cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 30/08/2015
Heure de l'analyse: 22:22
Fichier journal: MBAM.TXT
Administrateur: Oui

Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.08.30.01
Base de données de rootkits: v2015.08.16.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Anthony Rams

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 423730
Temps écoulé: 1 h, 38 min, 48 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du registre: 18
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\CLSID\{5FF384C8-1B2A-51A6-6841-BDCD8C9DC31D}, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\CheapMoe.CheapMoe, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\CheapMoe.CheapMoe.5.1, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CheapMoe.CheapMoe, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CheapMoe.CheapMoe.5.1, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CheapMoe.CheapMoe, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CheapMoe.CheapMoe.5.1, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKU\S-1-5-21-1680867573-958868465-3382194254-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5FF384C8-1B2A-51A6-6841-BDCD8C9DC31D}, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\CLSID\{231374B8-590E-15C9-7866-D898C5089824}, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\RaenDoMPricea.RaenDoMPricea, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\RaenDoMPricea.RaenDoMPricea.6.1, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\RaenDoMPricea.RaenDoMPricea, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\RaenDoMPricea.RaenDoMPricea.6.1, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\RaenDoMPricea.RaenDoMPricea, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\RaenDoMPricea.RaenDoMPricea.6.1, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.MultiPlug.BHO64, HKU\S-1-5-21-1680867573-958868465-3382194254-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{231374B8-590E-15C9-7866-D898C5089824}, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, En quarantaine, [8f6a30de9fecac8ad4f1115d1fe532ce],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, En quarantaine, [47b221ed0c7f46f0fbca6a04c83c5aa6],

Valeurs du registre: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, En quarantaine, [8f6a30de9fecac8ad4f1115d1fe532ce]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, En quarantaine, [47b221ed0c7f46f0fbca6a04c83c5aa6]

Données du registre: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[cf2a5eb04b40fb3bd7d183d811f4a957]

Dossiers: 3
PUP.Optional.CheapMe, C:\ProgramData\CheapMe, En quarantaine, [e0190707b3d85bdb59666297ab57946c],
PUP.Optional.DataMngr, C:\Users\Anthony Rams\AppData\LocalLow\DataMngr, En quarantaine, [49b0000e7318ad89d93410f4758ed030],
PUP.Optional.RandomPrice, C:\ProgramData\RandomPrice, En quarantaine, [4cada7672c5f280eb8fe55bf9c6742be],

Fichiers: 29
PUP.Optional.MultiPlug.BHO64, C:\ProgramData\CheapMe\d.x64.dll, En quarantaine, [bc3d848a24674beb3def8a44ae53eb15],
PUP.Optional.MultiPlug.BHO64, C:\ProgramData\RandomPrice\3.x64.dll, En quarantaine, [0cedfc12c0cb8da9210bc509fe03fc04],
PUP.Optional.InstallRex, C:\ProgramData\InstallMate\{8CCF2A6A-C63C-4D9B-AF70-8E1E572C089C}\Custom.dll, En quarantaine, [39c0ed21b0db5dd92b3a616cae5352ae],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe, En quarantaine, [7188dc32fb90a195e300f710da2b857b],
PUP.Optional.Solimba, C:\Users\Anthony Rams\Downloads\Clash Of Clans pour PC.exe, En quarantaine, [e613fd11ff8c9b9bbe650a876d986b95],
PUP.Optional.SnapDo, C:\Windows\Installer\112662.msi, En quarantaine, [4dac60ae0e7d95a1d0518a4b09f8e020],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf, En quarantaine, [3dbc9e70aae18da9a01ce179e42006fa],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf, En quarantaine, [21d8b757d7b4dd59ffbdc09a16ee956b],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd, En quarantaine, [76833cd2b2d9c57146777fdb6a9a11ef],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd, En quarantaine, [d920e628eaa19f979627ec6e2fd557a9],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd, En quarantaine, [be3bd23c216af442dfde0f4be91be21e],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd, En quarantaine, [31c87a94107b122402bb87d3768e8f71],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd, En quarantaine, [8376a6682566201611ac6eec7e86728e],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd, En quarantaine, [fffafc122566b87e6558e57527dd9c64],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd, En quarantaine, [1adfe628f5960f27a01da5b563a139c7],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd, En quarantaine, [d52424ea95f673c39627be9cc93b7a86],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd, En quarantaine, [7a7fc846ee9de94dd0ed72e853b1de22],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\select.pyd, En quarantaine, [3abf749a94f7af87f1ccb1a9e51f46ba],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd, En quarantaine, [15e467a76b20f343714cc09a659f0ff1],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd, En quarantaine, [e514000e6c1fe254823b2436669ea45c],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\_socket.pyd, En quarantaine, [9b5e5eb027646bcbb508322832d214ec],
Trojan.BtcMiner.TS, C:\ProgramData\Microsoft\Windows\Time\library.zip, En quarantaine, [1edbcc42b6d577bf2f8f5505808430d0],
PUP.Optional.ContinueToSave, C:\Users\Anthony Rams\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal, En quarantaine, [e8112ce20c7fd066def7a9daa06417e9],
PUP.Optional.CheapMe, C:\ProgramData\CheapMe\d.dat, En quarantaine, [e0190707b3d85bdb59666297ab57946c],
PUP.Optional.CheapMe, C:\ProgramData\CheapMe\d.tlb, En quarantaine, [e0190707b3d85bdb59666297ab57946c],
PUP.Optional.DataMngr, C:\Users\Anthony Rams\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, En quarantaine, [49b0000e7318ad89d93410f4758ed030],
PUP.Optional.DataMngr, C:\Users\Anthony Rams\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, En quarantaine, [49b0000e7318ad89d93410f4758ed030],
PUP.Optional.RandomPrice, C:\ProgramData\RandomPrice\3.dat, En quarantaine, [4cada7672c5f280eb8fe55bf9c6742be],
PUP.Optional.RandomPrice, C:\ProgramData\RandomPrice\3.tlb, En quarantaine, [4cada7672c5f280eb8fe55bf9c6742be],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité