Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'analyse: 12/10/2015
Heure de l'analyse: 23:30
Fichier journal: virus malwarebytes.txt
Administrateur: Oui
Version: 2.2.0.1024
Base de données de programmes malveillants: v2015.10.12.03
Base de données de rootkits: v2015.10.06.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Savoie Jm
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 456058
Temps écoulé: 16 min, 6 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Désactivé
Rootkits: Activé
Heuristique: Désactivé
PUP: Activé
PUM: Activé
Processus: 0
(Aucun élément malveillant détecté)
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 9
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AF4AB12-1B14-4E07-9B5B-151502DEBC70}, , [7e95e86e6724d85e3ac00d9eac58ec14],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\conduitEngine, , [4bc8d284cbc01b1bab7cfb99fa0af20e],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\APPDATALOW\SOFTWARE\conduitEngine, , [6da61244c4c7be788a9cfe9612f29967],
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}, , [888b65f167245fd7dd6fe9c406fe669a],
Valeurs du Registre: 6
PUP.Optional.SweetPacks, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [51c2e3733a5141f58cfe57aa0af99d63],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EEE6C35B-6118-11DC-9C72-001320C79847}, ????????, , [51c2e3733a5141f58cfe57aa0af99d63]
PUP.Optional.CrossRider, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6af4ab12-1b14-4e07-9b5b-151502debc70}|AppName, Plus-HD-2.5-buttonutil.exe, , [7e95e86e6724d85e3ac00d9eac58ec14]
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|DisplayName, default-search.net, , [888b65f167245fd7dd6fe9c406fe669a]
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|URL, http://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12791&tm=359&src=ds&p={searchTerms}, , [c44f391daae154e21636e4c9e91b8878]
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|SuggestionsURL_JSON, http://www.default-search.net?sid=476&aid=125&itype=a&ver=12791&tm=359&src=ds&p={searchTerms}&ft=json, , [f91aafa72863082ece7edad35ca8f60a]
Données du Registre: 0
(Aucun élément malveillant détecté)
Dossiers: 0
(Aucun élément malveillant détecté)
Fichiers: 18
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\FreecorderToolbarHelper1.exe, , [cc4773e3602bfa3caed88acce020f20e],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\hk64tbFre0.dll, , [fc172333593270c6c578e9431ee28977],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\hktbFre0.dll, , [27ec20362d5ef0467fbee844827e2bd5],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\ldrtbFre0.dll, , [ec274d0948435bdb5ce1032914ec21df],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\tbFre0.dll, , [17fc0e489cefda5c5ce152daad5336ca],
PUP.Optional.ConduitTB.Gen, C:\Program Files (x86)\Freecorder\tbFree.dll, , [5eb565f15734ef47f27911b5df26a55b],
Spyware.Passwords, C:\Windows\SysWOW64\ALZZip.BIN, , [060d2d294e3d4aec3cd82354d22e37c9],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hk64tbFre0.dll, , [43d046107d0e2c0a45aa88a4778a2dd3],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hk64tbFre2.dll, , [ed261a3c28630135727da78524dd7090],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hktbFre0.dll, , [a66dff57c0cb8aac955a71bbe21ff30d],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hktbFre2.dll, , [f71c35216a2126105f90270544bd8878],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\ldrtbFre0.dll, , [040f3c1a7516b680737cfd2f2ad727d9],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\ldrtbFre2.dll, , [fe15c98de9a21a1c57980c208f727888],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\prxtbFre0.dll, , [9d7693c3a7e4e551985744e8ee134cb4],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\prxtbFre2.dll, , [2ce76fe7f299ca6c7976949829d8cc34],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\tbFre0.dll, , [42d162f4107bfb3b16d9ab81966bd927],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\tbFre1.dll, , [f71ce47227649d9948a7b676c53caa56],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\tbFre2.dll, , [a66de6700487072faa4584a8a85948b8],
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)
www.malwarebytes.org
Date de l'analyse: 12/10/2015
Heure de l'analyse: 23:30
Fichier journal: virus malwarebytes.txt
Administrateur: Oui
Version: 2.2.0.1024
Base de données de programmes malveillants: v2015.10.12.03
Base de données de rootkits: v2015.10.06.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Savoie Jm
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 456058
Temps écoulé: 16 min, 6 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Désactivé
Rootkits: Activé
Heuristique: Désactivé
PUP: Activé
PUM: Activé
Processus: 0
(Aucun élément malveillant détecté)
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 9
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0903B3D2-77C8-4AAB-94B2-50D1C4303C67}, , [5eb565f15734ef47f27911b5df26a55b],
PUP.Optional.CrossRider, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6AF4AB12-1B14-4E07-9B5B-151502DEBC70}, , [7e95e86e6724d85e3ac00d9eac58ec14],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\conduitEngine, , [4bc8d284cbc01b1bab7cfb99fa0af20e],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\APPDATALOW\SOFTWARE\conduitEngine, , [6da61244c4c7be788a9cfe9612f29967],
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}, , [888b65f167245fd7dd6fe9c406fe669a],
Valeurs du Registre: 6
PUP.Optional.SweetPacks, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EEE6C35B-6118-11DC-9C72-001320C79847}, , [51c2e3733a5141f58cfe57aa0af99d63],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EEE6C35B-6118-11DC-9C72-001320C79847}, ????????, , [51c2e3733a5141f58cfe57aa0af99d63]
PUP.Optional.CrossRider, HKU\S-1-5-21-3470606961-1956297705-624639543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6af4ab12-1b14-4e07-9b5b-151502debc70}|AppName, Plus-HD-2.5-buttonutil.exe, , [7e95e86e6724d85e3ac00d9eac58ec14]
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|DisplayName, default-search.net, , [888b65f167245fd7dd6fe9c406fe669a]
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|URL, http://www.default-search.net/search?sid=476&aid=125&itype=a&ver=12791&tm=359&src=ds&p={searchTerms}, , [c44f391daae154e21636e4c9e91b8878]
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-3470606961-1956297705-624639543-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}|SuggestionsURL_JSON, http://www.default-search.net?sid=476&aid=125&itype=a&ver=12791&tm=359&src=ds&p={searchTerms}&ft=json, , [f91aafa72863082ece7edad35ca8f60a]
Données du Registre: 0
(Aucun élément malveillant détecté)
Dossiers: 0
(Aucun élément malveillant détecté)
Fichiers: 18
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\FreecorderToolbarHelper1.exe, , [cc4773e3602bfa3caed88acce020f20e],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\hk64tbFre0.dll, , [fc172333593270c6c578e9431ee28977],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\hktbFre0.dll, , [27ec20362d5ef0467fbee844827e2bd5],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\ldrtbFre0.dll, , [ec274d0948435bdb5ce1032914ec21df],
PUP.Optional.Conduit, C:\Program Files (x86)\Freecorder\tbFre0.dll, , [17fc0e489cefda5c5ce152daad5336ca],
PUP.Optional.ConduitTB.Gen, C:\Program Files (x86)\Freecorder\tbFree.dll, , [5eb565f15734ef47f27911b5df26a55b],
Spyware.Passwords, C:\Windows\SysWOW64\ALZZip.BIN, , [060d2d294e3d4aec3cd82354d22e37c9],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hk64tbFre0.dll, , [43d046107d0e2c0a45aa88a4778a2dd3],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hk64tbFre2.dll, , [ed261a3c28630135727da78524dd7090],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hktbFre0.dll, , [a66dff57c0cb8aac955a71bbe21ff30d],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\hktbFre2.dll, , [f71c35216a2126105f90270544bd8878],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\ldrtbFre0.dll, , [040f3c1a7516b680737cfd2f2ad727d9],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\ldrtbFre2.dll, , [fe15c98de9a21a1c57980c208f727888],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\prxtbFre0.dll, , [9d7693c3a7e4e551985744e8ee134cb4],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\prxtbFre2.dll, , [2ce76fe7f299ca6c7976949829d8cc34],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\tbFre0.dll, , [42d162f4107bfb3b16d9ab81966bd927],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\tbFre1.dll, , [f71ce47227649d9948a7b676c53caa56],
PUP.Optional.ClientConnect, C:\Users\Savoie Jm\AppData\Local\Freecorder\tbFre2.dll, , [a66de6700487072faa4584a8a85948b8],
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)