Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 10/11/2014 Heure de l'examen: 18:40:04 Fichier journal: rapport malwarebytes.txt Administrateur: Oui Version: 2.00.3.1025 Base de données Malveillants: v2014.11.10.07 Base de données Rootkits: v2014.11.10.01 Licence: Gratuit Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Auto-protection: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: patou Type d'examen: Examen "Personnalisé" Résultat: Terminé Objets analysés: 697629 Temps écoulé: 2 h, 20 min, 48 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Activé(e) Heuristique: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 1 PUP.Optional.ZombieNews.A, C:\ProgramData\qFcnNNlTwG\WRaNjR.exe, 3316, , [16097fbbb8c473c3e2d36051f70aa060] Modules: 0 (Aucun élément malicieux detecté) Clés du Registre: 5 PUP.Optional.ShopSave.A, HKU\S-1-5-21-3681399920-3762634642-1441022263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{033BE5FC-ED4C-48A0-8F07-E0128384D828}, , [74abfa401c60e650606106abaf531ae6], PUP.Optional.ShopSave.A, HKU\S-1-5-21-3681399920-3762634642-1441022263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CC4BF79-7708-4ECB-8F2B-A11264A67989}, , [24fb2b0f6d0f9f9707b9d0e105fd04fc], PUP.Optional.ShopSave.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CC4BF79-7708-4ECB-8F2B-A11264A67989}, , [24fb2b0f6d0f9f9707b9d0e105fd04fc], PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.2, , [ed321525bbc1e2544749da57d033639d], PUP.Optional.SuperFish.A, HKU\S-1-5-21-3681399920-3762634642-1441022263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, , [72ada496d2aaa78fa313c285bf4428d8], Valeurs du Registre: 2 PUP.Optional.ShopSave.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{033BE5FC-ED4C-48A0-8F07-E0128384D828}, ShopSave Toolbar, , [74abfa401c60e650606106abaf531ae6] PUP.Optional.ShopSave.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{033BE5FC-ED4C-48A0-8F07-E0128384D828}, , [8e9168d2de9e39fd8140bff28b7744bc], Données du Registre: 1 PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-3681399920-3762634642-1441022263-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ts=1362153404718&tguid=41460-2938-1362153396793-718402&q=%s, Bon: (www.google.com), Mauvais: (http://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ts=1362153404718&tguid=41460-2938-1362153396793-718402&q=%s),,[a17e2416cbb1d066a96dcb78b154db25] Dossiers: 8 PUP.Optional.ZombieNews.A, C:\Users\patou\AppData\Local\ZombieNews, , [b36c91a9a3d9a5915668021c748f37c9], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\plugins, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\AppsMetaData, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\ToolbarHiddenSettings, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\ToolbarSettings, , [b56a31094f2d191d422374b72dd6f808], Fichiers: 22 PUP.Optional.ZombieNews.A, C:\ProgramData\qFcnNNlTwG\WRaNjR.exe, , [16097fbbb8c473c3e2d36051f70aa060], PUP.Optional.WordProser.A, C:\Users\patou\AppData\Roaming\ZHP\Quarantine\WordProser_1.10.0.2.DIR\Service\wpsvc.exe, , [bf6060da2557f2448232d205cc3539c7], PUP.Optional.InstallCore.A, C:\Users\patou\Documents\Encodage\vobmerge-2-51-3860-fr-setup.exe, , [001f40fa4933a69051b409122dd8de22], PUP.Optional.Amonetize, C:\Users\patou\Downloads\FlashPlayersetup__10907_i1400531727_il6.exe, , [ac73a595700cf640d330419d2bd69d63], PUP.Optional.Amonetize, C:\Users\patou\Downloads\FlashPlayersetup__10907_i1400629693_il6.exe, , [e23df9419eded46211f2af2f9b662dd3], PUP.Optional.Bestop, C:\Users\patou\Downloads\FlvPlayerSetup(1).exe, , [031c88b290ecef47cb3439fc7f8652ae], PUP.Optional.Bestop, C:\Users\patou\Downloads\FlvPlayerSetup(2).exe, , [e23d88b2106c4fe7f708c5707590e719], PUP.Optional.Bestop, C:\Users\patou\Downloads\FlvPlayerSetup.exe, , [6eb173c7bdbf43f33cc3e055798c8e72], PUP.Optional.Bundle, C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe, , [fb2498a21468a096d933b2840bfa2cd4], PUP.Optional.Bundle, C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe, , [fc231c1eb0cca98d8f82999d1ce9e61a], PUP.Optional.ZombieNews.A, C:\ProgramData\qFcnNNlTwG\dat\gEimcE.exe, , [d44bf5450379c670a213eec3ad54f10f], PUP.Optional.ZombieNews.A, C:\ProgramData\qFcnNNlTwG\dat\mlSoWVXMdO.exe, , [8d927dbd4b316ec81c9902af639eb24e], PUP.Optional.SupraSavings.A, C:\Temp\t.msi, , [59c60a30700ca0965b1fe03216efee12], PUP.Optional.Conduit.A, C:\Users\patou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage, , [e63960da304c7eb805453cfd2cd719e7], PUP.Optional.ReMarkable.A, C:\Users\patou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, , [4fd04bef1b618bab0b671a8cd03429d7], PUP.Optional.ReMarkable.A, C:\Users\patou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, , [e13e300a215b1b1b165c8c1a26dec937], PUP.Optional.ZombieNews.A, C:\Users\patou\AppData\Local\ZombieNews\data2.dat, , [b36c91a9a3d9a5915668021c748f37c9], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\AppsMetaData\data.bck.txt, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\AppsMetaData\data.txt, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\ToolbarHiddenSettings\data.txt, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\ToolbarSettings\data.bck.txt, , [b56a31094f2d191d422374b72dd6f808], PUP.Optional.WhiteSmoke.A, C:\Users\patou\AppData\LocalLow\WhiteSmoke_B\Repository\conduit_CT3279141_CT3279141\ToolbarSettings\data.txt, , [b56a31094f2d191d422374b72dd6f808], Secteurs physiques: 0 (Aucun élément malicieux detecté) (end)