cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 2015-05-29
Heure de l'examen: 14:37:56
Fichier journal: Antimalware2.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de donn�es Malveillants: v2015.05.29.05
Base de donn�es Rootkits: v2015.05.24.01
Licence: Gratuit
Protection contre les malveillants: D�sactiv�(e)
Protection contre les sites Web malveillants: D�sactiv�(e)
Auto-protection: D�sactiv�(e)

Syst�me d'exploitation: Windows 8.1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: Stéphane

Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 402009
Temps �coul�: 38 min, 43 sec

M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: D�sactiv�(e)
Heuristique: Activ�(e)
PUP: Activ�(e)
PUM: Activ�(e)

Processus: 2
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe, 1756, Supprim�-au-red�marrage, [d792d8c13d4ddc5a076bbab12bdb1ee2]
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe, 2840, Supprim�-au-red�marrage, [65049efb5634b185492902690ef833cd]

Modules: 0
(Aucun �l�ment malicieux d�tect�)

Cl�s du Registre: 24
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Mis en quarantaine, [ec7d960395f5a5917b3cf3a61ce759a7],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Mis en quarantaine, [ec7d960395f5a5917b3cf3a61ce759a7],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Mis en quarantaine, [ec7d960395f5a5917b3cf3a61ce759a7],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ebfbdd44-c0e0-4f63-a8e6-ee5f34765238}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1317e5f7-3acf-4d74-a9ae-4ce526026e3f}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47D25BF1-717C-4677-ADF0-75682D690204}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47D25BF1-717C-4677-ADF0-75682D690204}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47D25BF1-717C-4677-ADF0-75682D690204}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1317e5f7-3acf-4d74-a9ae-4ce526026e3f}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1317e5f7-3acf-4d74-a9ae-4ce526026e3f}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EBFBDD44-C0E0-4F63-A8E6-EE5F34765238}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.EduApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EBFBDD44-C0E0-4F63-A8E6-EE5F34765238}, Mis en quarantaine, [ca9f841572186dc9b87ec09a7f84c739],
PUP.Optional.OneSystemCare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OneSystemCare, Mis en quarantaine, [c5a49702f69490a6ea886704798d17e9],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw64, Mis en quarantaine, [6ffa4356711978bed1619676dd279a66],
PUP.Optional.EduApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Edu App, Mis en quarantaine, [0d5cdcbd820836005bf8a73daf54ab55],
PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UPDATECHECK, Mis en quarantaine, [274291081872de580be50a6fb94c38c8],
PUP.Optional.EduApp.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\Edu App, Mis en quarantaine, [cb9eedac8a003df93f10cf158182966a],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\TutoTag, Mis en quarantaine, [1851c0d999f1e3531b2282e6689deb15],
PUP.Optional.Trovi.C, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Mis en quarantaine, [e287c1d8781268ce6c7ff089749102fe],
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\ONE SYSTEM CARE, Mis en quarantaine, [db8e8613503aa5914458eb922dd8d729],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\TUTORIALS\updatetutorialeshp, Mis en quarantaine, [4227a6f31c6e62d4ab5eec029370ae52],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\TUTORIALS\updatetutorialshp, Mis en quarantaine, [1d4cc8d190faff3743c7806e05fef808],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\TUTORIALS\updv, Mis en quarantaine, [78f177222d5daf87ef1cf3fbcc378e72],
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-500\SOFTWARE\ONE SYSTEM CARE, Mis en quarantaine, [2742afea1a70fa3c94085e1fce37c53b],

Valeurs du Registre: 8
PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UPDATECHECK|ImagePath, C:\Program Files (x86)\Coupoon\UpdateCheck.exe run , Mis en quarantaine, [274291081872de580be50a6fb94c38c8]
PUP.Optional.Trovi.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6C438DF0-5837-497E-B432-DC12D6993E1E&SearchSource=58&CUI=&UM=8&UP=SPE68FC93B-EE17-432A-8F79-E633D24CD790&D=052915&q={searchTerms}&SSPV=SP22340TB_sp_ie, Mis en quarantaine, [3435f7a2563444f25588096a59ac09f7]
PUP.Optional.Conduit.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, Mis en quarantaine, [4e1b53468604d3638df7d90b4fb408f8]
PUP.Optional.Trovi.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, Mis en quarantaine, [74f5c2d7b6d4f640dc01066d5ea77888]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002095/DriverPro.exe, Mis en quarantaine, [db8e8613503aa5914458eb922dd8d729]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002095/LiveSupport.exe, Mis en quarantaine, [afba990021699a9c8f0d89f46a9b1be5]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-500\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softservers.net/121002095/DriverPro.exe, Mis en quarantaine, [2742afea1a70fa3c94085e1fce37c53b]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-500\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softservers.net/171002095/LiveSupport.exe, Mis en quarantaine, [1158b6e3f397f4429dff0d7030d548b8]

Donn�es du Registre: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-4062494307-3246254070-2255723313-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6C438DF0-5837-497E-B432-DC12D6993E1E&SearchSource=55&CUI=&UM=8&UP=SPE68FC93B-EE17-432A-8F79-E633D24CD790&D=052915&SSPV=SP22340TB_sp_ie, Bon: (www.google.com), Mauvais: (http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6C438DF0-5837-497E-B432-DC12D6993E1E&SearchSource=55&CUI=&UM=8&UP=SPE68FC93B-EE17-432A-8F79-E633D24CD790&D=052915&SSPV=SP22340TB_sp_ie),Remplac�,[2f3a5742addd1f17cfe41b09976f15eb]

Dossiers: 4
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare, Supprim�-au-red�marrage, [05643069ed9dc4722f676d10d23338c8],
PUP.Optional.OneSystemCare.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare, Mis en quarantaine, [0a5fb1e87317ea4c7126bebf858008f8],
PUP.Optional.OneSystemCare.A, C:\Users\Stéphane\AppData\Roaming\One System Care, Mis en quarantaine, [cc9ddcbd74163600010aa33ee61dc739],
PUP.Optional.OneSystemCare.A, C:\Users\Stéphane\AppData\Roaming\One System Care\WL, Mis en quarantaine, [cc9ddcbd74163600010aa33ee61dc739],

Fichiers: 20
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe, Supprim�-au-red�marrage, [d792d8c13d4ddc5a076bbab12bdb1ee2],
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe, Supprim�-au-red�marrage, [65049efb5634b185492902690ef833cd],
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare\OSCShellExtension.dll, Mis en quarantaine, [81e82b6e3852cd696a08f576e026c53b],
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare\Uninstaller.exe, Mis en quarantaine, [c5a49702f69490a6ea886704798d17e9],
PUP.Optional.BrowseFox, C:\Users\Stéphane\AppData\Local\Temp\nsz5847.tmp, Mis en quarantaine, [175291083f4bd75fa0e4b2af37cb0000],
PUP.Optional.CheckOffer, C:\Users\Stéphane\AppData\Local\Temp\nsmF6F7.tmp\nsCBHTML5.dll, Mis en quarantaine, [e089abee7614191d34d5dd850ff343bd],
PUP.Optional.Linkey.A, C:\Users\Stéphane\AppData\Local\Temp\is-Q7HO4.tmp\package_linkey_pariente_installer_multilang.exe, Mis en quarantaine, [1455d3c618723df92c24303aa75f9a66],
PUP.Optional.Tuto4PC.A, C:\Users\Stéphane\AppData\Local\Temp\is-02IBD.tmp\gentlemjmp_ieeuu.exe, Mis en quarantaine, [1752d5c4682282b409a6f07ac04615eb],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw64.sys, Mis en quarantaine, [6ffa4356711978bed1619676dd279a66],
PUP.Optional.SelectNGo.A, C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Supprim�-au-red�marrage, [a8c1b5e42e5cd0665874a573f014b54b],
PUP.Optional.SelectNGo.A, C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Supprim�-au-red�marrage, [97d22772147665d12f9d60b85fa559a7],
PUP.Optional.OneSystemCare.A, C:\Users\Public\Desktop\Launch One System Care.lnk, Mis en quarantaine, [e9803d5cd9b1df57f1a4710c01045aa6],
PUP.Optional.OneSystemCare.A, C:\Program Files (x86)\OneSystemCare\OneSystemCare.ini, Mis en quarantaine, [05643069ed9dc4722f676d10d23338c8],
PUP.Optional.OneSystemCare.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare\One System Care on the Web.url, Mis en quarantaine, [0a5fb1e87317ea4c7126bebf858008f8],
PUP.Optional.OneSystemCare.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare\Launch One System Care.lnk, Mis en quarantaine, [0a5fb1e87317ea4c7126bebf858008f8],
PUP.Optional.OneSystemCare.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare\Uninstall.lnk, Mis en quarantaine, [0a5fb1e87317ea4c7126bebf858008f8],
PUP.Optional.OneSystemCare.A, C:\Windows\System32\Tasks\One System CarePeriod, Mis en quarantaine, [8fda6732e9a1c1752a6e88f5798c42be],
PUP.Optional.OneSystemCare.A, C:\Windows\System32\Tasks\One System CareStartUp, Mis en quarantaine, [f7722c6dee9c94a21980443912f318e8],
PUP.Optional.OneSystemCare.A, C:\Windows\Tasks\One System CarePeriod.job, Mis en quarantaine, [145527726c1e181e4753dca102033ac6],
PUP.Optional.OneSystemCare.A, C:\Windows\Tasks\One System CareStartUp.job, Mis en quarantaine, [e8819efb94f672c4dfbcee8f84813fc1],

Secteurs physiques: 0
(Aucun �l�ment malicieux d�tect�)


(end)

Publicité


Signaler le contenu de ce document

Publicité