cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 26/07/2015
Heure de l'analyse: 02:09
Fichier journal: Malware.txt
Administrateur: Oui

Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.07.25.04
Base de données de rootkits: v2015.07.22.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7
Processeur: x86
Système de fichiers: NTFS
Utilisateur: merouche

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 346804
Temps écoulé: 38 min, 52 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 1
PUP.Optional.CrossRider, C:\Program Files\fun4u\fun4u_notification_service.exe, 2152, Supprimer au redémarrage, [c434885d94f6b482d51d3b5029d8fe02]

Modules: 0
(Aucun élément malveillant détecté)

Clés du registre: 15
PUP.Optional.MultiPlug, HKU\S-1-5-21-284228270-2566594743-542274357-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}, En quarantaine, [98603ea71b6f1422637946814ab849b7],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SmdmF, En quarantaine, [50a811d47a10b77fc518a0917192ae52],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, En quarantaine, [bd3b82630a80b581e8cd2fdea55ea759],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, En quarantaine, [42b6ac39d6b481b5c1553663778dae52],
PUP.Optional.RadioCanyon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Radio Canyon, En quarantaine, [57a1c5205535bf770b7f592e52b250b0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3D6B5446-5DEA-43F2-A99F-5E7E12B79978}, En quarantaine, [27d123c28a004fe7ba7aa5f1d52fbc44],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4131AC32-BFB7-4A6B-8642-CC576C0D99F6}, En quarantaine, [04f4f8edfa909a9c2c06247213f16a96],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4244CF16-BE9A-44B9-9071-D1F2B5154AC0}, En quarantaine, [d12705e0e9a15fd79e96187e040055ab],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E10E924-6DE0-4E97-9A9D-10323786C9CB}, En quarantaine, [15e3529321690c2a93a02c6ae91b2bd5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{90B903EC-37AC-4A66-98BA-13885D599DB8}, En quarantaine, [9d5bffe6e4a6063086adc7cf1fe53cc4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE7A0C38-C3FB-4B63-A4F1-946388ABE1F1}, En quarantaine, [8276dc0992f8c86e44f01d7920e42cd4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C73619CB-E7B0-4781-9261-E3F3EDCE6649}, En quarantaine, [f9ff5a8bbecce056a98a474f7e86de22],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1B69AE0-F9AB-479B-BE20-9D32E871CFB4}, En quarantaine, [a2564f961e6cd85e6bc9ddb9f80c07f9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E01BC231-4B94-493C-9A47-DF6E8B6E4DE7}, En quarantaine, [39bf40a54644bf77260e742243c10af6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F54D01F1-1C03-4FFB-BD8C-DF6C03DEA160}, En quarantaine, [7187ffe65d2d62d41e155d39f70da759],

Valeurs du registre: 12
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, En quarantaine, [42b6ac39d6b481b5c1553663778dae52]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3d6b5446-5dea-43f2-a99f-5e7e12b79978}|AppName, Radio Canyon-codedownloader.exe, En quarantaine, [27d123c28a004fe7ba7aa5f1d52fbc44]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4131ac32-bfb7-4a6b-8642-cc576c0d99f6}|AppName, Radio Canyon-bg.exe, En quarantaine, [04f4f8edfa909a9c2c06247213f16a96]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4244CF16-BE9A-44B9-9071-D1F2B5154AC0}|AppName, 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-2.exe-codedownloader.exe, En quarantaine, [d12705e0e9a15fd79e96187e040055ab]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E10E924-6DE0-4E97-9A9D-10323786C9CB}|AppName, 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-2.exe-buttonutil.exe, En quarantaine, [15e3529321690c2a93a02c6ae91b2bd5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{90B903EC-37AC-4A66-98BA-13885D599DB8}|AppName, 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-2.exe-buttonutil.exe, En quarantaine, [9d5bffe6e4a6063086adc7cf1fe53cc4]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE7A0C38-C3FB-4B63-A4F1-946388ABE1F1}|AppName, 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-2.exe-codedownloader.exe, En quarantaine, [8276dc0992f8c86e44f01d7920e42cd4]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C73619CB-E7B0-4781-9261-E3F3EDCE6649}|AppName, 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-2.exe-buttonutil.exe, En quarantaine, [f9ff5a8bbecce056a98a474f7e86de22]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1B69AE0-F9AB-479B-BE20-9D32E871CFB4}|AppName, 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-2.exe-codedownloader.exe, En quarantaine, [a2564f961e6cd85e6bc9ddb9f80c07f9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E01BC231-4B94-493C-9A47-DF6E8B6E4DE7}|AppName, 5e10e201-2f50-4d2e-9d23-6e5026ae19a9-2.exe-codedownloader.exe, En quarantaine, [39bf40a54644bf77260e742243c10af6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f54d01f1-1c03-4ffb-bd8c-df6c03dea160}|AppName, Radio Canyon-buttonutil.exe, En quarantaine, [7187ffe65d2d62d41e155d39f70da759]
PUP.Vulnerable.DellSystemDetect, HKU\S-1-5-21-284228270-2566594743-542274357-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\merouche\AppData\Local\Apps\2.0\H60KTREA.9ET\VZX3X2XV.VKP\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe, En quarantaine, [6a8ef9ec0e7c0630d632c847e81b13ed]

Données du registre: 0
(Aucun élément malveillant détecté)

Dossiers: 8
PUP.Optional.MultiPlug.Gen, C:\ProgramData\13112153066417625354, En quarantaine, [1cdcedf85733ab8bfbc347590ef6c937],
PUP.Optional.Datamngr.A, C:\Users\merouche\AppData\LocalLow\DataMngr, En quarantaine, [7d7b0bda0288b97d7503b4296d9533cd],
PUP.Optional.Fun4U.A, C:\Program Files\fun4u, Supprimer au redémarrage, [3abe90557119d660674d3cc8b2519a66],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\chrome, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\chrome\content, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\defaults, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\defaults\preferences, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],

Fichiers: 13
PUP.Optional.CrossRider, C:\Program Files\fun4u\fun4u_notification_service.exe, Supprimer au redémarrage, [c434885d94f6b482d51d3b5029d8fe02],
PUP.Optional.CrossRider, C:\Program Files\fun4u\fun4u_updating_service.exe, En quarantaine, [05f3eef7d9b166d0c02c652536cb49b7],
PUP.Optional.Solimba, C:\$Recycle.Bin\S-1-5-21-284228270-2566594743-542274357-1000\$RGN9RH9.exe, En quarantaine, [b04825c083079c9ad7d7e3ced72a20e0],
PUP.Optional.Updating.A, C:\Windows\System32\Tasks\fun4u_updating_service, En quarantaine, [9a5eb035503a0f2770e4e925ea1904fc],
PUP.Optional.Updating.A, C:\Windows\Tasks\fun4u_updating_service.job, En quarantaine, [e513d60f8a004fe70d482de1798aad53],
Rootkit.ADS, c:\Users\merouche\AppData\local:init, En quarantaine, [bd3b3fa6abdfc274c2c8702c0df703fd],
Trojan.Dropped.E, C:\Users\merouche\AppData\Local\Temp\tmp750.tmp.exe, En quarantaine, [29cfd3125c2e270fd835514db1535aa6],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\13112153066417625354\cd5b15e575e1c3d0f22e4e04ef8cff85.ini, En quarantaine, [1cdcedf85733ab8bfbc347590ef6c937],
PUP.Optional.Datamngr.A, C:\Users\merouche\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}, En quarantaine, [7d7b0bda0288b97d7503b4296d9533cd],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\chrome.manifest, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\install.rdf, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\chrome\content\browser.xul, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],
PUP.Optional.Fun4U.A, C:\Users\merouche\AppData\Roaming\Mozilla\Firefox\Profiles\2f2br5dz.default\extensions\S0YgclYmK@gmail.com\chrome\content\main.js, En quarantaine, [ac4cac39e2a8f3430f6bef82a85da45c],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité