cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 26/04/2015
Heure de l'examen: 15:31:38
Fichier journal: scan.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de donn�es Malveillants: v2015.04.26.02
Base de donn�es Rootkits: v2015.04.21.01
Licence: Gratuit
Protection contre les malveillants: D�sactiv�(e)
Protection contre les sites Web malveillants: D�sactiv�(e)
Auto-protection: D�sactiv�(e)

Syst�me d'exploitation: Windows 8.1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: jean

Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 338740
Temps �coul�: 12 min, 6 sec

M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: D�sactiv�(e)
Heuristique: Activ�(e)
PUP: Activ�(e)
PUM: Activ�(e)

Processus: 1
PUP.Optional.BreakingNewsAlert.A, C:\ProgramData\xuaniwp\UWVlqfPoWWQ.exe, 2308, Supprim�-au-red�marrage, [2752152e9dedba7c4b61260417eb817f]

Modules: 0
(Aucun �l�ment malicieux d�tect�)

Cl�s du Registre: 11
PUP.Optional.BreakingNewsAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UWVlqfPoWWQ, Mis en quarantaine, [2752152e9dedba7c4b61260417eb817f],
PUP.Optional.Amonetize.A, HKU\S-1-5-21-3705669381-3522138832-1874321834-1001_Classes\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Mis en quarantaine, [5d1c61e28dfdff3784a75f04d22e49b7],
PUP.Optional.Amonetize.A, HKU\S-1-5-21-3705669381-3522138832-1874321834-1001_Classes\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Mis en quarantaine, [5d1c61e28dfdff3784a75f04d22e49b7],
PUP.Optional.Trovi.A, HKU\S-1-5-21-3705669381-3522138832-1874321834-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, Mis en quarantaine, [a4d5df64583278be9f2c779fad5646ba],
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, Mis en quarantaine, [a4d5df64583278be9f2c779fad5646ba],
PUP.Optional.Trovi.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, Mis en quarantaine, [a4d5df64583278be9f2c779fad5646ba],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Mis en quarantaine, [6712c1822565a294ffa0b95db2531be5],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Mis en quarantaine, [6a0fd1722268fb3b9f00779fa75e50b0],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{a4b494b4}, Mis en quarantaine, [07723e05b5d55adc7c0aebe61ae9b749],
PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Mis en quarantaine, [ccaddc67ddad2f07c132d3d1a06347b9],
PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Mis en quarantaine, [0079b291cbbfdf571ad9d9cb39ca3fc1],

Valeurs du Registre: 1
PUP.Optional.Amonetize.A, HKU\S-1-5-21-3705669381-3522138832-1874321834-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SwvUpdtr, C:\Users\jean\AppData\Local\17078\Updater.exe /reg, Mis en quarantaine, [5d1c61e28dfdff3784a75f04d22e49b7]

Donn�es du Registre: 6
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589),Remplac�,[0e6b4201c6c487afb6487d64e91cca36]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589),Remplac�,[a6d32f14682205317789ebf7a065a759]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589),Remplac�,[50296ed54a40c96d6f8ff4ed21e4be42]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589),Remplac�,[d7a292b1404aa78f7b85e8fafe074cb4]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3705669381-3522138832-1874321834-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589),Remplac�,[9fda84bf1476e35334c7c120a1644db3]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3705669381-3522138832-1874321834-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589, Bon: (www.google.com), Mauvais: (http://www.sweet-page.com/?type=hp&ts=1406821170&from=cor&uid=ST1000LM024XHN-M101MBB_S32XJ9EF413589),Remplac�,[adcc281b652584b2936717caa4619c64]

Dossiers: 1
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, Mis en quarantaine, [21588ab9583275c1b521fa900ef5f010],

Fichiers: 62
PUP.Optional.BreakingNewsAlert.A, C:\ProgramData\xuaniwp\UWVlqfPoWWQ.exe, Supprim�-au-red�marrage, [2752152e9dedba7c4b61260417eb817f],
PUP.Optional.Amonetize.A, C:\Users\jean\AppData\Local\17078\Updater.exe, Mis en quarantaine, [5d1c61e28dfdff3784a75f04d22e49b7],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\xuaniwp\dat\HrGHiMNGxqP.dll, Mis en quarantaine, [93e60e3558328aacf4af78597f866997],
PUP.Optional.BreakingNewsAlert.A, C:\ProgramData\xuaniwp\dat\rGzDuf.exe, Mis en quarantaine, [2a4fad96474348ee09a3c664e81a7090],
PUP.Optional.BreakingNewsAlert.A, C:\ProgramData\xuaniwp\dat\xsZTwGEuz.exe, Mis en quarantaine, [d7a259eae6a42511e2ca33f7d9292bd5],
PUP.Optional.ObjectBrowser.A, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\a8a08b0e-7414-4750-8caf-82daed3f2d85-5.exe, Mis en quarantaine, [2059ed562b5f2511b7547b9c14eecc34],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeNetFilter.sys, Mis en quarantaine, [8eeb97ac55351d19728a82aee220bc44],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeSvc.exe, Mis en quarantaine, [0871360d602ace686696a987b64c50b0],
PUP.Optional.SmartWeb.A, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\SmartWebHelper.exe, Mis en quarantaine, [dd9c60e3bfcbfc3aec5025d7f40dbe42],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\bugreport.exe, Mis en quarantaine, [da9f85be6129d75f14e8f23e8d75c937],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\curlpp.dll, Mis en quarantaine, [fc7d6fd4bfcb43f304f82a064db5da26],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\feedback.exe, Mis en quarantaine, [93e6d0731773cb6bd7254be517eb6e92],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\sqlite3.dll, Mis en quarantaine, [a8d10a398ffba195c7352d0323df40c0],
PUP.Optional.IePluginService.A, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\PluginService.exe, Mis en quarantaine, [235682c1157590a6cc4d6b16c93821df],
PUP.Optional.XTab.A, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\ProtectService.exe, Mis en quarantaine, [c3b6ea592c5e3bfb351cfa140df54bb5],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iCommon.dll, Mis en quarantaine, [4a2f98abb9d1d462877555db7d85d12f],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iCommu.dll, Mis en quarantaine, [5f1a7ac994f6d85eca3243ed956d6f91],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iddmgr.dll, Mis en quarantaine, [45345ae9b1d9cf67669648e8fb07cd33],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iDesk.exe, Mis en quarantaine, [1b5e5ae94941c0765e9ed15fff03bd43],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iDskDllPatch.dll, Mis en quarantaine, [700969da29618fa7e517c26efe04b24e],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iDskDllPatch64.dll, Mis en quarantaine, [a8d1e1629bef93a326d68ba5ad55e41c],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iImportLib.dll, Mis en quarantaine, [0772241ffd8d0333cd2fd25e92707987],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\ipcdl.exe, Mis en quarantaine, [0277a2a1d3b789ad6b9153ddc93916ea],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\ipcproxy.dll, Mis en quarantaine, [2950b78cbdcdf64039c381af02002ed2],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafe.exe, Mis en quarantaine, [6d0c21220684da5c6b9176bab64c1ae6],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafeadfv.dll, Mis en quarantaine, [b6c37bc85931e84eee0ed15f00025ca4],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeAdless.dll, Mis en quarantaine, [6d0c77cc15759b9bd9230030ca3813ed],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafebase.dll, Mis en quarantaine, [a6d3d56e7c0edd59df1d4de313ef5ca4],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafebs.dll, Mis en quarantaine, [98e197ac7a10d75f0cf0ca66fa085aa6],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeBugReport.exe, Mis en quarantaine, [fd7cf74c25654de9c13b2b05ba48bb45],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeCheckEngine.dll, Mis en quarantaine, [e2970e357614c175fefe2d03ea1807f9],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafechlp.dll, Mis en quarantaine, [205964dfa9e1231347b5c868bd458d73],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafeclc.dll, Mis en quarantaine, [7cfdfb48c1c9f6406a9270c0966cea16],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafeclcv.dll, Mis en quarantaine, [ff7a083b098193a330ccb67aab5741bf],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafeclean.dll, Mis en quarantaine, [750465de2b5ff24416e60927887a6d93],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeDisp.dll, Mis en quarantaine, [aecb51f276140c2a36c6e94727dbe31d],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeEngineBase.dll, Mis en quarantaine, [7ffa3112a9e11a1c1fdd9e92ee1414ec],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeEngineDisp.dll, Mis en quarantaine, [99e02d163e4c60d6738984ac8b777888],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\isafehrv.dll, Mis en quarantaine, [106975ce008a93a36f8df53ba85a08f8],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeKrnl.sys, Mis en quarantaine, [1b5e94af5f2b7eb81ddfeb45bb475da3],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeKrnlBoot.sys, Mis en quarantaine, [d6a362e1a1e9b58187757db35ca6b54b],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeKrnlKit.sys, Mis en quarantaine, [d4a522215a3055e146b6f04021e1d42c],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeKrnlMon.sys, Mis en quarantaine, [f8814003d1b9ff37649881afa1619769],
FraudTool.YAC, C:\Users\jean\AppData\Roaming\ZHP\Quarantine\iSafeKrnlR3.sys, Mis en quarantaine, [ea8fcf745535fc3ae418a38dc43e31cf],
PUP.Optional.StormWatch.A, C:\Users\jean\AppData\Local\Temp\setup_608.exe, Mis en quarantaine, [f78203404a4076c08a4385d022de1ae6],
PUP.Optional.SilentInstaller.A, C:\Users\jean\AppData\Local\Temp\setup_ra.exe, Mis en quarantaine, [b2c7c77c7e0cf73f35651bd7cc3602fe],
PUP.Optional.Amonetize.A, C:\Users\jean\AppData\Local\Temp\amiupdater112.exe, Mis en quarantaine, [86f3340fb5d538fe5bd0d88b0ff1966a],
PUP.Optional.Somoto, C:\Users\jean\AppData\Local\Temp\bitool.dll, Mis en quarantaine, [d5a45ee5543662d4bf6003499072b749],
PUP.Optional.CrossRider, C:\Users\jean\AppData\Local\Temp\is-QF467.tmp\components, Mis en quarantaine, [4e2b8ab92565ab8bf182e4fa3dc4758b],
PUP.Optional.CrossRider, C:\Users\jean\AppData\Local\Temp\DwlTempFolder\temp.exe, Mis en quarantaine, [9cdd0d36602a3cfa6d06a638b44dc43c],
PUP.Optional.CrossRider, C:\Users\jean\AppData\Local\Temp\Install_15664\ins_cr.exe, Mis en quarantaine, [2e4b54ef96f482b47ff4835bec1530d0],
PUP.Optional.CrossRider, C:\Users\jean\AppData\Local\Temp\Install_21483\ins_iwebar.exe, Mis en quarantaine, [fe7bd271f49648ee7ef5bf1fa55cf50b],
PUP.Optional.InstallCore, C:\Windows\Temp\ICReinstall_FileOpenerSetup.exe, Mis en quarantaine, [7801b98ac6c4c1758d9920280afb20e0],
PUP.Optional.Gambali.A, C:\Windows\Temp\Gambali.log, Mis en quarantaine, [6b0e3c0775159e9821fc9f08a55e2fd1],
PUP.Optional.Gambali.A, C:\Windows\Temp\Gambalir.log, Mis en quarantaine, [c0b98eb57515ec4a42dcf3b42cd79868],
PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf, Mis en quarantaine, [90e9c97a5a3045f15bc17632d72c32ce],
PUP.Optional.ABEngine.A, C:\Windows\Temp\abengine.log, Mis en quarantaine, [8eeba99a018945f17cc3d4d9e0236b95],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbia.exe, Mis en quarantaine, [21588ab9583275c1b521fa900ef5f010],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici32.dll, Mis en quarantaine, [21588ab9583275c1b521fa900ef5f010],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici64.dll, Mis en quarantaine, [21588ab9583275c1b521fa900ef5f010],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii32.exe, Mis en quarantaine, [21588ab9583275c1b521fa900ef5f010],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbii64.exe, Mis en quarantaine, [21588ab9583275c1b521fa900ef5f010],

Secteurs physiques: 0
(Aucun �l�ment malicieux d�tect�)


(end)

Publicité


Signaler le contenu de ce document

Publicité