Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 08/09/2014 Heure de l'examen: 21:25:51 Fichier journal: ICI.txt Administrateur: Oui Version: 2.00.2.1012 Base de données Malveillants: v2014.09.08.06 Base de données Rootkits: v2014.08.21.01 Licence: Gratuite Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Self-protection: Désactivé(e) Système d'exploitation: Windows 8 Processeur: x86 Système de fichiers: NTFS Utilisateur: alex Type d'examen: Examen "Menaces" Résultat: Terminé Objets analysés: 358465 Temps écoulé: 14 min, 24 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Désactivé(e) Heuristics: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 6 Virus.Ramnit, C:\Program Files\WinRAR\RarExt.dll, Supprimé-au-redémarrage, [b1856f7c8dee53e308f86b1b3cc402fe], Virus.Ramnit, C:\Program Files\Notepad++\NppShell_05.dll, Supprimé-au-redémarrage, [3cfa4aa194e75cda9070b8cea759bd43], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\RtlLib.dll, Supprimé-au-redémarrage, [ed490dde89f2132300001e68758b649c], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\RtlIhvOid.dll, Supprimé-au-redémarrage, [7bbb25c67a015bdbaa56afd780808a76], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\IpLib.dll, Supprimé-au-redémarrage, [ea4cb833641791a5e31d91f5bf41c43c], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\libeay32.dll, Supprimé-au-redémarrage, [989ea6453843c47270903551cb35a25e], Clés du Registre: 7 Virus.Ramnit, HKLM\SOFTWARE\CLASSES\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}, Mis en quarantaine, [b1856f7c8dee53e308f86b1b3cc402fe], Virus.Ramnit, HKLM\SOFTWARE\CLASSES\CLSID\{00F3C2EC-A6EE-11DE-A03A-EF8F55D89593}, Mis en quarantaine, [3cfa4aa194e75cda9070b8cea759bd43], Trojan.Agent.FSA76, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\npggsvc, Mis en quarantaine, [be786883e39879bd6c1a94965da4fb05], Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AutoHotkey, Mis en quarantaine, [b3836e7d0e6de94daf522b5b827e2bd5], Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WinRAR archiver, Mis en quarantaine, [2c0a6c7f2d4edd59748c60264bb547b9], PUP.Optional.WhiteSmoke.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WhiteSmoke_US Toolbar, Mis en quarantaine, [72c434b7ec8faf87af567487e22018e8], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2385275142-600627090-416882996-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Mis en quarantaine, [1e18ae3d16655bdb991d63f05ba925db], Valeurs du Registre: 3 Virus.Ramnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{B41DB860-8EE4-11D2-9906-E49FADC173CA}, WinRAR shell extension, Mis en quarantaine, [b1856f7c8dee53e308f86b1b3cc402fe] Virus.Ramnit, HKU\S-1-5-21-2385275142-600627090-416882996-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|KPeerNexonEU, C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe, Mis en quarantaine, [fd3957945e1d072f52aff096e61a2ad6] Virus.Ramnit, HKU\S-1-5-21-2385275142-600627090-416882996-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Gadwin PrintScreen, C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash, Mis en quarantaine, [a09694570873a294dd24f492718fcb35] Données du Registre: 1 Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe,c:\program files\realtek\11n usb wireless lan utility\rtwlansrv.exe, Bon: (userinit.exe), Mauvais: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe,c:\program files\realtek\11n usb wireless lan utility\rtwlansrv.exe),Remplacé,[3afcedfe5328989e09e2f4fcad570df3] Dossiers: 4 PUP.Optional.MySpeedDial.A, C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, Mis en quarantaine, [a98d64876d0ecb6b4f783f9829d9817f], PUP.Optional.Extutil.A, C:\Users\alex\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Mis en quarantaine, [c5714aa1f4877db925f6c41f5da5e020], PUP.Optional.Managera.A, C:\Users\alex\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Mis en quarantaine, [7eb84ba0e992e94dd7458f54dd25867a], PUP.Optional.Booster.A, C:\ProgramData\GreenApp\SW-Booster, Mis en quarantaine, [3ff7d2190c6f94a226367c75748e4eb2], Fichiers: 78 Virus.Ramnit, C:\Program Files\WinRAR\RarExt.dll, Supprimé-au-redémarrage, [b1856f7c8dee53e308f86b1b3cc402fe], Virus.Ramnit, C:\Program Files\Notepad++\NppShell_05.dll, Supprimé-au-redémarrage, [3cfa4aa194e75cda9070b8cea759bd43], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\RtlLib.dll, Supprimé-au-redémarrage, [ed490dde89f2132300001e68758b649c], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\RtlIhvOid.dll, Supprimé-au-redémarrage, [7bbb25c67a015bdbaa56afd780808a76], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\IpLib.dll, Supprimé-au-redémarrage, [ea4cb833641791a5e31d91f5bf41c43c], Virus.Ramnit, C:\Program Files\Hercules\WiFi Station N\libeay32.dll, Supprimé-au-redémarrage, [989ea6453843c47270903551cb35a25e], Virus.Ramnit, C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe, Mis en quarantaine, [fd3957945e1d072f52aff096e61a2ad6], Virus.Ramnit, C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe, Mis en quarantaine, [a09694570873a294dd24f492718fcb35], Trojan.Agent.FSA76, C:\Windows\System32\GameMon.des, Mis en quarantaine, [be786883e39879bd6c1a94965da4fb05], Virus.Ramnit, C:\Program Files\AutoHotkey\AutoHotkey.exe, Mis en quarantaine, [b3836e7d0e6de94daf522b5b827e2bd5], Virus.Ramnit, C:\Program Files\AutoHotkey\AutoHotkeyA32.exe, Mis en quarantaine, [d06628c35e1df73f28d97e08fe02f20e], Virus.Ramnit, C:\Program Files\AutoHotkey\AutoHotkeyU32.exe, Mis en quarantaine, [55e1f0fbf18a1a1cda279fe7b34ddc24], Virus.Ramnit, C:\Program Files\Steam\SDL2.dll, Mis en quarantaine, [af8715d6413a7db9768a5f2748b8916f], Virus.Ramnit, C:\Program Files\TeamSpeak 3 Client\libeay32.dll, Mis en quarantaine, [112539b229521521be4231552fd142be], Malware.Packer, C:\Program Files\Microsoft\DesktopLayer.exe, Supprimé-au-redémarrage, [fd3995568cef072f57c1312969970df3], Virus.Ramnit, C:\Program Files\Notepad++\notepad++.exe, Mis en quarantaine, [f73fe00b106b191d02ffd5b1aa5607f9], Virus.Ramnit, C:\Program Files\Notepad++\SciLexer.dll, Mis en quarantaine, [fb3becffb5c614221ce490f6d52bb54b], Virus.Ramnit, C:\Program Files\OBS\OBS.exe, Mis en quarantaine, [5dd945a6027992a4f0106c1af20e2fd1], Virus.Ramnit, C:\Program Files\I-Doser Free\SbaGen.dll, Mis en quarantaine, [02349754aad1989e9a66582ea45cdc24], Virus.Ramnit, C:\Program Files\WinRAR\Rar.exe, Mis en quarantaine, [c4725e8dfc7f96a02ed28204fb05629e], Virus.Ramnit, C:\Program Files\WinRAR\Uninstall.exe, Mis en quarantaine, [2c0a6c7f2d4edd59748c60264bb547b9], Virus.Ramnit, C:\Program Files\WinRAR\UnRAR.exe, Mis en quarantaine, [1521eefd57242c0acd33d7af6a964bb5], Virus.Ramnit, C:\Program Files\WinRAR\WinRAR.exe, Mis en quarantaine, [de581ccf007b3ff708f84a3ce11fbb45], Virus.Ramnit, C:\Program Files\ZHPDiag\mbr.exe, Mis en quarantaine, [89adbd2e106be74fc2402462b848f30d], Virus.Ramnit, C:\Program Files\ZHPDiag\mbrcheck.exe, Mis en quarantaine, [6bcb0ae15427cd69986a176fb64a8f71], Virus.Ramnit, C:\Program Files\ZHPDiag\pv.exe, Mis en quarantaine, [181eac3fc2b9d561bf43dfa7bc440ef2], Trojan.Agent.DE, C:\$Recycle.Bin\S-1-5-21-2385275142-600627090-416882996-1001\$RA61HTY.exe, Mis en quarantaine, [70c64f9ce6951a1cc8e75bed9f6129d7], Virus.Ramnit, C:\RECYCLER\S-1-5-21-527237240-682003330-725345543-500\Dc5.exe, Mis en quarantaine, [db5bf5f6671481b5c0414046fd03629e], PUP.Optional.MultiPlug, C:\Windows\System32\setup.exe, Mis en quarantaine, [43f3707b790282b41b52624d27da7d83], Malware.Packer, C:\Windows\System32\taskmgrSrv.exe, Mis en quarantaine, [57dfd4173c3f9a9caa6ebc9e80808779], Virus.Ramnit, C:\Users\alex\AppData\Local\Temp\NGMSetup.exe, Mis en quarantaine, [ca6ce7042655033355ac6521946c30d0], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\nsf926E.exe, Mis en quarantaine, [3afc6a81413a3df975979df4bf423fc1], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\nsk5C98.exe, Mis en quarantaine, [5bdb905b0972bb7b907c5938b849ae52], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\dlLogic.exe, Mis en quarantaine, [51e50dde611a65d1c3234df5a858d729], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\dltr.exe, Mis en quarantaine, [a096e8039fdc6bcb32b5241ecc34db25], PUP.Optional.EZDownloader.A, C:\Users\alex\AppData\Local\Temp\down.2584.EzDownloader_setup.exe, Mis en quarantaine, [9e9830bb601bf83e2b900c135fa144bc], Virus.Ramnit, C:\Users\alex\AppData\Local\Temp\USkinDLL.dll, Mis en quarantaine, [e65041aa6d0e181e7989add97789fa06], PUP.Optional.InstallRex, C:\Users\alex\AppData\Local\Temp\sSetup-se.exe, Mis en quarantaine, [34022ac1c6b54de9909c03de6c9838c8], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\verifier.exe, Mis en quarantaine, [50e6806bff7cd3633aad6fd37f81c838], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\nsk8F8F.exe, Mis en quarantaine, [0f27965583f887af3fcdc7ca3fc28e72], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\nsk954C.exe, Mis en quarantaine, [ea4ce2097cff0e28709c8110ee137090], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\nslFD59.exe, Mis en quarantaine, [013556955a2190a64dbf8908976ad030], PUP.Optional.Somoto, C:\Users\alex\AppData\Local\Temp\nst7FCF.tmp, Mis en quarantaine, [e55132b9a0db44f226e3d59eed17e31d], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\nsu6031.exe, Mis en quarantaine, [74c23bb0d1aa49ed9d6f345de819a25e], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\nsz63AB.exe, Mis en quarantaine, [1e1829c2a6d5a492a567543d936e768a], PUP.Optional.Somoto, C:\Users\alex\AppData\Local\Temp\bitool.dll, Mis en quarantaine, [3501a843097261d549cde66cef1324dc], PUP.Optional.Conduit.A, C:\Users\alex\AppData\Local\Temp\GCVerifier.dll, Mis en quarantaine, [fc3af9f293e81d19d80d52f026daa858], Virus.Ramnit, C:\Users\alex\AppData\Local\Temp\{EF92DFD6-5F5F-41AD-A346-177D3471FD20}\Addons\assistant_v3.exe, Mis en quarantaine, [fa3c18d3d0aba492817f087e728eab55], PUP.Optional.MultiPlug.A, C:\Users\alex\AppData\Local\Temp\{EF92DFD6-5F5F-41AD-A346-177D3471FD20}\Addons\browsecoupon_setup.exe, Mis en quarantaine, [3303c22985f6c2745e06eb87d1331de3], PUP.Optional.MultiPlug.A, C:\Users\alex\AppData\Local\Temp\{EF92DFD6-5F5F-41AD-A346-177D3471FD20}\Addons\extIE_setup.exe, Mis en quarantaine, [31055f8c27549a9c4d17a2d0d034ce32], PUP.Optional.MultiPlug.A, C:\Users\alex\AppData\Local\Temp\{EF92DFD6-5F5F-41AD-A346-177D3471FD20}\Addons\ext_setup.exe, Mis en quarantaine, [d75f01ea0f6c3ff72b39b9b9ee165ba5], PUP.Optional.MultiPlug.A, C:\Users\alex\AppData\Local\Temp\{EF92DFD6-5F5F-41AD-A346-177D3471FD20}\Addons\helper_setup.exe, Mis en quarantaine, [d363f1fa8bf07fb749559ba5f809738d], PUP.Optional.MultiPlug.A, C:\Users\alex\AppData\Local\Temp\{EF92DFD6-5F5F-41AD-A346-177D3471FD20}\Addons\ytab_setup.exe, Mis en quarantaine, [75c1e4074833a29403618fe3887c47b9], PUP.Optional.SearchProtect.A, C:\Users\alex\AppData\Local\Temp\nsu2429\SpSetup.exe, Mis en quarantaine, [f0462dbe354641f5e3500e8d7a873fc1], PUP.Optional.Installrex, C:\Users\alex\Downloads\Mario_and_Luigi_Partners_in_Time__EU_.zip.exe, Mis en quarantaine, [63d3d219423971c5b39282fa857ce61a], PUP.Optional.OpenCandy, C:\Users\alex\Downloads\DTLite4491-0356 [1].exe, Mis en quarantaine, [d85e34b7c1ba0f2747d8df3a41c4837d], PUP.Optional.NextInterActive, C:\Users\alex\Downloads\DTLite4491-0356.exe, Mis en quarantaine, [a096b2397308e3537a8b9b3b49bb6b95], Virus.Ramnit, C:\Users\alex\Downloads\cacaoweb.exe, Mis en quarantaine, [66d06f7c9cdf3df9b0518cfa0af6e020], PUP.Optional.InstalleRex, C:\Users\alex\Downloads\Final_Fantasy_Tactics_Advance_Europe_En_Fr_De_Es_It.exe, Mis en quarantaine, [45f1b536d3a82214ece9bad146bbcc34], PUP.Optional.InstalleRex, C:\Users\alex\Downloads\Setup (1).exe, Mis en quarantaine, [60d65596d4a774c2def8dd66af51e719], PUP.Optional.OutBrowse, C:\Users\alex\Downloads\setup (2).exe, Mis en quarantaine, [86b09754ee8d2412d68bfc8d788950b0], Adware.DomaIQ, C:\Users\alex\Downloads\Setup.exe, Mis en quarantaine, [a88e3ead1c5fa096254fed5522dec63a], Trojan.Agent.DE, C:\Users\alex\Downloads\ZynoxCode v2.0.zip, Mis en quarantaine, [9d99d813d7a4082e6f40cb7dd22e1ce4], Virus.Ramnit, C:\Users\alex\Downloads\Injector.exe, Mis en quarantaine, [ae8810db66159a9c837d7214fb05738d], VirTool.Obfuscator, C:\Users\alex\Downloads\Crack Rayman Legends by CrackVideoGames.rar, Mis en quarantaine, [9d996b8085f60c2ae4f159d49e6308f8], Malware.Packer, C:\Users\alex\Microsoft\DesktopLayer.exe, Mis en quarantaine, [69cda447a8d341f5b66267f38779ac54], PUP.Optional.Webget.A, C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\g4h97iat.default\extensions\firefox@webwebget.com.xpi, Mis en quarantaine, [b6809655c3b846f0adb8f51edf24ee12], Trojan.Agent, C:\Users\alex\AppData\Roaming\file.exe, Mis en quarantaine, [8fa700ebb9c270c615488b52e71cc43c], PUP.Optional.MySpeedDial.A, C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000012.log, Mis en quarantaine, [a98d64876d0ecb6b4f783f9829d9817f], PUP.Optional.MySpeedDial.A, C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, Mis en quarantaine, [a98d64876d0ecb6b4f783f9829d9817f], PUP.Optional.MySpeedDial.A, C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, Mis en quarantaine, [a98d64876d0ecb6b4f783f9829d9817f], PUP.Optional.MySpeedDial.A, C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, Mis en quarantaine, [a98d64876d0ecb6b4f783f9829d9817f], PUP.Optional.MySpeedDial.A, C:\Users\alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000010, Mis en quarantaine, [a98d64876d0ecb6b4f783f9829d9817f], PUP.Optional.Extutil.A, C:\Users\alex\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Mis en quarantaine, [c5714aa1f4877db925f6c41f5da5e020], PUP.Optional.Extutil.A, C:\Users\alex\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Mis en quarantaine, [c5714aa1f4877db925f6c41f5da5e020], PUP.Optional.Extutil.A, C:\Users\alex\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Mis en quarantaine, [c5714aa1f4877db925f6c41f5da5e020], PUP.Optional.Managera.A, C:\Users\alex\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Mis en quarantaine, [7eb84ba0e992e94dd7458f54dd25867a], PUP.Optional.Managera.A, C:\Users\alex\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Mis en quarantaine, [7eb84ba0e992e94dd7458f54dd25867a], Secteurs physiques: 0 (No malicious items detected) (end)