cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 15/12/2015
Heure de l'analyse: 11:43
Fichier journal: Malwarebytes Anti-Malware.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2015.12.15.02
Base de données de rootkits: v2015.12.07.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: BDHALLEINE

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 617424
Temps écoulé: 48 min, 53 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 7
PUP.Optional.Shopperz.BrwsrFlsh, HKLM\SOFTWARE\shopperz27072015, En quarantaine, [213dcfd6018a9f97fcb46a15679cce32],
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}, En quarantaine, [39258322692294a217ebac5407fdcb35],
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [0c52980def9c4de9c4d82860ab5812ee],
PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Efkamei, Supprimer au redémarrage, [f46a951059329c9a28037933c53d48b8],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SPBIW_UpdateTask_Time_333233353730303339392d50552d6c455a37575a417834, Supprimer au redémarrage, [7be3406537544ee825005e564db60bf5],
PUP.Optional.WordShark, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WordShark Auto Updater 1.10.0.20 Core, Supprimer au redémarrage, [7ae4535263287abcd5f016ab7a89f010],
PUP.Optional.WordShark, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WordShark Auto Updater 1.10.0.20 Pending Update, Supprimer au redémarrage, [ee708520226969cd8342f2cf3dc652ae],

Valeurs du Registre: 12
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, En quarantaine, [de80574e28638da91ffdc82d0cf7c23e],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, En quarantaine, [dc82545192f93bfbb666f8fd7e853ac6],
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tight2_15_47&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyEyBtD0BtA0ByDzzzy0BtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzy0AtAtCtC0BtBtGtCtDtC0CtGtBtD0EzztGtD0BtBzztG0DtBzzyEtDtDzztD0BtDzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtDtC0CtA0EyEtG0F0FtAtBtGyE0FyC0DtGzztC0F0FtGzytB0DzzyB0DyB0DyCyCyCtD2QtN0A0LzuyE&cr=1507242022&ir=, En quarantaine, [0c52980def9c4de9c4d82860ab5812ee]
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_tight2_15_47&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EyEyBtD0BtA0ByDzzzy0BtN0D0Tzu0StCyEtCyCtN1L2XzutAtFtCtBtFyDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEzy0AtAtCtC0BtBtGtCtDtC0CtGtBtD0EzztGtD0BtBzztG0DtBzzyEtDtDzztD0BtDzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtDtC0CtA0EyEtG0F0FtAtBtGyE0FyC0DtGzztC0F0FtGzytB0DzzyB0DyB0DyCyCyCtD2QtN0A0LzuyE&cr=1507242022&ir=, En quarantaine, [b8a6b5f032592f07f3a92f595fa427d9]
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\bdhalleine\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, En quarantaine, [500ed3d2513ad1657a220682b74c827e]
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Cassiopesa, En quarantaine, [73eb5a4bfa914aec7b216a1ea261e61a]
PUP.Optional.Cassiopesa, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Cassiopesa, En quarantaine, [86d894118dfec57149537e0a43c0b14f]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, En quarantaine, [401ea6fff6959f977d9f896c9e65b848],
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, Crossbrowse, En quarantaine, [d58912937b104cea61e04a4321e26997]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, En quarantaine, [3826f3b2fa912b0bbf828eff2ed55fa1]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, Crossbrowse, En quarantaine, [a4ba079e96f58caa271a355805fe5fa1]
PUP.Optional.WebBar, HKU\S-1-5-21-673184145-3058169501-3967457563-1362\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|wb.exe, 11000, En quarantaine, [afaf31743b50bb7b4273778d18ec8e72]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 6
PUP.Optional.VBates, C:\Users\bdhalleine\AppData\LocalLow\Company\Product\1.0, En quarantaine, [4e10dfc6dfac13233c531db0699aa35d],
PUP.Optional.VBates, C:\Users\bdhalleine\AppData\LocalLow\Company\Product, En quarantaine, [4e10dfc6dfac13233c531db0699aa35d],
PUP.Optional.OptimizerPro, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2, En quarantaine, [b2acedb89eed082e59311f75d1317090],
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, En quarantaine, [acb254513b5050e611cfd5cfb1513bc5],
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, En quarantaine, [acb254513b5050e611cfd5cfb1513bc5],
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, En quarantaine, [acb254513b5050e611cfd5cfb1513bc5],

Fichiers: 14
PUP.Optional.InstallCore, C:\Users\mmirgain\AppData\Roaming\Any Send Packages\uninstaller.exe, En quarantaine, [b6a834718cff999d2da8e160be430af6],
Adware.PremierOpinion, C:\Windows\System32\pmls64.dll, En quarantaine, [a4ba9510e0abc3736d5817654eb2b14f],
PUP.Optional.InstallCore, C:\Users\mmirgain\AppData\Local\Temp\191822198.Uninstall\uninstaller.exe, En quarantaine, [3826e4c116750c2a3c994100e8196898],
PUP.Optional.InstallCore, C:\Users\mmirgain\AppData\Local\Temp\is1590112554\uninstaller.exe, En quarantaine, [68f61b8ac6c5bd799045da67da27a55b],
PUP.Optional.DownLoadAdmin, C:\Users\bdhalleine\Downloads\vlcmediaplayer-setup(1).exe, En quarantaine, [81dda20399f2191d446e089bf60b54ac],
PUP.Optional.DownLoadAdmin, C:\Users\bdhalleine\Downloads\vlcmediaplayer-setup.exe, En quarantaine, [322ce7bef09b46f0e2b4b78c35cc21df],
PUP.Optional.InstallCore, C:\Users\bdhalleine\Downloads\glary-utilities.exe, En quarantaine, [6af43174bdce2e08d2a39015976d42be],
PUP.Optional.InstallCore, C:\Users\mmirgain\Downloads\AnySendSetup.exe, En quarantaine, [c6983f6636550630ead06ed46899d927],
PUP.Optional.VBates, C:\Windows\System32\Tasks\Efkamei, En quarantaine, [db834e57a1eaf73f81a89f0dfc06d32d],
PUP.Optional.Cassiopesa, C:\Users\bdhalleine\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, En quarantaine, [6df1b6ef0d7e0e28ccb48d3ee61df010],
PUP.Optional.VBates, C:\Users\bdhalleine\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, En quarantaine, [4e10dfc6dfac13233c531db0699aa35d],
PUP.Optional.VBates, C:\Users\bdhalleine\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, En quarantaine, [4e10dfc6dfac13233c531db0699aa35d],
PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, En quarantaine, [acb254513b5050e611cfd5cfb1513bc5],
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\gei\sefd\suun.dat, En quarantaine, [e17d1194107b37ffe477e8c122e227d9],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité