cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 18/09/2015
Heure de l'analyse: 05:32
Fichier journal:
Administrateur: Oui

Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.09.18.01
Base de données de rootkits: v2015.08.16.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 3
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Serveur

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 405310
Temps écoulé: 24 min, 21 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 2
RiskWare.Tool.CK, C:\Windows\KMService.exe, 1916, Supprimer au redémarrage, [aaaf6fc2088373c3299921f5e220c23e]
Trojan.Injector.MSIL, C:\Users\Serveur\AppData\Local\Vaiaholding.exe, 1408, Supprimer au redémarrage, [ba9f9a97682348ee510f362e9570768a]

Modules: 0
(Aucun élément malveillant détecté)

Clés du registre: 10
Trojan.Injector.MSIL, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\prodlctweoprvduct, En quarantaine, [ba9f9a97682348ee510f362e9570768a],
PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe, En quarantaine, [4e0bfe3393f8a78fbbed3e447d87e41c],
PUP.Optional.IQIYIVideo, HKLM\SOFTWARE\MOZILLAPLUGINS\@iqiyi.com/npWebPlayer, En quarantaine, [06532d046229ef476386f8a622e25ba5],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtGravelex, En quarantaine, [ba9fb37e563513239e53903ecf3543bd],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Gravelex_RASAPI32, En quarantaine, [eb6eac858ffc9e9842b026a89371b848],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Gravelex_RASMANCS, En quarantaine, [44153ff26724280ec42ee1ed6a9aa759],
PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe, En quarantaine, [0e4bec458b00280e6f39bfc353b10af6],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE, En quarantaine, [ef6aa190f09bd85ea0e0acf5b450629e],
PUP.Optional.InstallCore, HKU\S-1-5-21-2322670580-2827344259-666903922-1016\SOFTWARE\ICSW1.14, En quarantaine, [9abf2c0537548aac7115316d1fe52fd1],
Malware.Trace, HKU\S-1-5-21-2322670580-2827344259-666903922-1016\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SrvID, En quarantaine, [ec6df43d1f6cc57151433d83b94a837d],

Valeurs du registre: 3
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}, En quarantaine, [b3a690a118733cfa4f0ee793fe066799]
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE|ImagePath, C:\ProgramData\Saophase\Saophase.exe, En quarantaine, [ef6aa190f09bd85ea0e0acf5b450629e]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2322670580-2827344259-666903922-1016\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}, En quarantaine, [6eeb76bb0883c96d15456c0eae56b14f]

Données du registre: 7
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Bon : (0), Mauvais : (1),Remplacé,[3d1cde53deadf14583fe244571945aa6]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Bon : (0), Mauvais : (1),Remplacé,[4f0af9383853f0465b270c5d2fd647b9]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({ielnksrch}),Remplacé,[b0a98aa75f2c023445a26e004abbc937]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2322670580-2827344259-666903922-1016\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}),Remplacé,[3d1cb57c7c0f290d726f27472dd82bd5]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2322670580-2827344259-666903922-1016\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}),Remplacé,[afaaec45b8d3ff376b76c8a69471e61a]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2322670580-2827344259-666903922-1016\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}),Remplacé,[72e7c26f206b60d6845d9fcfe91cf30d]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2322670580-2827344259-666903922-1016\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1LDXFqMqMm8SRVtiGA7bJeNhsSJym4D3SHtBtyqNU1uyX47JsoxsFDTnWh-iHZx_otTngmMZVsCm-P5bA2_tuQiVPnMaMO7g19mpQaOYOdiOf3A0DertCIJ3S59le_YyhBGdN8coKd-J-uzndUD0xDAJlMVLg,,&q={searchTerms}),Remplacé,[5efba9887219dc5a1bc84a24867f4db3]

Dossiers: 1
PUP.Optional.Linkury, C:\ProgramData\Gravelexs, En quarantaine, [ce8b9c951576ff37380794983fc49c64],

Fichiers: 16
RiskWare.Tool.CK, C:\Windows\KMService.exe, Supprimer au redémarrage, [aaaf6fc2088373c3299921f5e220c23e],
Trojan.Injector.MSIL, C:\Users\Serveur\AppData\Local\Vaiaholding.exe, Supprimer au redémarrage, [ba9f9a97682348ee510f362e9570768a],
PUP.Optional.HideBaid, C:\Program Files (x86)\baidu\Bind.exe, En quarantaine, [ce8b0a278cff38fe80f6943a16ebb54b],
PUP.Optional.HideBaid, C:\Program Files (x86)\baidu\pps.exe, En quarantaine, [8fca9a977f0c6ec8bbbc834b51b04fb1],
PUP.PWSTool.SnadBoy, C:\Program Files (x86)\SnadBoy's Revelation v2\RevelationHelper.dll, En quarantaine, [79e0ba77f69591a552cc24ec31d1b050],
Trojan.Injector.MSIL, C:\Users\Serveur\AppData\Local\Temp\xfysI.tmp, En quarantaine, [12479a973358d85e4917d2922ed7bd43],
PUP.Optional.OurSeaching, C:\Users\Serveur\AppData\Local\Temp\Oursurfing.exe, En quarantaine, [7adfe05189024de98fb2980ad13458a8],
PUP.Optional.Yesapps, C:\Users\Serveur\AppData\Local\Temp\setup.exe, En quarantaine, [3524cc656e1d3600a613f3ed46bb36ca],
PUP.Optional.Monetizer, C:\Users\Serveur\AppData\Local\Temp\814424537800\Setup_product_13300.exe, En quarantaine, [045544edf09b7eb8a31ba831936e57a9],
Trojan.Injector.MSIL, C:\Users\Serveur\AppData\Local\Temp\xfysI\xrc.exe, En quarantaine, [6fea0a274e3dbe78b7a93f2552b31ee2],
PUP.Optional.Linkury, C:\Windows\Temp\tmp8515.tmp, En quarantaine, [1a3f4ee3c4c73afc853ba01312ef44bc],
PUP.Optional.APNToolBar, C:\Users\Serveur\Documents\APNSetup.exe, En quarantaine, [8fca9e93731859dd040517a205fc7f81],
PUP.Optional.Linkury.Gen, C:\Windows\SysWOW64\findit.xml, En quarantaine, [c7926ec374171e181e6d5e43f2121ee2],
PUP.Optional.Linkury, C:\ProgramData\Gravelexs\ff.HP, En quarantaine, [ce8b9c951576ff37380794983fc49c64],
PUP.Optional.Linkury, C:\ProgramData\Gravelexs\ff.NT, En quarantaine, [ce8b9c951576ff37380794983fc49c64],
PUP.Optional.Linkury, C:\ProgramData\Gravelexs\snp.sc, En quarantaine, [ce8b9c951576ff37380794983fc49c64],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité