Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 12/07/2015 Heure de l'analyse: 13:59 Fichier journal: nnnnnnn.txt Administrateur: Oui Version: 2.1.8.1057 Base de données de programmes malveillants: v2015.07.12.02 Base de données de rootkits: v2015.07.10.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Isa Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 368443 Temps écoulé: 48 min, 50 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 0 (Aucun élément malveillant détecté) Clés du registre: 8 PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9A7F56E2-80EE-4DB2-93ED-4DB7758E7B1D}, En quarantaine, [bb27a53b5d2d73c3b0057d0e7a8a4ab6], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C5CCCF0-E9B8-49D9-96C8-32B5DD81C55F}, En quarantaine, [69791dc3cac04ceac6f0b1da54b037c9], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DE8D1FD0-2052-4D38-B839-71CEF754BC6A}, En quarantaine, [558da0402a60fe38981f701b5ba98e72], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{284B5D55-238B-427D-A224-521FF37C8D97}, En quarantaine, [984a36aa3357c670f7bd4a4145bf817f], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5AD06063-C92D-4E9D-B556-9EE16096141A}, En quarantaine, [e9f91cc4e8a2d660199af09bb0548a76], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AFC8A275-E2E1-48A1-8C34-DE17DDC9DA9E}, En quarantaine, [3ba76080cdbdfb3b11a2c0cb9173c937], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D9A5ED00-C381-4311-BC99-7E5B8775B8EF}, En quarantaine, [38aabe2214769e98fcb891facf354cb4], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2289620-A7BD-47E3-A8F6-B8A875CFDAD6}, En quarantaine, [28ba99471674ab8bc0f4800b08fc768a], Valeurs du registre: 8 PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9a7f56e2-80ee-4db2-93ed-4db7758e7b1d}|AppName, Plus-HD-1.5-bg.exe, En quarantaine, [bb27a53b5d2d73c3b0057d0e7a8a4ab6] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9c5cccf0-e9b8-49d9-96c8-32b5dd81c55f}|AppName, Plus-HD-1.5-buttonutil.exe, En quarantaine, [69791dc3cac04ceac6f0b1da54b037c9] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{de8d1fd0-2052-4d38-b839-71cef754bc6a}|AppName, Plus-HD-1.5-codedownloader.exe, En quarantaine, [558da0402a60fe38981f701b5ba98e72] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{284B5D55-238B-427D-A224-521FF37C8D97}|AppName, da8fa2ef-3bbd-479e-b766-ff78b3117760-2.exe-codedownloader.exe, En quarantaine, [984a36aa3357c670f7bd4a4145bf817f] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5AD06063-C92D-4E9D-B556-9EE16096141A}|AppName, fb97f3f1-3735-4582-966f-47d5ae99bf9b-2.exe-buttonutil.exe, En quarantaine, [e9f91cc4e8a2d660199af09bb0548a76] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AFC8A275-E2E1-48A1-8C34-DE17DDC9DA9E}|AppName, da8fa2ef-3bbd-479e-b766-ff78b3117760-2.exe-buttonutil.exe, En quarantaine, [3ba76080cdbdfb3b11a2c0cb9173c937] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D9A5ED00-C381-4311-BC99-7E5B8775B8EF}|AppName, fb97f3f1-3735-4582-966f-47d5ae99bf9b-2.exe-codedownloader.exe, En quarantaine, [38aabe2214769e98fcb891facf354cb4] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1166947694-10271758-3244711215-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2289620-A7BD-47E3-A8F6-B8A875CFDAD6}|AppName, fb97f3f1-3735-4582-966f-47d5ae99bf9b-2.exe-codedownloader.exe, En quarantaine, [28ba99471674ab8bc0f4800b08fc768a] Données du registre: 0 (Aucun élément malveillant détecté) Dossiers: 5 PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\libraries, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\resources, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\_metadata, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], Fichiers: 22 PUP.Optional.Bandoo, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\iLividSetupV1.exe, En quarantaine, [974bd30df3977cba8d116e79f907d42c], PUP.Optional.WPM.A, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\ProtectWindowsManager.exe, En quarantaine, [1ac85888a2e8bc7a2446c666b64b34cc], PUP.Optional.SearchProtect, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\SupTab\Loader64.exe, En quarantaine, [fce620c0cebc66d09aa31832b94802fe], PUP.Optional.IePluginService.A, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\SupTab\SupIePluginServiceUpdate.exe, En quarantaine, [41a1914f65255fd77cd7c74e41c018e8], PUP.Optional.Browserwatch, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\XTab\BrowerWatchFF.dll, En quarantaine, [dd05d907800adf5715d6b16521e4f30d], PUP.Optional.SearchProtect, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\XTab\BrowserAction.dll, En quarantaine, [a33ff4ec5f2b60d634e97318b54ca45c], PUP.Optional.Giner, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\XTab\CmdShell.exe, En quarantaine, [439fb729a9e114228fe81d437491a35d], PUP.Optional.XTab.A, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\XTab\ProtectService.exe, En quarantaine, [2fb38e52f199eb4bb67a57049e631de3], PUP.Optional.Giner, C:\Users\Isa\AppData\Roaming\ZHP\Quarantine\XTab\SupTab.dll, En quarantaine, [4d955789f49673c392e5c29e976ed927], PUP.Optional.InstallCore, C:\Users\Isa\Downloads\media.player.codec.pack.v4.2.8.setup.exe, En quarantaine, [22c04e9214761c1a017076ad02fef010], PUP.Optional.RegCleanerPro, C:\Users\Isa\Downloads\rcpsetup_marim_marm.exe, En quarantaine, [8b5734ac345656e0640d38b0e11f60a0], PUP.Optional.OpenCandy, C:\Users\Isa\Downloads\media.player.codec.pack.v4.2.8.setup [1].exe, En quarantaine, [826000e0602a1125d3689eb53cc9e61a], PUP.Optional.SnapDo.A, C:\Windows\Installer\5a4bc04.msi, En quarantaine, [9d45825ec2c8c571852ac4650ef3b749], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\manifest.json, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\background.html, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\logo_128.png, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\main.js, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\libraries\ContentScript.js, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\libraries\DataExchangeScript.js, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\resources\LocalScript.js, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\_metadata\computed_hashes.json, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], PUP.Optional.NewGame.A, C:\Users\Isa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodponhjpcnaaijglglnffipckccbcpm\2.0.0.438_0\_metadata\verified_contents.json, En quarantaine, [cb171bc5cdbd0b2ba86297cc6b9ac13f], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)