1st Scan Log Malware Bytes

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 15-Oct-15
Scan Time: 10:01 AM
Logfile: 1st Scan Log.txt
Administrator: Yes
Version: 2.2.0.1024
Malware Database: v2015.10.14.07
Rootkit Database: v2015.10.06.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Vhung Vhung
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403149
Time Elapsed: 29 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
Registry Keys: 14
PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC
33840F4AB}, Quarantined, [e1fefd59d3b8bc7aa597f53da75baf51],
PUP.Optional.WinManger, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{85198F55-85AC-4
98A-BFE4-BBC33840F4AB}, Quarantined, [e1fefd59d3b8bc7aa597f53da75baf51],
PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{85198F55-85AC-4
98A-BFE4-BBC33840F4AB}, Quarantined, [e1fefd59d3b8bc7aa597f53da75baf51],
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARC
HSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [3fa04412fa91ba7c11
f3490b37ccd52b],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\ihpmserver, Quarantined, [4c93c3933
05ba096bee0505d857e1ee2],
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\oursurfingSoftware, Q
uarantined, [627d9cba0b8088ae6bbd7dfc21e1b64a],
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EX
PLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [07d890
c6c7c4c472f31196be19eaca36],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD, Quarantined, [419e2531bdce8
3b33c2fa7cfc83af907],
PUP.Optional.Spigot, HKU\S-1-5-21-1629453728-3710432676-1781865497-1001\SOFTWARE
\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1F47E9C2-87B0-450F-BBE7-CCBC611A2BEF}
, Quarantined, [af30ef674d3e5adcc852b8df7291a35d],
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-1629453728-3710432676-1781865497-1
001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-4
9120163DE86}, Quarantined, [a23d530399f2af87798a0a4aff04b14f],
PUP.Optional.DeskCut, HKU\S-1-5-21-1629453728-3710432676-1781865497-1001\SOFTWAR
E\MOZILLA\EXTENDS, Quarantined, [5b84fe587813f83e522db4bb11f223dd],
PUP.Optional.OutBrowse, HKU\S-1-5-21-1629453728-3710432676-1781865497-1001\SOFTW
ARE\OB, Quarantined, [a03f13433c4fc5712a24305959aa56aa],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1629453728-3710432676-1781865497-1001_Class
es\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [06d986d00685e74
f89bc436e709346ba],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1629453728-3710432676-1781865497-1001_Class
es\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [06d986d00685e
74f89bc436e709346ba],
Registry Values: 14
HSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, Quaranti
ned, [3fa04412fa91ba7c11f3490b37ccd52b]
HSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.oursurfing.com/we
b/?type=ds&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&u
id=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5&q={searchTerms}, Quarantined, [ecf3124
49eed3600b94b75df709302fe]
PLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfi
ng, Quarantined, [07d890c6c7c4c472f31196be19eaca36]
PLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.oursu
rfing.com/web/?type=ds&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2
q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5&q={searchTerms}, Quarantin
ed, [845b193d06857bbb9c682c28867df20e]
PUP.Optional.DeskCut, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|deskC
utv2@gmail.com, C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Profiles\aqvhqxe
y.default-1424530361415\extensions\deskCutv2@gmail.com, Quarantined, [29b6f0669b
f0eb4b334d82edd3305ca4]
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD|dir, C:\Program Files (x86)\
RayDld, Quarantined, [419e2531bdce83b33c2fa7cfc83af907]
PUP.Optional.Spigot, HKU\S-1-5-21-1629453728-3710432676-1781865497-1001\SOFTWARE
\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1F47E9C2-87B0-450F-BBE7-CCBC611A2BEF}
|URL, http://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type
=407453&p={searchTerms}, Quarantined, [af30ef674d3e5adcc852b8df7291a35d]
9120163DE86}|DisplayName, oursurfing, Quarantined, [a23d530399f2af87798a0a4aff04
b14f]
9120163DE86}|URL, http://www.oursurfing.com/web/?type=ds&ts=1444615766&z=a730d07
55e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs
0v44wt5&q={searchTerms}, Quarantined, [d70872e45f2c3cfa956e2430659e3ec2]
PUP.Optional.DeskCut, HKU\S-1-5-21-1629453728-3710432676-1781865497-1001\SOFTWAR
E\MOZILLA\EXTENDS|appid, deskCutv2@gmail.com, Quarantined, [5b84fe587813f83e522d
b4bb11f223dd]
ARE\OB|monitype15, 10/12/15 10:10:22, Quarantined, [a03f13433c4fc5712a24305959aa
56aa]
ARE\OB|monitype4, 10/12/15 10:11:54, Quarantined, [766962f48a0102348ac4f2970af98

d73]
ARE\OB|monitype26, 10/12/15 10:11:54, Quarantined, [aa356fe72269a09672dcd6b3dc27
1ce4]
001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINE
R\STORAGE\microsoft.microsoftedge_8wekyb3d8bbwe\MICROSOFTEDGE\MAIN|HomeButtonPag
e, http://www.oursurfing.com/?type=hp&ts=1444615766&z=a730d0755e473a4850096fegcz
2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5, Quarantine
d, [fce3193dc0cb88ae489404acbf44e61a]
Registry Data: 12
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|
Default_Page_URL, http://www.oursurfing.com/?type=hp&ts=1444615766&z=a730d0755e4
73a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44
wt5, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1444615
766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_
s0v44wt5xxxxs0v44wt5),Replaced,[5b8459fd3655191de57beb5430d4ad53]
Default_Search_URL, http://www.oursurfing.com/web/?type=ds&ts=1444615766&z=a730d
0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxx
xs0v44wt5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.c
om/web/?type=ds&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=
2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5&q={searchTerms}),Replaced,[c11ea5
b135560036a1bfd16ea95bf60a]
Search Page, http://www.oursurfing.com/web/?type=ds&ts=1444615766&z=a730d0755e47
3a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44w
t5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurfing.com/web/
?type=ds&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid
=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5&q={searchTerms}),Replaced,[d50ac690d6b50
c2a035d90af3aca847c]
Start Page, http://www.oursurfing.com/?type=hp&ts=1444615766&z=a730d0755e473a485
0096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5, G
ood: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1444615766&z=
a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44w
t5xxxxs0v44wt5),Replaced,[22bd1046a2e9fd39ce923d022ed63bc5]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|Defau
ltScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF
-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[01dede7
849429a9ce9bb17273ec6c838]
Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|User
init, C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\taskhost.exe /boot, Good: (use
rinit.exe), Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\taskhost.exe /boot
),Replaced,[954a59fd5d2e56e040288cae768e1ce4]
PLORER\MAIN|Default_Page_URL, http://www.oursurfing.com/?type=hp&ts=1444615766&z
=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44
wt5xxxxs0v44wt5, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=h
p&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500l
t012-9ws142_s0v44wt5xxxxs0v44wt5),Replaced,[a639183e2e5df73f7ee2c17ee321837d]
PLORER\MAIN|Default_Search_URL, http://www.oursurfing.com/web/?type=ds&ts=144461
5766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142
_s0v44wt5xxxxs0v44wt5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.
oursurfing.com/web/?type=ds&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w
6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5&q={searchTerms}),Repl
aced,[cf106de994f72412372952ed4db74eb2]
PLORER\MAIN|Search Page, http://www.oursurfing.com/web/?type=ds&ts=1444615766&z=
a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44w
t5xxxxs0v44wt5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.oursurf
ing.com/web/?type=ds&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&
from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5&q={searchTerms}),Replaced,[a
03f0551315a3cfa84dc75cab1536e92]
PLORER\MAIN|Start Page, http://www.oursurfing.com/?type=hp&ts=1444615766&z=a730d
0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxx
xs0v44wt5, Good: (www.google.com), Bad: (http://www.oursurfing.com/?type=hp&ts=1
444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9
ws142_s0v44wt5xxxxs0v44wt5),Replaced,[9d4258fef299b58173ed8eb1ff0546ba]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH
SCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D7
76-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Repla
ced,[7a65f85e28634bebccd8f846dc28e020]
001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.oursu
rfing.com/?type=hp&ts=1444615766&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&fr
om=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5, Good: (www.google.com), Bad:
(http://www.oursurfing.com/?type=hp&ts=1444615766&z=a730d0755e473a4850096fegcz2z
dz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0v44wt5xxxxs0v44wt5),Replaced,[27
b8d77fe9a26bcb0e4b45fa82829a66]
Folders: 0
Files: 4
PUP.RiskWare.Patcher, C:\Program Files (x86)\Internet Download Manager\Crack 201
5.07.29N.exe, No Action By User, [716e6aecdbb06dc902150246c73a8c74],
PUP.Optional.OurSurfing.ShrtCln, C:\Users\Julius\AppData\Roaming\Mozilla\Firefox
\Profiles\aqvhqxey.default-1424530361415\searchplugins\oursurfing.xml, Quarantin
ed, [a639a3b3d2b9df571fe15400fd06bf41],
PUP.Optional.OurSurfing, C:\Users\Julius\AppData\Local\Google\Chrome\User Data\D
efault\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_url
s":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restor
e_on_startup":4,"startup_urls":["http://www.oursurfing.com/?type=hp&ts=144461576
6&z=a730d0755e473a4850096fegcz2zdz8q5g8w6m1q2q&from=2sq&uid=st500lt012-9ws142_s0
v44wt5xxxxs0v44wt5"]},"sync":{"remaining_rollback_tries":0}}), Replaced,[954aa2b
498f3e551dc204328ef1514ec]
PUP.Optional.QuickStart, C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Profile
s\aqvhqxey.default-1424530361415\prefs.js, Good: (), Bad: (user_pref("browser.ne
wtab.url", "chrome://quick_start/content/index.html");), Replaced,[12cd98be6e1d9
c9a7c2b2f37f0149e62]
Physical Sectors: 0
(end)

1st Scan Log Malware Bytes

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

1st Scan Log Malware Bytes

Încărcat de

Drepturi de autor:

Formate disponibile

Malwarebytes Anti-Malware

ARE\OB|monitype4, 10/12/15 10:11:54, Quarantined, [766962f48a0102348ac4f2970af98

S-ar putea să vă placă și