Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'examen: 24/08/2014
Heure de l'examen: 17:28:44
Fichier journal: malware.txt
Administrateur: Oui
Version: 2.00.2.1012
Base de donn�es Malveillants: v2014.08.24.03
Base de donn�es Rootkits: v2014.08.21.01
Licence: Essai
Protection contre les malveillants: Activ�(e)
Protection contre les sites Web malveillants: Activ�(e)
Self-protection: D�sactiv�(e)
Syst�me d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: Schukka
Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 419199
Temps �coul�: 13 min, 8 sec
M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: D�sactiv�(e)
Heuristics: Activ�(e)
PUP: Avertir
PUM: Activ�(e)
Processus: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Cl�s du Registre: 4
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [98cbfdcd483387afbbf5f24616eeb54b],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [c2a12aa098e379bd1c826187e022e51b],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [1a49f5d590eb2f07753bb97f0301ca36],
PUP.Optional.Qone8, HKU\S-1-5-21-1365627989-1550815974-3705189505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [abb876542c4f2412911e4bedbf456e92],
Valeurs du Registre: 1
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Schukka\AppData\Roaming\Mozilla\Firefox\Profiles\z3x46fhb.default\extensions\faststartff@gmail.com, , [263d8e3c3348ba7cae94d9738b79a35d]
Donn�es du Registre: 9
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (Chrome.exe), Mauvais: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[fc67963497e4c4721052f4df27ddab55]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[bfa4a3273546d85ed484d201e51fc838]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[2a3924a62c4fc472076a29b54abad62a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (Chrome.exe), Mauvais: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[d88bbb0ff08b49ed085a1eb52ada05fb]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[2043e5e55d1ea3931345c40f27ddb947]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms}),,[8fd4c7030f6ce650f46252818282b24e]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[baa9428892e9d066272dd4ff6b99b947]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[c89b6268c4b7cf673c359c42ae565da3]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1365627989-1550815974-3705189505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[075c9c2ec5b63501cf8ac40fad576898]
Dossiers: 0
(No malicious items detected)
Fichiers: 4
Hacktool.Agent, C:\Users\Schukka\AppData\Roaming\ZHP\Quarantine\windows loader.exe.VIR, , [cd969535403b93a359d926301be65da3],
PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, , [194ad0fabac123139d36f1f8748e46ba],
PUP.Optional.IStartSurf.A, C:\Users\Schukka\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: ( "startup_urls": [ "http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94" ],), ,[184b28a26f0c6fc7fddc49c5c63f728e]
PUP.Optional.IStartSurf.A, C:\Users\Schukka\AppData\Roaming\Mozilla\Firefox\Profiles\z3x46fhb.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.newtab.url", "http://www.istartsurf.com/newtab/?type=nt&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94");), ,[9cc74e7c91eaa393dcfbea241de83bc5]
Secteurs physiques: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Date de l'examen: 24/08/2014
Heure de l'examen: 17:28:44
Fichier journal: malware.txt
Administrateur: Oui
Version: 2.00.2.1012
Base de donn�es Malveillants: v2014.08.24.03
Base de donn�es Rootkits: v2014.08.21.01
Licence: Essai
Protection contre les malveillants: Activ�(e)
Protection contre les sites Web malveillants: Activ�(e)
Self-protection: D�sactiv�(e)
Syst�me d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: Schukka
Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 419199
Temps �coul�: 13 min, 8 sec
M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: D�sactiv�(e)
Heuristics: Activ�(e)
PUP: Avertir
PUM: Activ�(e)
Processus: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Cl�s du Registre: 4
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [98cbfdcd483387afbbf5f24616eeb54b],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [c2a12aa098e379bd1c826187e022e51b],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [1a49f5d590eb2f07753bb97f0301ca36],
PUP.Optional.Qone8, HKU\S-1-5-21-1365627989-1550815974-3705189505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [abb876542c4f2412911e4bedbf456e92],
Valeurs du Registre: 1
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Schukka\AppData\Roaming\Mozilla\Firefox\Profiles\z3x46fhb.default\extensions\faststartff@gmail.com, , [263d8e3c3348ba7cae94d9738b79a35d]
Donn�es du Registre: 9
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (Chrome.exe), Mauvais: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[fc67963497e4c4721052f4df27ddab55]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[bfa4a3273546d85ed484d201e51fc838]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[2a3924a62c4fc472076a29b54abad62a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (Chrome.exe), Mauvais: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[d88bbb0ff08b49ed085a1eb52ada05fb]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[2043e5e55d1ea3931345c40f27ddb947]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms}),,[8fd4c7030f6ce650f46252818282b24e]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[baa9428892e9d066272dd4ff6b99b947]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[c89b6268c4b7cf673c359c42ae565da3]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-1365627989-1550815974-3705189505-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94, Bon: (www.google.com), Mauvais: (http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94),,[075c9c2ec5b63501cf8ac40fad576898]
Dossiers: 0
(No malicious items detected)
Fichiers: 4
Hacktool.Agent, C:\Users\Schukka\AppData\Roaming\ZHP\Quarantine\windows loader.exe.VIR, , [cd969535403b93a359d926301be65da3],
PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, , [194ad0fabac123139d36f1f8748e46ba],
PUP.Optional.IStartSurf.A, C:\Users\Schukka\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: ( "startup_urls": [ "http://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94" ],), ,[184b28a26f0c6fc7fddc49c5c63f728e]
PUP.Optional.IStartSurf.A, C:\Users\Schukka\AppData\Roaming\Mozilla\Firefox\Profiles\z3x46fhb.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.newtab.url", "http://www.istartsurf.com/newtab/?type=nt&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94");), ,[9cc74e7c91eaa393dcfbea241de83bc5]
Secteurs physiques: 0
(No malicious items detected)
(end)