Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 03/08/2015 Heure de l'examen: 17:33:14 Fichier journal: malwere.txt Administrateur: Oui Version: 2.00.0.1000 Base de données Malveillants: v2015.08.03.03 Base de données Rootkits: v2015.08.03.01 Licence: Premium Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Chameleon: Désactivé(e) Système d'exploitation: Windows 8.1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Ghizlane Type d'examen: Examen "Menaces" Résultat: Terminé Objets analysés: 352429 Temps écoulé: 1 h, 27 min, 0 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Activé(e) Shuriken: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Clés du Registre: 6 PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035497.Sandbox.1, Mis en quarantaine, [2bd51be58e724db342a068d5976cc040], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0035497.Sandbox.1, Mis en quarantaine, [a15fa35dda26ac547270093472913ac6], PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-V1.1, Mis en quarantaine, [e61a40c0ed137e821c9e68e737ccfd03], PUP.Optional.Pricora.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Pricora 1.1, Mis en quarantaine, [629ebb4502fea15fe8010255a55e946c], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311541197}, Mis en quarantaine, [13ed28d89f610cf464d0e765788dc739], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311541197}, Mis en quarantaine, [13ed28d89f610cf464d0e765788dc739], Valeurs du Registre: 1 PUP.Optional.HomeTab.A, HKU\S-1-5-21-1006023229-1874549173-2808874344-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://cdn1.browsersecurity.net/safe/cloud.js?si=77302&tid=18195&ver=5.7&ts=1403467361615&tguid=77302-18195-1403467361615-E2D37CD2251C4C2A8A322373A9D84ABE, Mis en quarantaine, [8c74f10fb54bc43c3f694d0b6a991ce4] Données du Registre: 1 PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1006023229-1874549173-2808874344-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si=77302&st=bs&tid=18195&ver=5.7&ts=1403388000000.000000&tguid=77302-18195-1403467361615-E2D37CD2251C4C2A8A322373A9D84ABE&q=%s, Bon: (www.google.com), Mauvais: (http://search.certified-toolbar.com?si=77302&st=bs&tid=18195&ver=5.7&ts=1403388000000.000000&tguid=77302-18195-1403467361615-E2D37CD2251C4C2A8A322373A9D84ABE&q=%s),Remplacé,[22de6b95a0607a86c612a4a29372738d] Dossiers: 7 PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\net_search, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Datamngr.A, C:\Users\Ghizlane\AppData\LocalLow\DataMngr, Mis en quarantaine, [5ba5bb45857b867abb8917cb778ba759], PUP.Optional.CrossRider.A, C:\Users\Ghizlane\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bnlcafindgcpjenlgoekciffahknjebo_0, Mis en quarantaine, [2dd3eb159f61e51b490b717220e240c0], PUP.Optional.CrossRider.A, C:\Users\Ghizlane\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bnlcafindgcpjenlgoekciffahknjebo, Mis en quarantaine, [de22a8583ec2f20e1b434c97a1618d73], PUP.Optional.GenesisOffers, C:\Users\Ghizlane\AppData\Local\Genesis_06221935, Mis en quarantaine, [19e79b65d12ff10fd15437bdb15119e7], Fichiers: 49 Trojan.Downloader, C:\Users\Ghizlane\AppData\Roaming\trz1165.tmp, Mis en quarantaine, [0af60af611efe917b40484b58f718080], Adware.Illyx, C:\Users\Ghizlane\AppData\Roaming\trzFD51.tmp, Mis en quarantaine, [7d836f91f40cd32dd40110212fd243bd], PUP.Optional.ICS, C:\Users\Ghizlane\Downloads\FileOpenerSetup.exe, Mis en quarantaine, [3bc5de22dc24b24ee5621e183fc2a858], PUP.Optional.InstallCore.A, C:\Users\Ghizlane\Downloads\Firefox_Setup_21.0_fr.exe, Mis en quarantaine, [5ca420e02dd3bf41ba842780f1107f81], PUP.Optional.Amonetize, C:\Users\Ghizlane\Downloads\FlashPlayersetup__5221_i935075725_il72.exe, Mis en quarantaine, [916f80808c74e81883c747f1af525ca4], PUP.Optional.Amonetize, C:\Users\Ghizlane\Downloads\FlashPlayersetup__5221_i935077024_il72.exe, Mis en quarantaine, [7e82a0608f712cd4e664ab8d18e9e11f], PUP.Optional.Amonetize, C:\Users\Ghizlane\Downloads\FlashPlayersetup__5221_i935077516_il72.exe, Mis en quarantaine, [e11fe91750b08d7363e78badd829ab55], PUP.Optional.InstallCore.A, C:\Users\Ghizlane\Downloads\SkypeSetup.exe, Mis en quarantaine, [1be5837df8081de3fa88be4cf510f30d], PUP.Optional.MultiPlug, C:\Users\Ghizlane\Downloads\webplayer-foot.exe, Mis en quarantaine, [de22dc24e11f54ac02bbea4f99672ed2], PUP.Optional.Downloader, C:\Users\Ghizlane\Downloads\Setup.exe, Mis en quarantaine, [c23e15eb23ddd828e5528ba4bc45e51b], PUP.Optional.OptimumInstaller.A, C:\Users\Ghizlane\Downloads\Player-Chrome.exe, Mis en quarantaine, [02fe25dbe21efc049c382ae95ba6c63a], PUP.Optional.Downloader, C:\Users\Ghizlane\Downloads\Player.exe, Mis en quarantaine, [05fb00000cf420e03ef99d927c858d73], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\config.ini, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\everything.dll, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\everything.exe, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\helper.dll, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\Patch.dll, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\SearchBase.db, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\SearchBase.exe, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\SearchHand.dll, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\SFKEX.dll, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\SFKEX.exe, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\SFKEX64.dll, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\SFKEX64.exe, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\uninst.exe, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\update.exe, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\net_search\bing.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\net_search\google.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\net_search\search_config.ini, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\net_search\SFK.ini, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\net_search\SFKEX.ini, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\net_search\yahoo.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\bing.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\caret.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\FileListItem.xml, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\FileListItem_bing.xml, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\FileListItem_google.xml, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\frame.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\frame2.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\google.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\guide.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\icon_search.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\mainpanel.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\MainPannel.xml, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\panel_base.xml, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\search_content_list.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\WndMask.xml, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Everything.A, C:\Users\Ghizlane\AppData\Everything\skin\yahoo.png, Mis en quarantaine, [07f967995ba5bd43307ec053c43f916f], PUP.Optional.Datamngr.A, C:\Users\Ghizlane\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}64, Mis en quarantaine, [5ba5bb45857b867abb8917cb778ba759], Secteurs physiques: 0 (No malicious items detected) (end)