGq0dc6sdYHsMRr3QQE4kqqO1lG2I0I1N-2xWAVmF3OrpwQc8u0t3gRP9TK0V50qYNuYkUryokE-8BxqhoY-SXjC703UBKqk9Zhg,,&q=");), Remplac�,[94078ae5fa9073c3bb786bd7ac5a8977]
PUP.Optional.SnapDo.A, C:\Users\JSB\AppData\Roaming\Mozilla\Firefox\Profiles\e09kfj0i.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.startup.homepage", "http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOqRYTCJ8HEP8FJFSUJkYd0XAbVWS_HaxRS1T7dq1CXGq0dc6sdYHsMRr3QQE4kqqO1lG2I0I1N-2xWMgHdUohhYlR9UNraxbrT1DLxZQsIBo-36cGeHSBEx_6Luvo01XOytrRE591SulA,,");), Remplac�,[049792dd6e1c00363bf93f03a2640ef2]

Secteurs physiques: 0
(Aucun �l�ment malicieux d�tect�)


(end)

Publicité


Signaler le contenu de ce document

Publicité