Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 29/10/2014 Heure de l'examen: 16:02:09 Fichier journal: malware 1.txt Administrateur: Oui Version: 2.00.3.1025 Base de données Malveillants: v2014.10.29.05 Base de données Rootkits: v2014.10.22.01 Licence: Essai Protection contre les malveillants: Activé(e) Protection contre les sites Web malveillants: Activé(e) Auto-protection: Désactivé(e) Système d'exploitation: Windows 7 Service Pack 1 Processeur: x86 Système de fichiers: NTFS Utilisateur: Client Type d'examen: Examen "Personnalisé" Résultat: Terminé Objets analysés: 380267 Temps écoulé: 1 h, 17 min, 34 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Activé(e) Heuristique: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 0 (Aucun élément malicieux detecté) Modules: 0 (Aucun élément malicieux detecté) Clés du Registre: 0 (Aucun élément malicieux detecté) Valeurs du Registre: 0 (Aucun élément malicieux detecté) Données du Registre: 0 (Aucun élément malicieux detecté) Dossiers: 1 PUP.Optional.MindSpark.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\TelevisionFanatic, Mis en quarantaine, [1fa2080f641835017cb6728dee148f71], Fichiers: 44 PUP.Optional.Desk365.A, C:\Users\Client\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDOJUBMX\component_libcef_1.1364.1123[1].exe, Mis en quarantaine, [9031e43337458caa9c22bd9b64a1c739], PUP.Optional.Desk365.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Desk 365\Desk 365\components\component_libcef_1.1364.1123.exe, Mis en quarantaine, [a120f225f983e056c3fb79dfc83d748c], PUP.Optional.AztecMedia.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\Helper.dll, Mis en quarantaine, [9e233addf38995a176cd33d60cf9b44c], PUP.Optional.AztecMedia.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\Internet Explorer Settings.ex_, Mis en quarantaine, [b60b19fe493373c382af8d7c4cb9867a], PUP.Optional.AztecMedia.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\syskldr.dll, Mis en quarantaine, [e4dd1205a0dc44f249e9f71216ef02fe], PUP.Optional.AztecMedia.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\syskldr_u.dll, Mis en quarantaine, [418005124c30d95df33fb950e71e26da], PUP.Optional.SystemK.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\systemk.dll, Mis en quarantaine, [b40dd641e696f343082ce2b1cc35bd43], PUP.Optional.SystemK.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\systemkbho.dll, Mis en quarantaine, [8f32f522a9d3023491a3920133ce60a0], PUP.Optional.SystemK.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\systemkmgrc1.cfg, Mis en quarantaine, [368bd245572504322a0abad98978b14f], PUP.Optional.SystemK.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\systemku.ex_, Mis en quarantaine, [e2df41d63f3d0630a193dbb809f8d62a], PUP.Optional.Linkey.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\tbicon.ex_, Mis en quarantaine, [c4fd9d7a0d6f999dec9aa2fbd0315ba5], PUP.Optional.Linkey.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\Settings Manager\systemk\Uninstall.exe, Mis en quarantaine, [0fb2df38fa824fe7285ff1ac9869f808], PUP.Optional.OSProtect.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\PCTRunner\MyOSProtect.exe, Mis en quarantaine, [4b7646d1a1db2c0a76ff2f94dc2527d9], PUP.Optional.OSProtect.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\PCTRunner\pcwatch.sys, Mis en quarantaine, [6f52a96ef28ac670274dbf0413eeea16], Trojan.MSIL, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\HomeTab\STInst.exe, Mis en quarantaine, [5170fe1943398caaa5c229022cd525db], PUP.Optional.SupTab.A, C:\Users\Client\AppData\Roaming\ZHP\Quarantine\SupTab\SupTab.dll, Mis en quarantaine, [715067b0d5a7979f493c7abbe61a7987], PUP.Optional.FastBrowser.A, C:\ProgramData\Setup.exe, Mis en quarantaine, [fac7b7603d3f4bebb9434d0d05fbff01], PUP.Optional.MindSpark.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\searchplugins\ask-web-search.xml, Mis en quarantaine, [c0017f98324a21154da18fb2778c718f], PUP.Optional.MindSpark.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\TelevisionFanatic\2955EFE6-2C84-4CEC-B02A-304EDDF49921.sqlite, Mis en quarantaine, [1fa2080f641835017cb6728dee148f71], PUP.Optional.ASK.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\prefs.js, Bon: (), Mauvais: (user_pref("browser.startup.homepage", "http://home.tb.ask.com/index.jhtml?ptb=2955EFE6-2C84-4CEC-B02A-304EDDF49921&n=780cc516&p2=^XP^xdm556^YYA^fr&si=CIWJgqL2z8ECFSsTwwod2xkAoQ");), Remplacé,[ecd5f126007c94a2b7d1c8a0788d37c9] PUP.Optional.ASK.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\prefs.js, Bon: (), Mauvais: (733,\"c\":\"mindspark.tvlistings\",\"p\":\"L.9\"},{\"b\":221340734,\"c\":\"mindspark.videos\",\"p\":\"L.10\"},{\"b\":221340736,\"c\":\"mindspark.facebook\",\"v\":\"1.2.3\",\"p\":\"L.11\"},{\"b\":221340737,\"c\":\"mindspark.), Remplacé,[8f32898e2b51b482b7d1f4745ca90ef2] PUP.Optional.ASK.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\prefs.js, Bon: (), Mauvais: (user_pref("keyword.URL", "http://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=2955EFE6-2C84-4CEC-B02A-304EDDF49921&n=780cc516&ind=2014102806&p2=^XP^xdm556^YYA^fr&si=CIWJgqL2z8ECFSsTwwod2xkAoQ&searchfor=");), Remplacé,[a61be3345c200630bbcea9bf3acb649c] PUP.Optional.MySearch.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (user_pref("extensions.irmysearch.cr", "1112751760");), Remplacé,[3a87d83fb4c8fc3a980f85e22bdac937] PUP.Optional.MySearch.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (mysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); user_pref("extensions.mysearchdial.srchPrvdr", 2Y1L1QzutDtDtCyBt630736&ir="); user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtCyBt630736&ir=&q="); user_pref("extensions.mysearchdial.id", "0017318D87C1E59E"); us), Remplacé,[d0f1928597e52610287f7ee9f015e41c] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (user_pref("extensions.mysearchdial.srchPrvdr", 2Y1L1QzutDtDtCyBt630736&ir=");), Remplacé,[19a8f42393e958de3b7593d46a9b30d0] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (tN0BtAtDtC1N1R&cr=78630736&ir="); user_pref("extensions.mysearchdial.srchPrvdr", 2Y1L1QzutDtDtCyBt630736&ir="); user_pref("extensions.mysea), Remplacé,[e2dfa57295e7fb3b139d4a1d1bea629e] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (hdial.srchPrvdr", 2Y1L1QzutDtDtCyBt630736&ir="); user_pref(), Remplacé,[d6eb64b31b615dd90aa6db8c4bba669a] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); u), Remplacé,[4e7373a4b0ccb6803d73ec7bf90c718f] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (ysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir=")), Remplacé,[12af04138af2ae88c5eb1057b74ebe42] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (mysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir=")), Remplacé,[517064b343390c2a416f9acdd43140c0] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (ysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); user_pr), Remplacé,[cef352c5433930060fa1a4c3da2b2fd1] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); user_pref("ex), Remplacé,[754c1afdbfbdb086f3bd9ccbb352d32d] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (zzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); user_p), Remplacé,[dde49f786a12eb4b515fd98ef1147a86] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); us), Remplacé,[13ae60b72b517eb877396601a26336ca] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (iz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); ), Remplacé,[7f421bfcfc8051e5fcb470f740c56898] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (ysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir=), Remplacé,[12aff225f08c4aec2789a8bf5da85ca4] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (s.mysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=7863073), Remplacé,[744ddb3c0478e84e258b1c4b9075bf41] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (ons.mysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=7863), Remplacé,[f0d1a077493356e0cce4442355b008f8] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (ions.mysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); user_pref("extension), Remplacé,[1aa7af68b0cce650b000fd6a4fb652ae] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (tC1N1R&cr=78630736&ir="); user_pref("extensions.m), Remplacé,[b809fc1b730962d4446c68ff62a3dd23] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (ons.mysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=7863073), Remplacé,[15ac20f7661622148e22115631d49e62] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (s.mysiz0DzzyB0CtC0EyDzy0EtN0BtAtDtC1N1R&cr=78630736&ir="); user_pref("extensions.mysearchdial.srchPrvdr), Remplacé,[04bde82f0b71d2642a8602650ff69070] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (="); user_pref("extensions.mysearchdial.), Remplacé,[7f426fa888f494a2159b7dea52b340c0] PUP.Optional.MySearchDial.A, C:\Users\Client\AppData\Roaming\Mozilla\Firefox\Profiles\n123ckw3.default\user.js, Bon: (), Mauvais: (user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzutDtDtCyBt630736&ir=&q=");), Remplacé,[358c31e6e89432047c35283f5fa69967] Secteurs physiques: 0 (Aucun élément malicieux detecté) (end)