cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 17/04/2016
Heure de l'analyse: 21:19:29
Fichier journal: malware rapport.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.04.17.05
Base de données de rootkits: v2016.04.17.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows Vista Service Pack 2
Processeur: x86
Système de fichiers: NTFS
Utilisateur: geoffrey

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 396436
Temps écoulé: 20 min, 49 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 15
PUP.Optional.SweetPacks, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, En quarantaine, [7079109f2b6ef54147224a9d679b9070],
PUP.Optional.DVDVideoSoftTB, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{872b5b88-9db5-4310-bdd0-ac189557e5f5}, En quarantaine, [80697837f0a91a1c008503de12f0a060],
PUP.Optional.DVDVideoSoftTB, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}, En quarantaine, [80697837f0a91a1c008503de12f0a060],
PUP.Optional.SearchQu, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, En quarantaine, [53964d622574ef470c6f329033cfe21e],
PUP.Optional.SearchQu, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, En quarantaine, [53964d622574ef470c6f329033cfe21e],
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D717F81-9148-4F12-8568-69135F087DB0}, En quarantaine, [9455535c2376bf774a285b9655ad38c8],
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D717F81-9148-4F12-8568-69135F087DB0}, En quarantaine, [9455535c2376bf774a285b9655ad38c8],
PUP.Optional.SweetPacks, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35B-6118-11DC-9C72-001320C79847}, En quarantaine, [5495ebc4f7a2221494d4b1369e64a759],
PUP.Optional.SweetPacks, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35B-6118-11DC-9C72-001320C79847}, En quarantaine, [5495ebc4f7a2221494d4b1369e64a759],
PUP.Optional.SweetPacks, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, En quarantaine, [f8f13a75d0c9cd69fc827d458280b54b],
PUP.Optional.SweetPacks, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, En quarantaine, [f8f13a75d0c9cd69fc827d458280b54b],
PUP.Optional.DataMngr.AppFlsh, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\Datamngr, En quarantaine, [3dac2e814851979ff28a127b01036997],
PUP.Optional.SearchResults, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, En quarantaine, [f5f4c8e778210e28ad52ff4219ebc838],
Hijack.Zones, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\ , En quarantaine, [1bce307fc6d3350165d571419073b947],
PUP.Optional.Conduit, HKU\S-1-5-21-92122429-2772200973-3706499427-1002\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, En quarantaine, [66838c23efaa1b1bbe867aa23dc79b65],

Valeurs du Registre: 5
PUP.Optional.DVDVideoSoftTB, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{872B5B88-9DB5-4310-BDD0-AC189557E5F5}, En quarantaine, [80697837f0a91a1c008503de12f0a060],
PUP.Optional.DVDVideoSoftTB, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{872b5b88-9db5-4310-bdd0-ac189557e5f5}, En quarantaine, [f3f68b249504ed49434281609c662cd4],
PUP.Optional.SearchResults, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}, En quarantaine, [f5f4c8e778210e28ad52ff4219ebc838]
PUP.Optional.SearchQu, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=406&qu={searchTerms}&ft=json, En quarantaine, [b8316a455e3bb0864ab0b1902dd7b848]
PUP.Optional.SweetIM, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}|URL, http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10015, En quarantaine, [5e8bb7f8425744f2852e0c3cca3a8779]

Données du Registre: 1
PUP.Optional.Conduit, HKU\S-1-5-21-92122429-2772200973-3706499427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://search.conduit.com?SearchSource=10&CUI=UN37635251891361520&ctid=CT2269050, Bon : (www.google.com), Mauvais : (http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://search.conduit.com?SearchSource=10&CUI=UN37635251891361520&ctid=CT2269050),Remplacé,[a841e8c74e4b60d67e761523966f0ef2]

Dossiers: 4
PUP.Optional.Conduit, C:\Program Files\NCH_FR, En quarantaine, [9c4deac5f2a7a195b28e36d705fea35d],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\LocalLow\NCH_FR, En quarantaine, [698077384455ca6c2523d13c73903ec2],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\LocalLow\NCH_FR\Logs, En quarantaine, [698077384455ca6c2523d13c73903ec2],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2801939, En quarantaine, [edfc1e912b6ee2545207eb7c1de8e51b],

Fichiers: 67
PUP.Optional.SmartBar, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\Smartbar.Installer.Mini.exe, En quarantaine, [31b8eac5b5e41026e8ea7cb1bc44817f],
PUP.Optional.SweetIM, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\simupdater.exe, En quarantaine, [a742515e673242f404481a37867f06fa],
PUP.Optional.ConduitTB.Gen, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\tbDVDV.dll, En quarantaine, [8a5fa30c5445cf67e7ec0e4acc39d42c],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\FileConverter_1.5.exe, En quarantaine, [99506f4080194de9896c71db4ab728d8],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\nsh7940.exe, En quarantaine, [b237d2dd7b1e5adce90d5fed08f904fc],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\nssF0F0.exe, En quarantaine, [0bde2887732640f6a650f15be31ecd33],
PUP.Optional.SweetIM, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\simboapp.exe, En quarantaine, [f4f5723d8415bc7ab29a7ed363a2728e],
PUP.Optional.ConduitTB.Gen, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\tbWin2.dll, En quarantaine, [faefbbf4e9b04ceadef5b3a58d78d22e],
PUP.Optional.SweetIM, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\toolbar_vit_sweetim.exe, En quarantaine, [17d21c93f7a285b10f3dd77a63a26799],
PUP.Optional.Nosibay, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\UNT32C4.tmp.exe, En quarantaine, [9e4b545b811883b31554f666ab5a916f],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\uttFD25.tmp.exe, En quarantaine, [8069d3dc9efb6dc9af4455f746bb43bd],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\SearchProtect\bin\ChromeModule.dll, En quarantaine, [de0b7d32bedbbf77599d73d97091b050],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\SearchProtect\bin\FirefoxModule.dll, En quarantaine, [41a8743b9cfdc0763bbbad9f49b827d9],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\SearchProtect\bin\InternetExplorerModule.dll, En quarantaine, [c722dad5aaef83b3f600f953b44d758b],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\SearchProtect\bin\SPHook32.dll, En quarantaine, [8c5d0da2edaceb4b76807fcd14ed7888],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Roaming\ZHP\Quarantine\SearchProtect\bin\uninstall.exe, En quarantaine, [6089505f4059af8795610b4180813cc4],
PUP.Optional.ConduitTB.Gen, C:\Program Files\NCH_FR\ldrtbNCH_.dll, En quarantaine, [8f5a525d3b5e48eef4dfa2b611f42ad6],
PUP.Optional.ConduitTB, C:\Program Files\NCH_FR\NCH_FRToolbarHelper.exe, En quarantaine, [32b7b5fa09907bbb0e6af316ac56b947],
PUP.Optional.ConduitTB.Gen, C:\Program Files\NCH_FR\prxtbNCH_.dll, En quarantaine, [8762515e1485e5512ba806524abbbe42],
PUP.Optional.ConduitTB.Gen, C:\Program Files\NCH_FR\tbNCH_.dll, En quarantaine, [17d20fa04c4dae887162ef6945c0fe02],
PUP.Optional.SweetIM, C:\Users\geoffrey\AppData\Local\Temp\{2D214010-A3AC-44C2-9494-F1B2798FB24B}\UpdateManagerSetup.msi, En quarantaine, [cc1dad022d6c1620b19bc48d0cf924dc],
PUP.Optional.CrossRider, C:\Users\geoffrey\AppData\Local\Temp\Stub\-1887108391\cr.exe, En quarantaine, [ecfd56593762b77fd4b0e3dbbc44fa06],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsa281B.tmp\Helper.dll, En quarantaine, [35b4a8073d5cb4828d3eb7a9b550f40c],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsa281B.tmp\Starter.exe, En quarantaine, [70796c43f7a2cd690bc0411fab5a619f],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsa90E.tmp\Helper.dll, En quarantaine, [88618926fb9e3105bb1076eac04549b7],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsa90E.tmp\Starter.exe, En quarantaine, [618800af2e6b56e000cb60009f6654ac],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsg209D.tmp\Helper.dll, En quarantaine, [8a5fe6c9a9f00630fdce0f51d72eca36],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsg209D.tmp\Starter.exe, En quarantaine, [4d9c8a25e2b758de408b17495aab6b95],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\Prism-5968-1\toolbarinstall.exe, En quarantaine, [cd1cc6e91f7a92a4be3129ef4bb755ab],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\nshDA0.tmp\BI.exe, En quarantaine, [1ecbb5fa8811fb3bfef1978141c1c33d],
PUP.Optional.OpenCandy, C:\Users\geoffrey\AppData\Local\Temp\nshDA0.tmp\OCSetupHlp.dll, En quarantaine, [46a3119ee2b77cba52153a170500df21],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsl718B.tmp\Helper.dll, En quarantaine, [2abf4f600099cc6aaf1c69f738cda25e],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\nsl718B.tmp\Starter.exe, En quarantaine, [5d8cd3dc0e8ba98d17b469f7e025ed13],
PUP.Optional.OpenCandy, C:\Users\geoffrey\AppData\Local\Temp\nslC9BD.tmp\OCSetupHlp.dll, En quarantaine, [638636791f7ac3732047fa57ed183ac6],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\nslC9BD.tmp\BI\BI.exe, En quarantaine, [6881a50a7a1f0c2a14db7f99cf3350b0],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\nsm9AF1.tmp\BI.exe, En quarantaine, [fdec307f4e4b3600f2fddb3d17eb9f61],
PUP.Optional.OpenCandy, C:\Users\geoffrey\AppData\Local\Temp\nsm9AF1.tmp\OCSetupHlp.dll, En quarantaine, [61889a15d0c9f6401c4bbe938f7635cb],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2269050\ieLogic.exe, En quarantaine, [36b3b4fb0693e84e4fa0c553c73bf709],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2269050\statisticsStub.exe, En quarantaine, [e2070aa50990c175c5287dcf32cfbb45],
PUP.Optional.OpenCandy, C:\Users\geoffrey\AppData\Local\Temp\nsg5BF6.tmp\OCSetupHlp.dll, En quarantaine, [35b48a253960fb3bf86f8dc40df8b749],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\nsg5BF6.tmp\BI\BI.exe, En quarantaine, [b237bef1b6e306304ca30315f50dbc44],
PUP.Optional.CrossRider, C:\Users\geoffrey\AppData\Local\Temp\nso6BA8.tmp\trtextsetup.exe, En quarantaine, [7079307f772294a22f79d50c3cc4fd03],
PUP.Optional.Bandoo, C:\Users\geoffrey\AppData\Local\Temp\DTX\Reporting\ReportingHelper.dll, En quarantaine, [fbee7f30abeebb7bcc8f5d01bc499e62],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2801939\ctbe.exe, En quarantaine, [5b8edcd3fa9fb581cf2076a2be44e41c],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2801939\ieLogic.exe, En quarantaine, [47a2c6e96c2dc76fa847170116ec817f],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2801939\statisticsStub.exe, En quarantaine, [f6f3c4eb11885bdb529b4efe837e7b85],
PUP.Optional.Bandoo, C:\Windows\Temp\286278e4\patch_ff.exe, En quarantaine, [1fca426d8e0b5cdac803e878689d3cc4],
PUP.Optional.Bandoo, C:\Windows\Temp\f6026a98\patch_ff.exe, En quarantaine, [e00928879efba4929c2f4020f80d649c],
PUP.Optional.Bandoo, C:\Windows\Temp\fa155bea\SetupDataMngr_iLivid.exe, En quarantaine, [f8f1535ca0f985b1e3e870f02bdac33d],
PUP.Optional.Bandoo, C:\Windows\Temp\fd182275\patch_ff.exe, En quarantaine, [6b7e7d32badfdc5af8d3550be124a759],
PUP.Optional.Ilivid, C:\Windows\Temp\7d723e4b\SetupDataMngr_iLivid.exe, En quarantaine, [a7421d92099060d6bb1111e0eb15da26],
PUP.Optional.Bandoo, C:\Windows\Temp\9d5f1131\SetupDataMngr_iLivid.exe, En quarantaine, [2abf317ec4d5d264b01b0c541bea10f0],
PUP.Optional.Ilivid, C:\Windows\Temp\d2055a93\SetupDataMngr_iLivid.exe, En quarantaine, [1bce4f6002971422824a35bc45bb669a],
PUP.Optional.Bandoo, C:\Windows\Temp\d5362349\SetupDataMngr_iLivid.exe, En quarantaine, [e603d8d7841585b14f7c1d4307fe827e],
PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\73992920, En quarantaine, [12d7159af4a505310a6bf5a0d034936d],
PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\77576340, En quarantaine, [32b7ded1ddbcf83e93e2e2b34cb8867a],
PUP.Optional.Conduit, C:\Program Files\NCH_FR\GottenAppsContextMenu.xml, En quarantaine, [9c4deac5f2a7a195b28e36d705fea35d],
PUP.Optional.Conduit, C:\Program Files\NCH_FR\OtherAppsContextMenu.xml, En quarantaine, [9c4deac5f2a7a195b28e36d705fea35d],
PUP.Optional.Conduit, C:\Program Files\NCH_FR\SharedAppsContextMenu.xml, En quarantaine, [9c4deac5f2a7a195b28e36d705fea35d],
PUP.Optional.Conduit, C:\Program Files\NCH_FR\toolbar.cfg, En quarantaine, [9c4deac5f2a7a195b28e36d705fea35d],
PUP.Optional.Conduit, C:\Program Files\NCH_FR\ToolbarContextMenu.xml, En quarantaine, [9c4deac5f2a7a195b28e36d705fea35d],
PUP.Optional.Conduit, C:\Program Files\NCH_FR\uninstall.exe, En quarantaine, [9c4deac5f2a7a195b28e36d705fea35d],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\LocalLow\NCH_FR\ldrtbNCH_.dll, En quarantaine, [698077384455ca6c2523d13c73903ec2],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\LocalLow\NCH_FR\tbNCH_.dll, En quarantaine, [698077384455ca6c2523d13c73903ec2],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\LocalLow\NCH_FR\toolbar.cfg, En quarantaine, [698077384455ca6c2523d13c73903ec2],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2801939\setup.ini.txt, En quarantaine, [edfc1e912b6ee2545207eb7c1de8e51b],
PUP.Optional.Conduit, C:\Users\geoffrey\AppData\Local\Temp\ct2801939\chromeid.txt, En quarantaine, [edfc1e912b6ee2545207eb7c1de8e51b],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité