So, first the context.
Windows XP Home SP3, 1024MB RAM, 1596 Mhz proc
Online Armor 4.0.0.14 Free (firewall, programs keeper)
Advanced SystemCare 8 (system coherence control : disk, register, shortcuts ...)
Avast Internet Security (all modules activated except firewall)
Beginning of the results :
Malwarebytes Anti-Malware
www.malwarebytes.orgUpdate, 01/02/2015 13:50:40, SYSTEM, UC00004, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 01/02/2015 13:50:40, SYSTEM, UC00004, Manual, Rootkit Database, 2014.11.18.1, 2015.1.14.1,
Update, 01/02/2015 13:51:15, SYSTEM, UC00004, Manual, Malware Database, 2014.11.20.6, 2015.2.1.3,
(end)
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 01/02/2015
Scan Time: 13:51:48
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.01.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: admin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 774439
Time Elapsed: 2 hr, 45 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
Redir.ChercheUs, HKU\S-1-5-21-1745311521-3265096205-4005268043-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MENUEXT\Recherche avec cherche.us, , [53f40712fe8c86b05e59370054b018e8],
Registry Values: 0
(No malicious items detected)
Registry Data: 11
PUM.Hijack.StartMenu, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[3314e3367a109c9a45db9b0fb64f9e62]
PUM.Hijack.StartMenu, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[fe49ec2de8a23ff7c15f8d1d31d4817f]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[2b1c2aefc1c934029090317925e052ae]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[f453c65377138ea8b9678d1d59ac6e92]
Hijack.SearchPage, HKU\S-1-5-21-1745311521-3265096205-4005268043-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page,
http://www.cherche.us, Good: (
http://www.google.com), Bad: (
http://www.cherche.us),,[60e748d1305afc3aaca4fcad27de6a96]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[c384c5546d1d2b0b7fa16b3f986dd12f]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[b69145d4ddad77bf59c76941b94cf10f]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-1009-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[d0777d9cc8c238feb56b921870957f81]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[6bdce336e7a3c07628f88822b94c9a66]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-1041-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[27208d8c85054ceabe62eebc09fcb54b]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1745311521-3265096205-4005268043-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),,[0c3b66b3bdcdce684ad69a10b550619f]
Folders: 0
(No malicious items detected)
Files: 4
PUP.Optional.Spigot.A, C:\Program Files\Application _Updater\ApplicationUpdater.exe, , [0047be5b3852d6608649aff89c652fd1],
Rootkit.Agent, C:\WINDOWS\1431312.exe, , [6add63b62a60290ddcbb61546d98a858],
Rootkit.Agent, C:\WINDOWS\8942531.exe, , [f750bb5e92f8063082153e770afb58a8],
PUP.Optional.Conduit.A, C:\Documents and Settings\username\Application Data\Mozilla\Firefox\Profiles\ancien.bycojd1pdefault\prefs.js, Good: (), Bad: (user_pref("CT2067599.SearchFromAddressBarUrl", "
http://search.conduit.com/ResultsExt.aspx?ctid=CT2067599&SearchSource=2&q=");), ,[2225b7623b4fda5c954443a616efff01]
Physical Sectors: 0
(No malicious items detected)
(end)
Synthesis of MBAM report :
Malicious items detected : 4
Non-malware items detected : 12
Now I am going to look at the next tool.