Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 05/05/2014
Heure de l'examen: 18:51:39
Fichier journal: journal examen.txt
Administrateur: Oui

Version: 2.00.1.1004
Base de données Malveillants: v2014.05.05.09
Base de données Rootkits: v2014.03.27.01
Licence: Essai
Protection contre les malveillants: Activé(e)
Protection contre les sites Web malveillants: Activé(e)
Chameleon: Désactivé(e)

Système d'exploitation: Windows XP Service Pack 3
Processeur: x86
Système de fichiers: NTFS
Utilisateur: Administrateur

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 264456
Temps écoulé: 10 min, 52 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Examen approfondi Rootkits: Activé(e)
Shuriken: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Clés du Registre: 1
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Freeven pro 1.2, Mis en quarantaine, [837d7b856c9410f0b70b5d2240c27888], 

Valeurs du Registre: 4
Hijack.ControlPanelStyle, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Mis en quarantaine, [cb35f30d669a0ff19bc830cef90926da]
Hijack.ControlPanelStyle, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Mis en quarantaine, [0bf54db3847c4eb2b0b3e41ab64c669a]
Hijack.ControlPanelStyle, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Mis en quarantaine, [d12f6b958977768ac2a1bb4352b033cd]
Hijack.ControlPanelStyle, HKU\S-1-5-21-776561741-1275210071-682003330-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, Mis en quarantaine, [847c15eb1be58080125146b8a55d40c0]

Données du Registre: 21
PUM.Disabled.SecurityCenter, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[41bf5ea2b749aa5661d375c00004b54b]
PUM.Disabled.SecurityCenter, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[e9174db32cd44cb454e17abb11f37c84]
PUM.Disabled.SecurityCenter, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[c33de21e1ee25ea2dc5a4bea9470fd03]
PUM.Hijack.StartMenu, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Bon: (1), Mauvais: (0),Remplacé,[817f5aa6a9577e82d0e380b633d1f010]
PUM.Hijack.Help, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Bon: (0), Mauvais: (1),Remplacé,[0cf4f70947b906faa2c31124da2a36ca]
PUM.Disabled.SecurityCenter, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[97690af6d030639db57fdf564aba0000]
PUM.Disabled.SecurityCenter, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[11efb947ee120ef2fa3b0134be46d927]
PUM.Disabled.SecurityCenter, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[ea1615ebd62a649ca09671c4e91b59a7]
PUM.Hijack.StartMenu, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Bon: (1), Mauvais: (0),Remplacé,[25db48b852ae966af4bf30062ada0000]
PUM.Hijack.Help, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Bon: (0), Mauvais: (1),Remplacé,[c040659b2ed20df3fc692c09e1232fd1]
PUM.Hijack.Drives, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoDrives, 1, Bon: (0), Mauvais: (1),Remplacé,[5ea2ae528c745ea2014d86af41c3718f]
PUM.Disabled.SecurityCenter, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[57a9d82805fb7a864be93afb867e36ca]
PUM.Disabled.SecurityCenter, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[6b955fa19a66d52b42f3dd5837cd6a96]
PUM.Disabled.SecurityCenter, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[d9278e72f01008f873c347eea85c758b]
PUM.Hijack.StartMenu, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Bon: (1), Mauvais: (0),Remplacé,[12ee20e01de317e92a89999d8e76e31d]
PUM.Hijack.Help, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Bon: (0), Mauvais: (1),Remplacé,[39c73fc1758b0ff1d194b283f2124fb1]
PUM.Disabled.SecurityCenter, HKU\S-1-5-21-776561741-1275210071-682003330-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[976908f857a934cc0c286cc940c411ef]
PUM.Disabled.SecurityCenter, HKU\S-1-5-21-776561741-1275210071-682003330-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[32ce38c899676a965adb5ed7e71d6c94]
PUM.Disabled.SecurityCenter, HKU\S-1-5-21-776561741-1275210071-682003330-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Bon: (0), Mauvais: (1),Remplacé,[ec14d42cda26ed1383b3a392de268977]
PUM.Hijack.StartMenu, HKU\S-1-5-21-776561741-1275210071-682003330-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Bon: (1), Mauvais: (0),Remplacé,[8b757b850bf523dd70437bbb0df753ad]
PUM.Hijack.Help, HKU\S-1-5-21-776561741-1275210071-682003330-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Bon: (0), Mauvais: (1),Remplacé,[4bb507f93ec246babbaa0f26af55ed13]

Dossiers: 3
Trojan.Siredef.C, C:\RECYCLER\S-1-5-21-776561741-1275210071-682003330-500\$fc5dfbfe9ebecb4581fac7fdbb93a0dc\U, Mis en quarantaine, [e41c09f724dc9e629d2da35d58a8718f], 
Trojan.Siredef.C, C:\RECYCLER\S-1-5-21-776561741-1275210071-682003330-500\$fc5dfbfe9ebecb4581fac7fdbb93a0dc\L, Mis en quarantaine, [f808eb1577896a968f3d0df309f7817f], 
Trojan.Siredef.C, C:\RECYCLER\S-1-5-21-776561741-1275210071-682003330-500\$fc5dfbfe9ebecb4581fac7fdbb93a0dc, Mis en quarantaine, [d927857b47b9738de9e433cd9a66ac54], 

Fichiers: 6
PUP.Optional.NextInt, D:\Documents and Settings\Administrateur\Mes documents\Downloads\Setup_ClearProg_1.6.0_Final (1).exe, Mis en quarantaine, [867adb25b14fea16b2164ae48b79db25], 
PUP.Optional.NextInt, D:\Documents and Settings\Administrateur\Mes documents\Downloads\Setup_ClearProg_1.6.0_Final.exe, Mis en quarantaine, [6898d729fb050bf57a4e69c550b4b44c], 
Trojan.Siredef.C, C:\RECYCLER\S-1-5-21-776561741-1275210071-682003330-500\$fc5dfbfe9ebecb4581fac7fdbb93a0dc\@, Mis en quarantaine, [25db44bcc43c36ca7d4a788816eab24e], 
PUP.Optional.NextInt, C:\Documents and Settings\Administrateur\Local Settings\Temp\ICReinstall_Setup_ClearProg_1.6.0_Final (1).exe, Mis en quarantaine, [b64abe4207f958a8497f06286c987c84], 
PUP.Optional.NextInt, C:\Documents and Settings\Administrateur\Local Settings\Temp\ICReinstall_Setup_ClearProg_1.6.0_Final.exe, Mis en quarantaine, [43bd9070e917b44ca424e7471fe519e7], 
Heuristics.Reserved.Word.Exploit, D:\Documents and Settings\Administrateur\Mes documents\Downloads\winlogon.exe, Mis en quarantaine, [0df30ef2b54b54ac8ce92a1161a318e8], 

Secteurs physiques: 0
(No malicious items detected)


(end)