cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 02/06/2015
Heure de l'examen: 22:16:06
Fichier journal: MBAM.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de donn�es Malveillants: v2015.06.02.05
Base de donn�es Rootkits: v2015.06.02.01
Licence: Gratuit
Protection contre les malveillants: D�sactiv�(e)
Protection contre les sites Web malveillants: D�sactiv�(e)
Auto-protection: D�sactiv�(e)

Syst�me d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Syst�me de fichiers: NTFS
Utilisateur: Marine

Type d'examen: Examen "Menaces"
R�sultat: Termin�
Objets analys�s: 427762
Temps �coul�: 14 min, 27 sec

M�moire: Activ�(e)
D�marrage: Activ�(e)
Syst�me de fichiers: Activ�(e)
Archives: Activ�(e)
Rootkits: Activ�(e)
Heuristique: Activ�(e)
PUP: Activ�(e)
PUM: Activ�(e)

Processus: 0
(Aucun �l�ment malicieux d�tect�)

Modules: 0
(Aucun �l�ment malicieux d�tect�)

Cl�s du Registre: 7
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR, Mis en quarantaine, [5f8edbda216940f68b54235d5aabc040],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Mis en quarantaine, [30bd2b8aafdb78beb6f930b5c43f8977],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Mis en quarantaine, [6e7f298c3b4fc67092aabac121e4956b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C6BF84A-D3A6-4A7C-9273-FCFF7CB41119}, Mis en quarantaine, [9d501b9a97f337ffe7b16d1040c531cf],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{888204A2-637E-46E1-844E-CD3755EC49D9}, Mis en quarantaine, [0edf4273701ae3536633e39a63a2f709],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A38BE74A-2ECD-4E73-8FA9-EA692B5E47C7}, Mis en quarantaine, [ffee7342f09a2b0b71287effa65f4eb2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A39F967C-7B34-4DFF-A134-78BDBC32C768}, Mis en quarantaine, [6d805263c3c72511baded9a41ce912ee],

Valeurs du Registre: 14
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [09e47f36701ad1650dd1d3ad17eeae52]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [6489d9dc54361b1bebf3a3dddd280cf4]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [529b20956a204fe72db1116f2ed753ad]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [1ecffabb4d3df2449a443c44c34257a9]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\SettingsManagerSetup.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [f5f8b0051674c57100de631d1aeb21df]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\SetupDataMngr_iLivid.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [7e6f4d682a60e2545589fb85ad58f20e]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\SetupDataMngr_iMesh.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [54994b6aeb9f78bed6082957f60f6898]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [c8258134e2a875c1f3eb7d030500f20e]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [f8f5882d5733b77f02dccfb159ac659b]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130667643299801491, Mis en quarantaine, [5f8edbda216940f68b54235d5aabc040]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C6BF84A-D3A6-4A7C-9273-FCFF7CB41119}|AppName, 94b0be98-d78d-410b-a7d5-84d9da3026fa-2.exe-buttonutil.exe, Mis en quarantaine, [9d501b9a97f337ffe7b16d1040c531cf]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{888204A2-637E-46E1-844E-CD3755EC49D9}|AppName, 94b0be98-d78d-410b-a7d5-84d9da3026fa-2.exe-codedownloader.exe, Mis en quarantaine, [0edf4273701ae3536633e39a63a2f709]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A38BE74A-2ECD-4E73-8FA9-EA692B5E47C7}|AppName, 94b0be98-d78d-410b-a7d5-84d9da3026fa-2.exe-codedownloader.exe, Mis en quarantaine, [ffee7342f09a2b0b71287effa65f4eb2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3760882640-1204588242-435235994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A39F967C-7B34-4DFF-A134-78BDBC32C768}|AppName, 94b0be98-d78d-410b-a7d5-84d9da3026fa-2.exe-buttonutil.exe, Mis en quarantaine, [6d805263c3c72511baded9a41ce912ee]

Donn�es du Registre: 0
(Aucun �l�ment malicieux d�tect�)

Dossiers: 2
PUP.Optional.PullUpdate.A, C:\ProgramData\nZGrEAfW\dat, Mis en quarantaine, [7e6fa70ed5b50e28914f165aeb1bf30d],
PUP.Optional.PullUpdate.A, C:\ProgramData\nZGrEAfW, Mis en quarantaine, [7e6fa70ed5b50e28914f165aeb1bf30d],

Fichiers: 7
PUP.Optional.PullUpdate.SID.C, C:\ProgramData\nZGrEAfW\dat\QPrUwiQ.dll, Mis en quarantaine, [c32ab8fd7c0e00361fccbcb23fc7966a],
PUP.Optional.SoftPulse, C:\$RECYCLE.BIN\S-1-5-21-3760882640-1204588242-435235994-1000\$RLLPP9W\ChromeSetup[1].exe, Mis en quarantaine, [c627c7ee3a5068ce27818bdf7f8111ef],
PUP.Optional.PullUpdate.A, C:\ProgramData\nZGrEAfW\dat\GkhsEGYThmb.exe.config, Mis en quarantaine, [7e6fa70ed5b50e28914f165aeb1bf30d],
PUP.Optional.PullUpdate.A, C:\ProgramData\nZGrEAfW\dat\pedcYR.exe.config, Mis en quarantaine, [7e6fa70ed5b50e28914f165aeb1bf30d],
PUP.Optional.PullUpdate.A, C:\ProgramData\nZGrEAfW\info.dat, Mis en quarantaine, [7e6fa70ed5b50e28914f165aeb1bf30d],
PUP.Optional.PullUpdate.A, C:\ProgramData\nZGrEAfW\QXulaCpnF.dat, Mis en quarantaine, [7e6fa70ed5b50e28914f165aeb1bf30d],
PUP.Optional.PullUpdate.A, C:\ProgramData\nZGrEAfW\QXulaCpnF.exe.config, Mis en quarantaine, [7e6fa70ed5b50e28914f165aeb1bf30d],

Secteurs physiques: 0
(Aucun �l�ment malicieux d�tect�)


(end)

Publicité


Signaler le contenu de ce document

Publicité