cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 06/07/2014
Heure de l'examen: 17:30:00
Fichier journal:
Administrateur: Oui

Version: 2.00.2.1012
Base de donn�es Malveillants: v2014.07.06.06
Base de donn�es Rootkits: v2014.07.03.01
Licence: Premium
Protection contre les malveillants: Activ�(e)
Protection contre les sites Web malveillants: Activ�(e)
Self-protection: D�sactiv�(e)

Syst�me d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: Dell

Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 329725
Temps �coul�: 7 min, 21 sec

M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: D�sactiv�(e)
Heuristics: Activ�(e)
PUP: Activ�(e)
PUM: Activ�(e)

Processus: 1
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe, 2872, Supprim�-au-red�marrage, [1c322d6f5d1ea88e8eb9695909fb7e82]

Modules: 1
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\sqlite.dll, Supprim�-au-red�marrage, [d876b1ebd7a48fa7a2a9624f59a94bb5],

Cl�s du Registre: 8
PUP.Optional.PayByAds.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Yahoo! Search, Mis en quarantaine, [1c322d6f5d1ea88e8eb9695909fb7e82],
PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Mis en quarantaine, [1c328319cbb0fe389f066be153af02fe],
PUP.Optional.MySpeeDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CD1A1DC-9819-4E6D-BAE2-594763D441F3}, Mis en quarantaine, [1c328319cbb0fe389f066be153af02fe],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\WOW6432NODE\BrowseMark, Mis en quarantaine, [4a049ffd5823b086aaafa22a748e10f0],
PUP.Optional.Speedial.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\speedial, Mis en quarantaine, [2f1fd9c3483350e6bc86bf03a45ef808],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Mis en quarantaine, [4e0056464536a492df3c8d4c11f119e7],
PUP.Optional.Speedial.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\Speedial, Mis en quarantaine, [143ae8b4d6a5162078c79131f80afa06],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Mis en quarantaine, [d27cadefff7c48eeff2a846b976c758b],

Valeurs du Registre: 2
PUP.Optional.PayByAds.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Yahoo! Search, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe, Mis en quarantaine, [1c322d6f5d1ea88e8eb9695909fb7e82]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1T1M1E2X1H1LtO1S1H1E1J1K1H1O1T, Mis en quarantaine, [d27cadefff7c48eeff2a846b976c758b]

Donn�es du Registre: 1
PUP.Optional.Speedial.A, HKU\S-1-5-21-725325370-3185777298-3353560862-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://speedial.com/?f=1&a=spd_tele_14_21_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDtD0C0C0AtB0AtByCtB0BtN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtB0FzztB0EyCtAtG0F0B0DtDtG0F0AyE0DtGtB0EyB0FtGtC0E0E0DzyyB0A0AyD0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtB0FtAyD0AzytGzz0D0CyCtGyByB0CyEtG0AyByE0DtGtB0AyBtAyCyBtC0FtCyE0DtB2Q&cr=778444021&ir=, Bon: (www.google.com), Mauvais: (http://speedial.com/?f=1&a=spd_tele_14_21_ch&cd=2XzuyEtN2Y1L1QzutDtDtBtCyBtDtD0C0C0AtB0AtByCtB0BtN0D0Tzu0SzzyBtAtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtB0FzztB0EyCtAtG0F0B0DtDtG0F0AyE0DtGtB0EyB0FtGtC0E0E0DzyyB0A0AyD0CyDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtB0FtAyD0AzytGzz0D0CyCtGyByB0CyEtG0AyByE0DtGtB0AyBtAyCyBtC0FtCyE0DtB2Q&cr=778444021&ir=),Remplac�,[4fff5646ff7c53e384f12268976d718f]

Dossiers: 6
PUP.Optional.Conduit, C:\Users\Momo Ratp\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl, Mis en quarantaine, [88c65d3fea9173c3e31a128856ac3ac6],
PUP.Optional.CrossRider.A, C:\Users\Momo Ratp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm, Mis en quarantaine, [5af4edaf1b6093a3e656811b34ceb44c],
PUP.Optional.MySearchDial.A, C:\Users\Momo Ratp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa, Mis en quarantaine, [62ecc0dce09b88ae2ed3ecb7c042aa56],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads, Supprim�-au-red�marrage, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search, Supprim�-au-red�marrage, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2, Supprim�-au-red�marrage, [d876b1ebd7a48fa7a2a9624f59a94bb5],

Fichiers: 37
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe, Supprim�-au-red�marrage, [1c322d6f5d1ea88e8eb9695909fb7e82],
PUP.Optional.NextInterActive, C:\$Recycle.Bin\S-1-5-21-725325370-3185777298-3353560862-1000\$RCCEAL8.exe, Mis en quarantaine, [7cd2514bf2898aac3e55ccb4e71d8e72],
PUP.Optional.NextInt, C:\$Recycle.Bin\S-1-5-21-725325370-3185777298-3353560862-1000\$RF37004.exe, Mis en quarantaine, [8bc3bede512a5fd79ae3106e0afa817f],
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-725325370-3185777298-3353560862-1000\$RIPTVB4.exe, Mis en quarantaine, [331b4458156643f3767a6022ff0553ad],
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-725325370-3185777298-3353560862-1000\$ROJLWSN.exe, Mis en quarantaine, [c08e7527adce26108524bebf3fc5847c],
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-725325370-3185777298-3353560862-1000\$RUEQNU7.exe, Mis en quarantaine, [a7a70498d5a6a195f1b83c417094d828],
PUP.Optional.SpeeDial.A, C:\Users\Momo Ratp\AppData\Local\Temp\SpeeDial.exe, Mis en quarantaine, [311dfca092e959ddcf57cf75cf33d32d],
PUP.Optional.CouponDownloader.A, C:\Users\Momo Ratp\AppData\Local\Temp\is42483369\591195_stp\coupondownloader.exe, Mis en quarantaine, [ee60a3f90e6dae883cf0493794700cf4],
PUP.Optional.NextInterActive, C:\Users\Dell\Downloads\pf7-setup-fr (1).exe, Mis en quarantaine, [e06ecdcff388ec4a583b641c55aff40c],
PUP.Optional.NextInterActive, C:\Users\Dell\Downloads\pf7-setup-fr (2).exe, Mis en quarantaine, [0e40f2aa9ae12f07fc97fd832dd751af],
PUP.Optional.NextInterActive, C:\Users\Dell\Downloads\pf7-setup-fr.exe, Mis en quarantaine, [e668bedecdaeb185840f81ffd82ca35d],
PUP.Optional.NextInterActive, C:\Users\Dell\Downloads\picasa39-setup.exe, Mis en quarantaine, [7dd1a2fa93e837ff286b4a36e2226a96],
PUP.Optional.OptimumInstaller.A, C:\Users\Dell\Downloads\Player-Chrome.exe, Mis en quarantaine, [c688f5a7027993a350add182af523dc3],
PUP.Optional.OutBrowse, C:\Users\Dell\Downloads\setup (1).exe, Mis en quarantaine, [7cd2aeeeeb903ef80a7780fbf70a8e72],
PUP.Optional.BundleInstaller.A, C:\Users\Dell\Downloads\Setup (2).exe, Mis en quarantaine, [9bb3bfddc9b243f35b0279e9867efc04],
PUP.Optional.BundleInstaller.A, C:\Users\Dell\Downloads\Setup (3).exe, Mis en quarantaine, [55f9faa2c1baa690ef6e332f7b898080],
PUP.Optional.OutBrowse, C:\Users\Dell\Downloads\setup (4).exe, Mis en quarantaine, [f658a0fc374494a2eccca8d8738ee41c],
PUP.Optional.OutBrowse, C:\Users\Dell\Downloads\setup.exe, Mis en quarantaine, [4c02782498e3013561207efd837e956b],
PUP.Optional.Softonic.A, C:\Users\Dell\Downloads\Softonic_downloader_steam.exe, Mis en quarantaine, [5af4a1fb007b0f27a4bc72b4a95812ee],
PUP.Optional.Somoto.A, C:\Users\Dell\Downloads\FLVPlayerSetup-NdLeZITZ7.exe, Mis en quarantaine, [7bd308948ceff73f873d6030eb16f50b],
PUP.Optional.InstallCore, C:\Users\Dell\Downloads\install_avast.exe, Mis en quarantaine, [ba94a3f996e575c1dacb5627fb091be5],
PUP.Optional.InstallCore, C:\Users\Momo Ratp\Downloads\pf7-setup-fr.exe, Mis en quarantaine, [1935bae2d7a4e55106ea552d7a8aa35d],
PUP.Optional.V9.A, C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage, Mis en quarantaine, [51fd7e1e83f8999d7d62bc050ef4fb05],
PUP.Optional.V9.A, C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.v9.com_0.localstorage-journal, Mis en quarantaine, [b29c4b51b0cb74c2518e05bc4eb49b65],
PUP.Optional.NewTab.A, C:\Users\Momo Ratp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage, Mis en quarantaine, [f05ec5d7e6959f979144ac60d0341be5],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys, Mis en quarantaine, [ea64524ae09b59ddf83939d69a6ac53b],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\app.ini, Mis en quarantaine, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\chrmXtn.dll, Mis en quarantaine, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\ffxtn.dll, Mis en quarantaine, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\ieds.xml, Mis en quarantaine, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\rvt.js, Mis en quarantaine, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\serp.js, Mis en quarantaine, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.PayByAds.A, C:\Users\Dell\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\sqlite.dll, Supprim�-au-red�marrage, [d876b1ebd7a48fa7a2a9624f59a94bb5],
PUP.Optional.Dsrlte.A, C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: ( "homepage": "http://rts.dsrlte.com",), Remplac�,[6ce2f8a41e5d52e4cfcb40826c9832ce]
PUP.Optional.Dsrlte.A, C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\k2srv1bi.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.startup.homepage", "http://rts.dsrlte.com");), Remplac�,[93bb3b6189f2c0760393c9f9da2a59a7]
PUP.Optional.Dsrlte.A, C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\k2srv1bi.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.newtab.url", "http://rts.dsrlte.com/?m=tab");), Remplac�,[3b138517166553e3890e388a43c117e9]
PUP.Optional.Dsrlte.A, C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\k2srv1bi.default\prefs.js, Bon: (), Mauvais: (user_pref("keyword.URL", "http://rts.dsrlte.com/?q=");), Remplac�,[fe50f8a497e4d75fceca3d85d0343cc4]

Secteurs physiques: 0
(No malicious items detected)


(end)

Publicité


Signaler le contenu de ce document

Publicité