Malwarebytes Anti-Malware www.malwarebytes.org Date de l'examen: 14/09/2014 Heure de l'examen: 15:14:25 Fichier journal: mbam.txt Administrateur: Oui Version: 2.00.2.1012 Base de données Malveillants: v2014.03.04.09 Base de données Rootkits: v2014.02.20.01 Licence: Gratuite Protection contre les malveillants: Désactivé(e) Protection contre les sites Web malveillants: Désactivé(e) Self-protection: Désactivé(e) Système d'exploitation: Windows Vista Service Pack 2 Processeur: x86 Système de fichiers: NTFS Utilisateur: Christian Type d'examen: Examen "Personnalisé" Résultat: Terminé Objets analysés: 459417 Temps écoulé: 2 h, 39 min, 53 sec Mémoire: Activé(e) Démarrage: Activé(e) Système de fichiers: Activé(e) Archives: Activé(e) Rootkits: Désactivé(e) Heuristics: Activé(e) PUP: Activé(e) PUM: Activé(e) Processus: 2 Adware.Boxore, C:\Program Files\Boxore\BoxoreClient\boxore.exe, 3348, Supprimé-au-redémarrage, [242500ff5e1c1b1b98b1538cfb052fd1] Adware.Boxore, C:\Program Files\Boxore\BoxoreClient\boxore.exe, 3040, Supprimé-au-redémarrage, [242500ff5e1c1b1b98b1538cfb052fd1] Modules: 0 (No malicious items detected) Clés du Registre: 10 PUP.Optional.SweetPacks, HKU\S-1-5-21-3938741510-3761761687-1418677488-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Mis en quarantaine, [094039c67406b185fb7072cf08fa8f71], PUP.Optional.SweetPacks, HKU\S-1-5-21-3938741510-3761761687-1418677488-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Mis en quarantaine, [094039c67406b185fb7072cf08fa8f71], PUP.Optional.WebCake.A, HKU\S-1-5-21-3938741510-3761761687-1418677488-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, Mis en quarantaine, [0940c23d4e2c82b4ab5b8fe5e121c23e], PUP.Optional.DomaIQ, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DMUninstaller, Mis en quarantaine, [64e532cd0278fd39e031b56f05ff4cb4], Adware.Boxore, HKLM\SOFTWARE\Boxore, Mis en quarantaine, [99b059a686f4e35375362b4a17ec21df], PUP.Optional.NationZoom.A, HKLM\SOFTWARE\nationzoomSoftware, Mis en quarantaine, [49004eb14a3094a2e14aa813fc07e917], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Mis en quarantaine, [95b49e616218b4823e682591927112ee], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\Updater By Sweetpacks, Mis en quarantaine, [97b2748b5129f1451f45dfd19a695ea2], PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.7, Mis en quarantaine, [64e51de2a8d2cc6a149c8f002ad838c8], PUP.Optional.Qone8, HKU\S-1-5-21-3938741510-3761761687-1418677488-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Mis en quarantaine, [5fea02fd83f7082ea6ff4472ca3951af], Valeurs du Registre: 2 PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403a-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, Mis en quarantaine, [f95038c73248082ea7ca843253b0e020] PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403a-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, Mis en quarantaine, [e762d52abebcfe384130ded89f647a86] Données du Registre: 7 PUP.Optional.NationZoom.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com/?type=sc&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220, Bon: (iexplore.exe), Mauvais: (C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com/?type=sc&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220),Remplacé,[9faa5ca3eb8fa88e1b7d2cf9c143a35d] PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.nationzoom.com/?type=hp&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220, Bon: (http://www.google.com), Mauvais: (http://www.nationzoom.com/?type=hp&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220),Remplacé,[6bdeec1387f3e84e613a071eee1617e9] PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.nationzoom.com/?type=hp&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220, Bon: (http://www.google.com), Mauvais: (http://www.nationzoom.com/?type=hp&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220),Remplacé,[40099768daa07eb84e4b5ec7ac58c739] PUP.Optional.NationZoom.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.nationzoom.com/web/?type=ds&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220&q={searchTerms}, Bon: (http://www.google.com), Mauvais: (http://www.nationzoom.com/web/?type=ds&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220&q={searchTerms}),Remplacé,[cb7e20dfbac03ef8b6e4dd48a95bd62a] PUP.Optional.NationZoom, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.nationzoom.com/web/?type=ds&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220&q={searchTerms}, Bon: (http://www.google.com), Mauvais: (http://www.nationzoom.com/web/?type=ds&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220&q={searchTerms}),Remplacé,[1b2ead52ed8d3501385451de679d8080] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[9cadf906d5a5f3433112fe317193e11f] PUP.Optional.NationZoom.A, HKU\S-1-5-21-3938741510-3761761687-1418677488-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.nationzoom.com/?type=hp&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220, Bon: (http://www.google.com), Mauvais: (http://www.nationzoom.com/?type=hp&ts=1388306062&from=tugs&uid=WDCXWD1600BEVS-08RST2_WD-WXC508J9022090220),Remplacé,[5bee6e91fe7c20162b6ac56031d35da3] Dossiers: 2 PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater, Mis en quarantaine, [71d88877463446f0f4e2b0d7e81abc44], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0, Mis en quarantaine, [71d88877463446f0f4e2b0d7e81abc44], Fichiers: 24 Adware.Boxore, C:\Program Files\Boxore\BoxoreClient\boxore.exe, Supprimé-au-redémarrage, [242500ff5e1c1b1b98b1538cfb052fd1], PUP.Optional.Adwareplugin, C:\Program Files\Bench\Updater\1.7.0.0\updater.exe, Mis en quarantaine, [87c208f780fa0c2ab74ac6537d87b947], PUP.Optional.OpenCandy, C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll, Mis en quarantaine, [0e3b1ce3b8c22b0bb333e26f40c43ec2], PUP.Optional.DomaIQ, C:\Program Files\Uninstaller\Uninstall.exe, Mis en quarantaine, [64e532cd0278fd39e031b56f05ff4cb4], PUP.Optional.Solimba, C:\Users\Christian\Downloads\Setup (1).exe, Mis en quarantaine, [3f0a3ec181f9f0464a3f30178a776f91], PUP.Optional.Solimba, C:\Users\Christian\Downloads\Setup (2).exe, Mis en quarantaine, [19307887ccae2a0cee9be661ed14e11f], PUP.Optional.Solimba, C:\Users\Christian\Downloads\Setup (3).exe, Mis en quarantaine, [f45526d97bff6ec8e7a2cd7a8c75bd43], PUP.Optional.Solimba, C:\Users\Christian\Downloads\Setup.exe, Mis en quarantaine, [94b5718e8ded6ccab7d2e364857c3bc5], PUP.Optional.Soft32.A, C:\Users\Christian\Downloads\directx 9 redistributable setup (1).exe, Mis en quarantaine, [63e6bf402a50280ec2732c267889e51b], PUP.Optional.Soft32.A, C:\Users\Christian\Downloads\directx 9 redistributable setup.exe, Mis en quarantaine, [f95098673e3c5adc161f1b3715ec966a], PUP.Optional.BundleInstaller.A, C:\Users\Christian\Downloads\Java (1).exe, Mis en quarantaine, [cd7c6c93413984b2512a0c7b4db4a759], PUP.Optional.BundleInstaller.A, C:\Users\Christian\Downloads\Java.exe, Mis en quarantaine, [ce7b8e7103772e080daf94e13dc34fb1], PUP.Optional.BundleInstaller.A, C:\Users\Christian\Downloads\Java7.exe, Mis en quarantaine, [d574d32cd6a456e08537660fcf319b65], PUP.Optional.RegCleanPro, C:\Users\Christian\Downloads\mmil_myil291431 (1).exe, Mis en quarantaine, [4cfda45ba9d11f171561681a4fb16f91], PUP.Optional.RegCleanPro, C:\Users\Christian\Downloads\mmil_myil291431 (2).exe, Mis en quarantaine, [4aff9669d6a4280e9ed8c7bb9d63eb15], PUP.Optional.RegCleanPro, C:\Users\Christian\Downloads\mmil_myil291431 (3).exe, Mis en quarantaine, [bd8c0ef1235733036e083250ab5545bb], PUP.Optional.RegCleanPro, C:\Users\Christian\Downloads\mmil_myil291431 (4).exe, Mis en quarantaine, [db6e7d826614c96ddc9a4a3877890af6], PUP.Optional.RegCleanPro, C:\Users\Christian\Downloads\mmil_myil291431.exe, Mis en quarantaine, [78d158a7e3973501b1c5c3bfee1253ad], PUP.Optional.SweetIM, C:\Windows\Installer\107f8f.msi, Mis en quarantaine, [28215fa09fdb63d32057cb86f1137789], PUP.Optional.NewTab.A, C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Mis en quarantaine, [73d61fe0e595350177a3d0c13fc38d73], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, Mis en quarantaine, [0b3e25da5d1dc472ad7be1b5d32fa957], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-Updater removing.job, Mis en quarantaine, [f950e21d2c4e93a3e246b7df0bf71ae6], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\products.xml, Mis en quarantaine, [71d88877463446f0f4e2b0d7e81abc44], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\updater.exe, Mis en quarantaine, [71d88877463446f0f4e2b0d7e81abc44], Secteurs physiques: 0 (No malicious items detected) (end)