Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 24/06/2014 Heure de l'examen: 01:03:43 Fichier journal: Exam.txt Administrateur: Oui Version: 2.00.2.1012 Base de données Malveillants: v2014.06.23.12 Base de données Rootkits: v2014.06.20.01 Licence: Gratuite Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Self-protection: Désactivé(e) Système d'exploitation: Windows 8.1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Dominique Type d'examen: Examen "Menaces" Résultat: Terminé Objets analysés: 378933 Temps écoulé: 7 min, 51 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Désactivé(e) Heuristics: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Clés du Registre: 10 PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-4081526364-3339032386-3191456734-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{06C616B6-FEE6-7B00-A1E5-424FFD13BB22}, Mis en quarantaine, [0ade7ffceb90d2648d9add67897921df], PUP.Optional.Pricora.A, HKLM\SOFTWARE\WOW6432NODE\Pricora 1.1, Mis en quarantaine, [8f59b1cafc7f60d65652cff75ca625db], PUP.Optional.HQVPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-VPro-1.9, Mis en quarantaine, [e305cfac9fdcf343e36636810af850b0], PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Mis en quarantaine, [6583bfbc0d6e75c15cd208b635cd58a8], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.1, Mis en quarantaine, [5791a2d996e546f0d3f6388613ef8a76], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PlusHD Cod, Mis en quarantaine, [46a23a41d5a6c274087abcef35cdde22], PUP.Optional.Pricora.A, HKU\S-1-5-21-4081526364-3339032386-3191456734-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Pricora 1.1, Mis en quarantaine, [f4f40972582359dd83279d2936cc2bd5], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4081526364-3339032386-3191456734-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Mis en quarantaine, [c028235888f3a98d0c2b14e222e14fb1], PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-4081526364-3339032386-3191456734-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, Mis en quarantaine, [dd0b5c1f6813ab8b58d64f6f79894db3], PUP.Optional.Pricora.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Pricora 1.1, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], Valeurs du Registre: 3 PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certified-toolbar.com?si=80415&st=bs&tid=23890&ver=6.3&ts=1401652800000.000007&tguid=80415-23890-1401722644033-A0800C0BF224B6056648CC26B228DD9A&q=%s, Mis en quarantaine, [06e24734b5c632046d4eebbe1ee46799] PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_fr_156, Mis en quarantaine, [f6f2bcbfdba0f640668507b0f70ba957], PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_fr_187, Mis en quarantaine, [31b78af1bac17db94c9fc1f654ae768a], Données du Registre: 2 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[3aae7407d3a853e348b6641f8b79669a] PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-4081526364-3339032386-3191456734-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certified-toolbar.com?si=80415&st=bs&tid=23890&ver=6.3&ts=1401652800000.000007&tguid=80415-23890-1401722644033-A0800C0BF224B6056648CC26B228DD9A&q=%s, Bon: (http://www.google.com), Mauvais: (http://search.certified-toolbar.com?si=80415&st=bs&tid=23890&ver=6.3&ts=1401652800000.000007&tguid=80415-23890-1401722644033-A0800C0BF224B6056648CC26B228DD9A&q=%s),Remplacé,[1bcdc3b80a713204d6d588fccc38e61a] Dossiers: 5 PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0, Mis en quarantaine, [c523f784d9a2cc6a0d0350476f932dd3], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0, Mis en quarantaine, [6f7996e5f586bc7a5fb1366190724ab6], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], Fichiers: 60 Trojan.Banker.Kreapixel, C:\Users\Dominique\AppData\Roaming\~uankygw.exe, Mis en quarantaine, [895f95e66f0c93a39977d66b629f03fd], PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, Mis en quarantaine, [8662017ad4a79a9cdea8cd700df3728e], PUP.Optional.SupraSavings.A, C:\temp\t.msi, Mis en quarantaine, [75735e1d0d6ed561dac8cba207fd738d], PUP.Optional.FlashPro, C:\Users\Dominique\Downloads\flashplayerpro-setup.exe, Mis en quarantaine, [70782d4e02799e980eeea0d3b45033cd], PUP.Optional.Somoto.A, C:\Users\Dominique\Downloads\FLVPlayerSetup-Nb4HnIdcH.exe, Mis en quarantaine, [8662bcbf4d2ee4526f8e96763dc702fe], PUP.Optional.InstalleRex, C:\Users\Dominique\Downloads\RP - DTL.zip.exe, Mis en quarantaine, [d4143d3eb4c741f5b7e8652346bbe41c], PUP.Optional.DomaIQ, C:\Users\Dominique\Downloads\Java (1).exe, Mis en quarantaine, [6682017aff7cb284b4cd3210f30dc838], PUP.Optional.DomalQ, C:\Users\Dominique\Downloads\Java (2).exe, Mis en quarantaine, [20c81962dc9f8aac6783096c6a9ae719], PUP.Optional.DomalQ, C:\Users\Dominique\Downloads\Java (3).exe, Mis en quarantaine, [697fc3b8403b13238f5bc4b1848021df], PUP.Optional.BundleInstaller.A, C:\Users\Dominique\Downloads\Java.exe, Mis en quarantaine, [29bfbcbf25561b1b9d5462e7748d12ee], PUP.Optional.Tuguu, C:\Users\Dominique\Downloads\New player.exe, Mis en quarantaine, [2bbd334865162f0709e8a0a42ad6cf31], PUP.Optional.NextInt, C:\Users\Dominique\Downloads\PDFCreator-1_7_2_setup.exe, Mis en quarantaine, [56920873176411250eda96d9ad57926e], PUP.Optional.OptimumInstaller.A, C:\Users\Dominique\Downloads\Player-Chrome.exe, Mis en quarantaine, [6781621994e76ec82ef63f139d64b749], PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iagcajndpnfncplednpbnkahadegklfa_0.localstorage, Mis en quarantaine, [a3457902accf2c0acd893f7b9e6457a9], PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iagcajndpnfncplednpbnkahadegklfa_0.localstorage-journal, Mis en quarantaine, [9256413a0e6d6bcb5df9cbef689a9868], PUP.Optional.MySearchDial.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iagcajndpnfncplednpbnkahadegklfa_0.localstorage, Mis en quarantaine, [10d81467077477bf1244dfdb699906fa], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage, Mis en quarantaine, [5890a4d78cef7eb84eb54e70db279769], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage-journal, Mis en quarantaine, [9553295297e476c0b350c1fd2ad840c0], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage, Mis en quarantaine, [c4245c1fc6b50f276a99e2dc729006fa], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, Mis en quarantaine, [f8f0c9b2621938fe2e6a1ea75ca620e0], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1-bho64.dll, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\1293297481.mxaddon, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\35497.crx, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\35497.xpi, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\360-35497.crx, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\8dbeccc3-0931-46a6-9571-7f235081a991-2.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\8dbeccc3-0931-46a6-9571-7f235081a991-3.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\8dbeccc3-0931-46a6-9571-7f235081a991-4.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\8dbeccc3-0931-46a6-9571-7f235081a991-5.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\background.html, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\bgNova.html, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1-bg.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1-bho.dll, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1-codedownloader.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1-nova.dll, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1-nova.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1-novainstaller.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Pricora 1.1.ico, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\Uninstall.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.Pricora.A, C:\Program Files (x86)\Pricora 1.1\utils.exe, Mis en quarantaine, [8b5d8deed3a8a49232f1385b0101ed13], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\1, Mis en quarantaine, [c523f784d9a2cc6a0d0350476f932dd3], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\16, Mis en quarantaine, [6f7996e5f586bc7a5fb1366190724ab6], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000005.ldb, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000006.log, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000004, Mis en quarantaine, [5d8b017a4d2e72c4cc50841326dc2dd3], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000204.ldb, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000209.ldb, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000215.ldb, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000218.ldb, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000225.log, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.CrossRider.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000223, Mis en quarantaine, [6a7ef18ae596ef47d3491087a35faf51], PUP.Optional.DefaultSearch.A, C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Preferences, Bon: (), Mauvais: ( "search_url": "http://www.default-search.net/search?sid=492&aid=148&itype=a&ver=12692&tm=357&src=ds&p={searchTerms}",), Remplacé,[9553d1aa13682e08307a3e73be4626da] Secteurs physiques: 0 (No malicious items detected) (end)