cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21-May-15
Scan Time: 2:09:05 AM
Logfile: wbm.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.20.06
Rootkit Database: v2015.05.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Exodus mage

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340492
Time Elapsed: 10 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [bd290a8b39516dc9005addff24dfda26],
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\WOW6432NODE\do-searchSoftware, , [17cfb4e1f496da5c0fdfcc5828dc649c],
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [bc2a53429eecad891c3e419b30d346ba],
PUP.Optional.DoSearch.A, HKU\S-1-5-21-2625522282-3014633528-3826679724-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [ba2c0392058568ce114a6a7219ea26da],

Registry Values: 3
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}, , [bd290a8b39516dc9005addff24dfda26]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}, , [bc2a53429eecad891c3e419b30d346ba]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-2625522282-3014633528-3826679724-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}, , [ba2c0392058568ce114a6a7219ea26da]

Registry Data: 12
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}, Good: (www.google.com), Bad: (http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}),,[02e4860f632794a29599dc489274c33d]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R, Good: (www.google.com), Bad: (http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R),,[c4227520e8a2fd39a787e93b7c8a0ff1]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R, Good: (www.google.com), Bad: (http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R),,[7c6af4a1d2b863d361cd0321b353da26]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}, Good: (www.google.com), Bad: (http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}),,[499db7de11795adca38bab7912f46c94]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[9a4cbdd8afdbeb4b779cb86c0ef854ac]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}, Good: (www.google.com), Bad: (http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}),,[9e48d0c5b7d3f2443df10321d531e11f]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R, Good: (www.google.com), Bad: (http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R),,[13d3266fd9b183b334fa78ac18ee14ec]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R, Good: (www.google.com), Bad: (http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R),,[3ea82b6a57337bbb270704208f7714ec]
PUP.Optional.DoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}, Good: (www.google.com), Bad: (http://do-search.com/web/?type=ds&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R&q={searchTerms}),,[5591b9dcaae0f046210d170de323fa06]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[bc2a97fe61295adcde35c3619d69c13f]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-2625522282-3014633528-3826679724-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R, Good: (www.google.com), Bad: (http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R),,[6b7b7c198bfff44274b750d421e50af6]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-2625522282-3014633528-3826679724-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R, Good: (www.google.com), Bad: (http://do-search.com/?type=hp&ts=1428876373&from=cor&uid=ST500LT012-9WS142_W0V1E21R),,[b92df4a1ccbe1422fc2fa57faa5c51af]

Folders: 3
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code, , [a1455342b4d601351ef5b521867d8b75],

Files: 28
PUP.Optional.AZLyrics.A, C:\Users\Exodus mage\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, , [9b4b0392424896a05cd49e51a261b44c],
PUP.Optional.AZLyrics.A, C:\Users\Exodus mage\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [39ad0b8a602a63d3c66a2ec15aa933cd],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\492.json, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\MessageBox.xml, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\un.ini, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\uninstallDlg2.xml, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\bg.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\bg1.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\bk_shadow.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\button.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\button1.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\checkbox.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\checkbox_select.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\checked.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\close.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\loading_bg.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\loading_light.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\min.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\scrollbar.bmp, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\Thumbs.db, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\unchecked.png, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code\code1.jpg, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code\code2.jpg, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code\code3.jpg, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code\code4.jpg, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code\code5.jpg, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code\code6.jpg, , [a1455342b4d601351ef5b521867d8b75],
PUP.Optional.DoSearch.A, C:\Users\Exodus mage\AppData\Roaming\do-search\images\code\Thumbs.db, , [a1455342b4d601351ef5b521867d8b75],

Physical Sectors: 0
(No malicious items detected)


(end)

Publicité


Signaler le contenu de ce document

Publicité