Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 01/04/2016
Heure de l'analyse: 14:53
Fichier journal: MBAM.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.04.01.03
Base de données de rootkits: v2016.03.30.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: clemaire

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 397208
Temps écoulé: 16 min, 14 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 3
PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{500197C9-7964-44E6-A89D-BD3B52CADEA3}, Supprimer au redémarrage, [e5c2eebbbedb79bd9b3a088a0202d828], 
PUP.Optional.Gameo, HKU\S-1-5-21-2332428112-2949215490-4258926440-1172\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\9BCD9D00_0, En quarantaine, [dbcca5047e1b1026e2e9082358abe917], 
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4224477583-1470188463-1545588671-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ECDDBB7-7C77-11E5-826F-3065EC76DE93}, En quarantaine, [693ef1b8ebaee254724e66b7f60eee12], 

Valeurs du Registre: 7
PUP.Optional.PriceFountain, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{500197C9-7964-44E6-A89D-BD3B52CADEA3}|Path, \clemaireSecondedOverthrowerV2, Supprimer au redémarrage, [e5c2eebbbedb79bd9b3a088a0202d828]
PUP.Optional.Gameo, HKU\S-1-5-21-2332428112-2949215490-4258926440-1172\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\9bcd9d00_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0283&subsys_10250956&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Users\clemaire\AppData\Roaming\Gameo\gameo.exe%b{00000000-0000-0000-0000-000000000000}, En quarantaine, [dbcca5047e1b1026e2e9082358abe917]
PUP.Optional.NotChromeRun, HKU\S-1-5-21-2332428112-2949215490-4258926440-1172\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_033614146E633CE2AE730235C49F20BB, "C:\Users\clemaire\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session, En quarantaine, [02a5e9c04356082e1bd5d7537d87bd43]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4224477583-1470188463-1545588671-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ECDDBB7-7C77-11E5-826F-3065EC76DE93}|FaviconURL, http://homepage-web.com/favicon.ico, En quarantaine, [693ef1b8ebaee254724e66b7f60eee12]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4224477583-1470188463-1545588671-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ECDDBB7-7C77-11E5-826F-3065EC76DE93}|FaviconURLFallback, http://homepage-web.com/favicon.ico, En quarantaine, [43641297693044f2cdf3db42df2553ad]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4224477583-1470188463-1545588671-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ECDDBB7-7C77-11E5-826F-3065EC76DE93}|TopResultURL, https://secure.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, En quarantaine, [f1b66c3d712812249d2348d520e4f808]
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4224477583-1470188463-1545588671-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3ECDDBB7-7C77-11E5-826F-3065EC76DE93}|URL, https://secure.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}, En quarantaine, [2087f5b46336181ec5fb69b47c88b34d]

Données du Registre: 1
PUP.Optional.HomePageHelper, HKU\S-1-5-21-4224477583-1470188463-1545588671-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://homepage-web.com/?s=acer&m=start, Bon : (www.google.com), Mauvais : (http://homepage-web.com/?s=acer&m=start),Remplacé,[8f18f0b95544de58908d2801aa5b53ad]

Dossiers: 1
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 

Fichiers: 14
PUP.Optional.PriceFountain, C:\Users\clemaire\AppData\Local\Temp\MalapropsTickled.dll, En quarantaine, [406781286d2c0d2975321be02dd46d93], 
PUP.Optional.PriceFountain, C:\Users\clemaire\AppData\Local\SecondedOverthrower\MalapropsTickled.dll, En quarantaine, [c7e03f6a455491a5dec9d922d62b966a], 
PUP.Optional.PriceFountain, C:\Windows\System32\Tasks\clemaireSecondedOverthrowerV2, En quarantaine, [00a712975742e5514f44c6bfe91b4bb5], 
PUP.Optional.Palikan, C:\Users\clemaire\AppData\LocalLow\Microsoft\Internet Explorer\Services\Palikan.ico, En quarantaine, [04a315946b2eac8a7060c0c8b0546c94], 
PUP.Optional.Gameo, C:\Users\clemaire\AppData\Local\Chromium\User Data\Default\Local Storage\http_gameoapp.com_0.localstorage, En quarantaine, [03a43f6af8a139fd4a3f7b1245bfef11], 
PUP.Optional.Gameo, C:\Users\clemaire\AppData\Local\Chromium\User Data\Default\Local Storage\http_gameoapp.com_0.localstorage-journal, En quarantaine, [f3b42f7a2c6d84b25e2b4b42e1236a96], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\Rkey.dat, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\amazon.fr .lnk, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\amazon.fr.ico, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\amazon.fr.lnk, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\amazon.fr.smenu.URL, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\amazon.fr.tbar.URL, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\BrutThusly.dat, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 
PUP.Optional.PriceFountain.Gen, C:\Users\clemaire\AppData\Local\SecondedOverthrower\uninst.exe, En quarantaine, [4f58ecbddfba06301d01d482887d629e], 

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)