cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 21-06-2015
Heure de l'examen: 14:34:55
Fichier journal: MbAM ScanLog3.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de données Malveillants: v2015.06.21.04
Base de données Rootkits: v2015.06.15.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows XP Service Pack 3
Processeur: x86
Système de fichiers: NTFS
Utilisateur: moi

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 503036
Temps écoulé: 44 min, 5 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(Aucun élément malicieux détecté)

Modules: 0
(Aucun élément malicieux détecté)

Clés du Registre: 5
PUP.Optional.Snapdo.T, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Mis en quarantaine, [71e7bffec3c77db9b571d7d9c73c3fc1],
PUP.Optional.Snapdo.T, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Mis en quarantaine, [71e7bffec3c77db9b571d7d9c73c3fc1],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-1844237615-2049760794-682003330-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Mis en quarantaine, [71e7bffec3c77db9b571d7d9c73c3fc1],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE, Mis en quarantaine, [c29628952a600531a247ba0f877d9b65],
PUP.Optional.SmartBar.A, HKU\S-1-5-21-1844237615-2049760794-682003330-1003\SOFTWARE\SMARTBAR, Mis en quarantaine, [bb9d516ca1e979bdaacbd4be63a2f50b],

Valeurs du Registre: 4
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE|Debugger, StripMyRights.exe /D, Mis en quarantaine, [c29628952a600531a247ba0f877d9b65]
PUP.Optional.SnapDo.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Mis en quarantaine, [3721635ad3b761d5f0fbc9c1ea1b9a66]
PUP.Optional.SnapDo.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Mis en quarantaine, [7eda5c6177135ed83caf3555bb4aac54]
PUP.Optional.SmartBar.A, HKU\S-1-5-21-1844237615-2049760794-682003330-1003\SOFTWARE\SMARTBAR|GlobalUserId, 15f9a7a1-dea0-d31c-8e50-16d7d28e3a8b, Mis en quarantaine, [bb9d516ca1e979bdaacbd4be63a2f50b]

Données du Registre: 12
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[67f18835dbafe65066b05ce94abc47b9]
PUP.Optional.SnapDo.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=hp&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=hp&installDate=04/12/2013),Remplacé,[80d89e1fd3b7f4424ec748f77b8b7e82]
PUP.Optional.SnapDo.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013),Remplacé,[3721803d7e0ce452a0750b34788e50b0]
PUP.Optional.SnapDo.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013),Remplacé,[ea6ec3fa5c2eae88fd180a354bbb50b0]
PUP.Optional.SnapDo.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013),Remplacé,[88d0e6d78ffba98d997bc27d9076b34d]
PUP.Optional.SnapDo.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=hp&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=hp&installDate=04/12/2013),Remplacé,[ed6bffbe26641f174cc9221d679f619f]
PUP.Optional.SnapDo.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013),Remplacé,[1c3cdfdeb0da5adca86d73cc28de659b]
PUP.Optional.SnapDo.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013),Remplacé,[56029d201575ed4943d25ee137cf9868]
PUP.Optional.SnapDo.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013, Bon: (www.google.com), Mauvais: (http://feed.snapdo.com/?publisher=Vittalia&dpid=Vittalia&co=CA&userid=1d2fc9fd-0365-7f68-fafc-cdffe857c69b&searchtype=ds&q={searchTerms}&installDate=04/12/2013),Remplacé,[c692a21b1872de58b46043fc21e519e7]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1844237615-2049760794-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowControlPanel, 0, Bon: (1), Mauvais: (0),Remplacé,[70e8ebd2bfcbe4523e505aec09fd5da3]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1844237615-2049760794-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Bon: (1), Mauvais: (0),Remplacé,[391fa7163c4eb87ed6ba083e808656aa]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1844237615-2049760794-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowRun, 0, Bon: (1), Mauvais: (0),Remplacé,[8dcbf8c5e5a5ef4700920a3c49bd9a66]

Dossiers: 5
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Artifacts, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Logs, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],

Fichiers: 42
PUP.Optional.MultiPlug, C:\RECYCLER\S-1-5-21-1844237615-2049760794-682003330-1003\Dc179.exe, Mis en quarantaine, [e474e7d6206af73fc7c222336b977f81],
PUP.Optional.DownloadAdmin, C:\RECYCLER\S-1-5-21-73586283-413027322-1606980848-1003\Dc57.exe, Mis en quarantaine, [2137bffef29864d240efd59459a9c33d],
PUP.Optional.InstallCore.A, C:\Documents and Settings\moi\Local Settings\Temp\ICReinstall_wipsetup.exe, Mis en quarantaine, [1543c0fd6e1c0333da87fa708181c63a],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\{74d4f693-67cb-c8d1-74d4-4f69367cda4d}\Fringe.S04E22.HDTV.XviD-playXD.exe, Mis en quarantaine, [f8604f6efe8c2b0bf1988fc66b971de3],
PUP.Optional.VIT, C:\Documents and Settings\moi\Local Settings\Application Data\Temp\0743Installer.exe, Mis en quarantaine, [eb6ddedfee9c8ea8ac0cf756b54c31cf],
PUP.Optional.VIT, C:\Documents and Settings\moi\Local Settings\Application Data\Temp\76daInstaller.exe, Mis en quarantaine, [5dfb4a7378124de96a4e3b1209f8cf31],
PUP.Optional.InstallCore.A, C:\Documents and Settings\moi\Bureau\Instaler\cachm790.exe, Mis en quarantaine, [d682b8051773023443179adbbe4418e8],
PUP.Optional.WOffer.A, C:\Documents and Settings\moi\Application Data\WOffer.boostrap.log, Mis en quarantaine, [b1a74d705337c86ee395f4113bc9629e],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\moi\Bureau\Registry Reviver.lnk, Mis en quarantaine, [2a2e02bbc3c773c3c576266c4db86d93],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\moi\Bureau\\Registry Reviver.lnk, Mis en quarantaine, [3f1934897119a6903efd157d699cad53],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Bulgarian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Croatian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Czech.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Danish.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Dutch.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\English.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Finnish.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\French.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\German.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Greek.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Hungarian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Indonesian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Italian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Japanese.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Korean.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Norwegian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Polish.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Portuguese.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Romanian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Russian.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\SimpChinese.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Spanish.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Swedish.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Thai.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\TradChinese.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\Language\Turkish.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Settings.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Artifacts\additionalHeaders.txt, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Artifacts\lastRequest.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Artifacts\lastResponse.xml, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Logs\app.log, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],
PUP.Optional.RegistryReviver.A, C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\S-1-5-21-1844237615-2049760794-682003330-1003\Logs\logRegScan.log, Mis en quarantaine, [342405b86b1fbd792b10a84c12f1be42],

Secteurs physiques: 0
(Aucun élément malicieux détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité