Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 08/06/2015
Heure de l'examen: 20:01:37
Fichier journal: scan log malware.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de données Malveillants: v2015.06.08.04
Base de données Rootkits: v2015.06.02.01
Licence: Gratuit
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Xavier

Type d'examen: Examen "Personnalisé"
Résultat: Terminé
Objets analysés: 775070
Temps écoulé: 4 h, 29 min, 7 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Activé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(Aucun élément malicieux détecté)

Modules: 0
(Aucun élément malicieux détecté)

Clés du Registre: 12
PUP.Optional.Snapdo.T, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Mis en quarantaine, [79cbc1f7335769cd38090f9500037a86], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Mis en quarantaine, [ba8a36826624b77f06585d0a5ea5916f], 
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}, Mis en quarantaine, [8db79820d2b8bb7b8ce490da7e855aa6], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{58124A0B-DC32-4180-9BFF-E0E21AE34026}, Mis en quarantaine, [2222f2c668222c0a75b2e9b7bd460000], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}, Mis en quarantaine, [9da77246a9e1261002272878e41fd32d], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Mis en quarantaine, [b58f793f92f8d1657cac3b65d0337a86], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\Datamngr, Mis en quarantaine, [7aca5b5d7515d95d63bc62ec18ed659b], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Mis en quarantaine, [b3910dab2e5c65d162eda2c05baa2cd4], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\CONDUIT\DistributionEngine, Mis en quarantaine, [91b377411f6b30064043b3d2fb0a6799], 
PUP.Optional.Ask.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}, Mis en quarantaine, [63e1c5f3f991270faa3f6d1847be3bc5], 
PUP.Optional.SearchResults.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}, Mis en quarantaine, [1034c9ef7e0c270f173968828d76d42c], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Mis en quarantaine, [4afae2d60d7d12249ec5a1b059ac758b], 

Valeurs du Registre: 9
PUP.Optional.01NetCom.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{8e5025c2-8ea3-430d-80b8-a14151068a6d}, Mis en quarantaine, [c87c80383456152150ccbbeaf2118d73], 
PUP.Optional.01NetCom.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{8E5025C2-8EA3-430D-80B8-A14151068A6D}, Mis en quarantaine, [c87c80383456152150ccbbeaf2118d73], 
PUP.BProtector, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, Mis en quarantaine, [61e36454b3d7f93d7ca477d7fd0807f9], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0003491, Mis en quarantaine, [62e24771117989adac84cca29570e61a]
PUP.Optional.Babylon.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), Mis en quarantaine, [b49011a7a1e97eb8a1278fec4abb0ff1]
PUP.Optional.Babylon.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, http://search.babylon.com/?q={searchTerms}&affID=113357&babsrc=SP_ss&mntrId=4a641f81000000000000222454f03f3a, Mis en quarantaine, [bc88fdbb8bff7bbb2df909e01be88977]
PUP.Optional.Ask.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}|URL, http://websearch.ask.com/redirect?client=ie&tb=NCE&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=6859DA50-0AF6-422C-8CCE-8BEE2DFC0D05&apn_sauid=4F4592B2-F472-4E7F-A443-AFFB118BDC1C, Mis en quarantaine, [63e1c5f3f991270faa3f6d1847be3bc5]
PUP.Optional.SearchResults.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}|URL, http://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}, Mis en quarantaine, [1034c9ef7e0c270f173968828d76d42c]
PUP.Optional.SearchQu.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=414&qu={searchTerms}&ft=json, Mis en quarantaine, [291b1d9bb9d17bbb6f4a7a048283758b]

Données du Registre: 6
PUP.Optional.HelperBar.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),Remplacé,[be86cdeb1e6c999db556be72ac5a4fb1]
PUP.Optional.Conduit, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com?SearchSource=10&ctid=CT3128284, Bon: (www.google.com), Mauvais: (http://search.conduit.com?SearchSource=10&ctid=CT3128284),Remplacé,[80c4ac0ca7e3d16566ac6acf3dc923dd]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),Remplacé,[89bb427698f24fe78d7e111ff3136898]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),Remplacé,[bd879820c4c6a492fe0fd55b8c7a3bc5]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),Remplacé,[9da73187b1d9132346c73bf530d65ba5]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-66331600-3547846421-4040723356-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}, Bon: (www.google.com), Mauvais: (http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=FR&userid=2b714431-ae05-4504-b3be-89848502a649&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}),Remplacé,[3212dddbc0ca7eb853b7dd538581748c]

Dossiers: 0
(Aucun élément malicieux détecté)

Fichiers: 10
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir, Mis en quarantaine, [94b023958cfe87af20b5a091bd439d63], 
PUP.Optional.Babylon.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Webplayer setup\MyBabylonTB.exe.vir, Mis en quarantaine, [f94b43758ffb6ec8c35f200119e76997], 
PUP.Optional.OptChrome.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\OptChrome.exe.vir, Mis en quarantaine, [5ee60cacb6d446f0f9fc36ea3fc1c739], 
PUP.Optional.SmartBar, C:\AdwCleaner\Quarantine\C\Users\Xavier\AppData\Roaming\OpenCandy\C7F5C860CCB04E099061B7F8E7DAF11E\LinkuryInstaller_p1v16.exe.vir, Mis en quarantaine, [4202a41429615cdaacc300308f710bf5], 
PUP.Optiona.ConduitTB.Gen, C:\Windows.old\Program Files (x86)\ConduitEngine\ConduitEngine.dll, Mis en quarantaine, [99abcaee83075adc87c3ee8762a49b65], 
Adware.QuestScan, C:\Windows.old\Program Files (x86)\QuestScan\uninstall.exe, Mis en quarantaine, [f64e4870543695a14f84d1e8d03541bf], 
PUP.Optional.OpenCandy, C:\Windows.old\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll, Mis en quarantaine, [f84c48700b7fa88e6d483d23b056bf41], 
PUP.Optional.BabylonToolBar.A, C:\Windows.old\Users\pc\AppData\Local\Babylon\Setup\Setup-tbmntr-9.0.2.2.cab, Mis en quarantaine, [3311b602593134025e2a2e2034cdc33d], 
PUP.Optional.RegCleanPro.C, C:\Windows.old\Windows\System32\roboot64.exe, Mis en quarantaine, [4ef6b800abdf0e286606c2b3b353f20e], 
Adware.QuestScan, C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab, Mis en quarantaine, [de66595fb9d1cc6af5de68513acb4cb4], 

Secteurs physiques: 0
(Aucun élément malicieux détecté)


(end)