cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 23/12/2015
Heure de l'analyse: 12:55
Fichier journal: Rapport d'analyse malwarebytes.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2015.12.22.03
Base de données de rootkits: v2015.12.18.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Sivos

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 329895
Temps écoulé: 11 min, 0 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 1
PUP.Optional.Shopperz.BrwsrFlsh, HKU\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz090920151454, En quarantaine, [ec2f2187a4e7e74f0dccec210df751af],

Valeurs du Registre: 2
PUP.Optional.CPUMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gpuminer, C:\Users\Sivos\AppData\Roaming\cpuminer\sgminer\start.cmd, En quarantaine, [71aa77314d3e48ee4107e4ee9b68936d]
PUP.Optional.SelectionTools, HKU\S-1-5-21-2723524398-1224137838-1255048173-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|Selection Tools.exe, 11000, En quarantaine, [92892f7914770d29af33a865dc2845bb]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 12
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.5.1, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.7.1, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.PullUpdate, C:\ProgramData\Radio, En quarantaine, [50cb2f79503bf046b538278eef14ba46],
PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product\1.0, En quarantaine, [29f2cfd974175dd9315924b1d82b42be],
PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product, En quarantaine, [29f2cfd974175dd9315924b1d82b42be],
PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868],
PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868],
PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868],
PUP.Optional.Baidu, C:\Program Files (x86)\baidu, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b],
PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\dat, En quarantaine, [8a916147870446f035312f8759ab46ba],
PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc, En quarantaine, [8a916147870446f035312f8759ab46ba],

Fichiers: 33
PUP.Optional.PullUpdate, C:\ProgramData\Radio\prompt.exe, En quarantaine, [de3d04a4672488ae9db1e74b639e639d],
PUP.Optional.Shopperz.BrwsrFlsh, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\bsdriver.sys, En quarantaine, [2eed01a706852610155c8c2300046f91],
PUP.Optional.Shopperz.BrwsrFlsh, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\cherimoya.sys, En quarantaine, [45d650587f0c8caad9984b640afa758b],
PUP.Optional.SoftwareUpdate, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\npsoftwareupdate3.dll.VIR, En quarantaine, [45d624848cff88aebc6ceb48e61b23dd],
PUP.Optional.Perion, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\shopperz090920151454\csrcc.exe, En quarantaine, [c85318901279fe382803cf5aab563bc5],
PUP.Optional.Perion, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\shopperz090920151454\Pakejokl64.dll, En quarantaine, [b26902a64843a19590c3d455f30ec040],
PUP.Optional.SoftwareUpdate, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\Software\Update\SoftwareUpdate.exe, En quarantaine, [54c7edbb0586f145bc6c062d44bdd22e],
PUP.Optional.Winsock.WnskRST, C:\WINDOWS\System32\trz4D6C.tmp, En quarantaine, [c3583b6db0db3303f405134b38c9fd03],
PUP.Optional.Winsock.WnskRST, C:\WINDOWS\SysWOW64\Chfopbirgu.dll, En quarantaine, [d843f9afcac1e84e23d57fdfc63b4ab6],
PUP.Optional.Shopperz.BrwsrFlsh, C:\WINDOWS\System32\drivers\cherimoya.sys, Supprimer au redémarrage, [061527819af1ec4a1c55c7e8f90be11f],
Rootkit.Komodia.PUA, C:\WINDOWS\System32\drivers\bsdriver.sys, Supprimer au redémarrage, [2dee9216fc8f142278d6b8fa04fd8e72],
Rootkit.Agent.A, C:\WINDOWS\System32\drivers\cherimoya.sys, Supprimer au redémarrage, [eb300f9994f784b2e9235862f01237c9],
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.5.1\lelluaga.exe.config, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.5.1\sqlite3.dll, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\dat.dat, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.7.1\lelluaga.exe.config, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.7.1\sqlite3.dll, En quarantaine, [9c7faff9018a77bfade23152a65d857b],
PUP.Optional.Acengine, C:\WINDOWS\Temp\acengine.log, En quarantaine, [1a01a9ffe1aaa0964ee6b2d725dee21e],
PUP.Optional.IQIYI, C:\WINDOWS\Fonts\iqiyi_logo.ttf, En quarantaine, [1b00198fbfcc1d19ed09a7fe1be8b947],
PUP.Optional.PullUpdate, C:\ProgramData\Radio\prompt.exe.config, En quarantaine, [50cb2f79503bf046b538278eef14ba46],
PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, En quarantaine, [29f2cfd974175dd9315924b1d82b42be],
PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, En quarantaine, [29f2cfd974175dd9315924b1d82b42be],
PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868],
PUP.Optional.Baidu, C:\Program Files (x86)\baidu\baidu.ini, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b],
PUP.Optional.Baidu, C:\Program Files (x86)\baidu\unins000.dat, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b],
PUP.Optional.Baidu, C:\Program Files (x86)\baidu\unins000.exe, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b],
PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\dat\AlVtprq.exe.config, En quarantaine, [8a916147870446f035312f8759ab46ba],
PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\dat\GKkwtC.exe.config, En quarantaine, [8a916147870446f035312f8759ab46ba],
PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\info.dat, En quarantaine, [8a916147870446f035312f8759ab46ba],
PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\XsLykuSfV.dat, En quarantaine, [8a916147870446f035312f8759ab46ba],
PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\XsLykuSfV.exe.config, En quarantaine, [8a916147870446f035312f8759ab46ba],
PUP.Optional.MyStartSearch, C:\Users\Sivos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Bon : ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Mauvais : ("session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http://www.google.fr/","http://searchy.easylifeapp.com/","http://www.oursurfing.com/?type=hp&ts=1441893055&z=6bec1e97fc0eea8e9749dceg5z3z6g7bae4qdm9tcw&from=amt&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A514454044540","http://www.mystartsearch.com/?type=hp&ts=1441896182&z=1a6f5d9a6207fe5b51ff6beg2zcz3g2bbebt4memfz&from=cmi&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A514454044540","https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":""},"software_reporter":{"prompt_seed":"20151015","prompt_version":"4.30.1"},"sync":{"remaining_rollback_tries":0}}), Remplacé,[d5466d3b8dfea39319ef90295aaac33d]
PUP.Optional.HijackHosts.Gen, C:\WINDOWS\System32\gafs\jecn\pid.dat, En quarantaine, [04175553e6a5af87c868813340c4e21e],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité