cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 23/08/2015
Heure de l'analyse: 13:39
Fichier journal: malwarebytes.txt
Administrateur: Oui

Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.08.23.02
Base de données de rootkits: v2015.08.16.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Jean-Baptiste

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 515796
Temps écoulé: 27 min, 53 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du registre: 23
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, En quarantaine, [c47a38d4d0bb9f973db9425c7290ff01],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, En quarantaine, [c47a38d4d0bb9f973db9425c7290ff01],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, En quarantaine, [c47a38d4d0bb9f973db9425c7290ff01],
PUP.Optional.AnyProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\APSnotifierPP1, Supprimer au redémarrage, [e35ba7653853fc3af91c17074cb70ef2],
PUP.Optional.AnyProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\APSnotifierPP2, Supprimer au redémarrage, [57e7eb21added066e62f20fef90a18e8],
PUP.Optional.AnyProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\APSnotifierPP3, Supprimer au redémarrage, [8db144c8b2d9181e5abbef2fcc374fb1],
PUP.Optional.SmartWeb.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SmartWeb Upgrade Trigger Task, Supprimer au redémarrage, [0737f913d2b990a64d0d6faedd260af6],
PUP.Optional.ShopperPro.F, HKLM\SOFTWARE\SHOPPERPRO, En quarantaine, [72ccd834bccfe3535dd6516534d0fe02],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, En quarantaine, [e45aba52d9b2e056b2ad041feb1846ba],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, En quarantaine, [d8667498e2a9092d0ac33968af558977],
PUP.Optional.Tuto4PC.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, En quarantaine, [ba8412fafb90a49209f1b8fef410cd33],
Rootkit.cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, En quarantaine, [a19db557becde94dcbf41b16bd464ab6],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CIZOJEKE, En quarantaine, [78c6719bcbc0af87fa5e376ac14354ac],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\COMYNINU, En quarantaine, [132ba56796f592a4bb9d515056aefa06],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HYVERUMU, En quarantaine, [fb4333d93259e74f80d8d2cf1de77090],
PUP.Optional.Shopperz.A, HKU\S-1-5-18\SOFTWARE\{98AD4C4E-92AB-47B9-A529-A437E2E545E0}, En quarantaine, [1b23d23a701bfc3ae3e56a479a6a47b9],
PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{98AD4C4E-92AB-47B9-A529-A437E2E545E0}, En quarantaine, [a29c7696c0cb9b9b3a8ec8e9be46c33d],
PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{98AD4C4E-92AB-47B9-A529-A437E2E545E0}, En quarantaine, [dc62f715f19aee484088e9c84aba14ec],
PUP.Optional.AnyProtect, HKU\S-1-5-21-2399764406-2809164467-3048987483-1000\SOFTWARE\ANYPROTECT, En quarantaine, [de60000c42490e28fbfdb4fde51f12ee],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2399764406-2809164467-3048987483-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, En quarantaine, [7fbf9478d9b255e10b8193fab94bbf41],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-2399764406-2809164467-3048987483-1000\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, En quarantaine, [b48ac943c1cae2549783c0d3e81cba46],
PUP.Optional.Shopperz.A, HKU\S-1-5-21-2399764406-2809164467-3048987483-1000\SOFTWARE\{98AD4C4E-92AB-47B9-A529-A437E2E545E0}, En quarantaine, [ba84d5378605072f4e7a644d34d0da26],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, En quarantaine, [073740cc236846f080c1f46af70e03fd],

Valeurs du registre: 16
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{3ea54411-9f2a-4a18-a93a-84312350f7c1}, C:\Program Files\shopperz12082015\Firefox, En quarantaine, [74ca39d3c0cb70c61ab09d14d3318878]
PUP.Optional.ShopperPro.F, HKLM\SOFTWARE\SHOPPERPRO|DBLOCATION, C:\ProgramData\ShopperPro, En quarantaine, [72ccd834bccfe3535dd6516534d0fe02]
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, Crossbrowse, En quarantaine, [54ea2be1d8b33204d1fd21fa4cb79f61]
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, En quarantaine, [6cd22be112793df905c90417689bb14f]
PUP.Optional.CrossBrowse.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, Crossbrowse, En quarantaine, [d86653b91873d66027a7d4473cc7e31d]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_fr_005010063, En quarantaine, [251939d35734f442f94856e1699aa35d],
PUP.Optional.Shopperz.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{3ea54411-9f2a-4a18-a93a-84312350f7c1}, C:\Program Files\shopperz12082015\Firefox, En quarantaine, [f846f8141477cf67b8125e5313f1da26]
PUP.Optional.Tuto4PC.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 20A00617-5AF6-4057-918D-2CA179BE9473, En quarantaine, [ba8412fafb90a49209f1b8fef410cd33]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cizojeke|ImagePath, C:\Program Files (x86)\00000000-1439843990-0000-0000-00241DC16378\knsr27BE.tmp, En quarantaine, [78c6719bcbc0af87fa5e376ac14354ac]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\comyninu|ImagePath, C:\Program Files (x86)\00000000-1439843990-0000-0000-00241DC16378\hnssA639.tmp, En quarantaine, [132ba56796f592a4bb9d515056aefa06]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\hyverumu|ImagePath, C:\Program Files (x86)\00000000-1439843990-0000-0000-00241DC16378\jnsu9119.tmp, En quarantaine, [fb4333d93259e74f80d8d2cf1de77090]
PUP.Optional.Shopperz.A, HKU\S-1-5-18\SOFTWARE\{98ad4c4e-92ab-47b9-a529-a437e2e545e0}|Name, C:\Program Files\shopperz12082015\Tuejet.exe, En quarantaine, [1b23d23a701bfc3ae3e56a479a6a47b9]
PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{98ad4c4e-92ab-47b9-a529-a437e2e545e0}|Name, C:\Program Files\shopperz12082015\Tuejet.exe, En quarantaine, [a29c7696c0cb9b9b3a8ec8e9be46c33d]
PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{98ad4c4e-92ab-47b9-a529-a437e2e545e0}|Name, C:\Program Files\shopperz12082015\Tuejet.exe, En quarantaine, [dc62f715f19aee484088e9c84aba14ec]
PUP.Optional.AnyProtect, HKU\S-1-5-21-2399764406-2809164467-3048987483-1000\SOFTWARE\ANYPROTECT|ABTest, {"general":{"test_id":"B6","installer_pre_page":true,"scanner_pre_page":false},"1":{"email_check":true},"7":{"notification_20_mins":"3A"},"9":{"scan_page_id":2},"12":{"upclick_exit_show":false,"upclick_exit_countries":{"US":{"phone":"(855) 602-9762"},"CA":{"phone":"(855) 602-9762"},"UK":{"phone":"0800 031 4647"},"GB":{"phone":"0800 031 4647"},"AU":{"phone":"1800-762-367"}}},"14":{"upclick_scan_id_show":false,"upclick_scan_id":"000-000-000"},"15":{"upclick_bottom_offer_show":false,"upclick_bottom_offer_countries":{"US":{"phone":"(855) 602-9762"},"GB":{"phone":"0800 031 4647"},"UK":{"phone":"0800 031 4647"},"DE":{"phone":"800-182-0188"},"CA":{"phone":"(855) 602-9762"},"AU":{"phone":"1800-762-367"},"FR":{"phone":"9 75 18 72 00"}}},"18":{"movie":1}}, En quarantaine, [de60000c42490e28fbfdb4fde51f12ee]
PUP.Optional.Shopperz.A, HKU\S-1-5-21-2399764406-2809164467-3048987483-1000\SOFTWARE\{98ad4c4e-92ab-47b9-a529-a437e2e545e0}|Name, C:\Program Files\shopperz12082015\Tuejet.exe, En quarantaine, [ba84d5378605072f4e7a644d34d0da26]

Données du registre: 0
(Aucun élément malveillant détecté)

Dossiers: 1
PUP.Optional.Shopperz.A, C:\Program Files\shopperz12082015, En quarantaine, [eb53ff0d5437ca6c3da81602ae556799],

Fichiers: 38
Rootkit.Agent.A, C:\WINDOWS\SYSTEM32\drivers\bsdriver.sys, Supprimer au redémarrage, [9cab01e46d49f8e8c7167ca964fd681c],
PUP.Optional.Cherimoya.A, C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys, Supprimer au redémarrage, [0da3fbc2ece10bf259f3f4f2fe08fe86],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9f2ac096-af5a-4c47-ab9d-0efd1379eed3}Gw64.sys, Supprimer au redémarrage, [3dae1d6462b5cf81f62b293f7778feb3],
PUP.Optional.AnyProtect, C:\Users\J-B\AppData\Roaming\ZHP\Quarantine\nsu514.tmp, En quarantaine, [46f8b85496f51b1b64d43c4bb84a48b8],
PUP.Optional.Shopperz.A, C:\Program Files\shopperz12082015\Yyoihge64.dll, En quarantaine, [9aa458b4761570c699f0f09d7c89728e],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\Uiviuuj64.dll, Supprimer au redémarrage, [2519719b91fa20168133765725dc748c],
PUP.Optional.CrossRider.A, C:\Windows\SysWOW64\b5.exe, En quarantaine, [39059d6f4e3d4bebbbcdd8c255ac2bd5],
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\Uiviuuj.dll, Supprimer au redémarrage, [5fdf27e59eed0d295a59e8e5cb36f010],
PUP.Optional.Crossrider.C, C:\Users\J-B\AppData\Local\Temp\3388.exe, En quarantaine, [1628c745cac133036e102a6325e00bf5],
PUP.Optional.Installcore, C:\Users\J-B\AppData\Local\Temp\AirParrot 2 Patcher Downloader__3687_i1586344360.exe, En quarantaine, [1d21bb517c0f70c65def602d788d0ff1],
PUP.Optional.Amonetize.A, C:\Users\J-B\AppData\Local\Temp\amiupdater2248.exe, En quarantaine, [54ea7894b9d280b6af8ea0a00ef2936d],
Trojan.Agent, C:\Users\J-B\AppData\Local\Temp\oprun28423.exe, En quarantaine, [b68893795635ca6cd4f93316cb3af50b],
PUP.Optional.Komodia, C:\Users\J-B\AppData\Local\Temp\oprun622.exe, En quarantaine, [b08ecc408ffcee489818705df1104fb1],
Adware.Imali, C:\Users\J-B\AppData\Local\Temp\fsd588A.exe, En quarantaine, [58e6d8345b3074c2ddce3b92ec1522de],
PUP.Optional.SmartWeb.A, C:\Users\J-B\AppData\Local\Temp\nsmABF9.tmp\SmartWebInstallerHelperDll.dll, En quarantaine, [90aef8142a612c0a11fd0849e91830d0],
PUP.Optional.CheckOffer, C:\Users\J-B\AppData\Local\Temp\nso52B1.tmp\nsCBHTML5.dll, En quarantaine, [ff3fa9631a713cfa37cc297c81808c74],
PUP.Optional.OfferInstaller.C, C:\Users\J-B\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, En quarantaine, [65d9b9539eedab8b0dfc651d35ccf709],
Trojan.Dropper, C:\Users\J-B\AppData\Local\Temp\Install_9094\ins_cr.exe, En quarantaine, [b787bf4d652621154df34c33857c916f],
Trojan.Dropper, C:\Users\J-B\AppData\Local\Temp\Install_9094\ins_iwebar.exe, En quarantaine, [3d019a727516013508389ce325dcab55],
PUP.Optional.Tuto4PC.A, C:\Users\J-B\AppData\Local\Temp\is-1F8AC.tmp\gentlemjmp_ieu.exe, En quarantaine, [6dd165a7187350e6eed2e4a78085eb15],
PUP.Optional.Tuto4PC.A, C:\Users\J-B\AppData\Local\Temp\is-KGHBS.tmp\gentlemjmp_ieu.exe, En quarantaine, [f24ca666eba0e94d932d3259f41124dc],
PUP.Optional.SmartWeb.A, C:\Users\J-B\AppData\Local\SmartWeb\__u.exe, En quarantaine, [211d1defb6d542f4917d5bf60001d32d],
PUP.Optional.Boxore, C:\Windows\Installer\792cf2b.msi, En quarantaine, [61ddc943c8c3ac8a8aa38f438f72d52b],
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\Uiviuuj.ini, En quarantaine, [fe40ed1f95f6fe38c6f064b7fb089d63],
PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\UiviuujOff.ini, En quarantaine, [d668b15b75161c1a2c8ccd4e26dd8779],
PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\UiviuujOff.ini, En quarantaine, [a99528e4860564d2cdeb011adb2838c8],
PUP.Optional.IQIYI.A, C:\Windows\Fonts\iqiyi_logo.ttf, En quarantaine, [2c129d6f04870333f1009f80ae55639d],
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP1.job, En quarantaine, [27170efe7318d66074b9e442d033cb35],
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP2.job, En quarantaine, [1e2056b60e7d93a37cb1fa2c758e1ae6],
PUP.Optional.AnyProtect.A, C:\Windows\Tasks\APSnotifierPP3.job, En quarantaine, [2d117f8d563551e57ab39690f3101fe1],
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP1, En quarantaine, [99a5d23a73187fb788a6d254e51ead53],
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP2, En quarantaine, [89b58b818efd43f33bf361c5897a03fd],
PUP.Optional.AnyProtect.A, C:\Windows\System32\Tasks\APSnotifierPP3, En quarantaine, [3905f6168ffc2a0cb678e93dbc475aa6],
PUP.Optional.SmartWeb.A, C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task, En quarantaine, [2d1132daf8933afc3e7ae652669d9c64],
PUP.Optional.SoftwareUpdate.A, C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe, En quarantaine, [46f841cbc7c472c4b69dacb2ab584fb1],
Trojan.Agent, C:\Users\J-B\AppData\Local\Temp\oprun622.exe, En quarantaine, [35096d9fec9f9a9c5a9b0eb227dc6f91],
PUP.Optional.CrossRider.A, C:\Users\J-B\AppData\Roaming\Mozilla\Firefox\Profiles\87i6ek9s.default-1439844932897\prefs.js, Bon : (), Mauvais : (user_pref("extensions.crossrider.bic", "14f3dc094643f8066b0ac1142d230b94");), Remplacé,[a698f6166526bb7b6a46078bf11406fa]
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\fhp\iqao\janf.dat, En quarantaine, [a698a864c9c231056eb0c5cfe421f30d],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité