cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 23/12/2015
Heure de l'analyse: 02:36
Fichier journal: qq.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2015.12.22.07
Base de données de rootkits: v2015.12.18.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: pc

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 320112
Temps écoulé: 33 min, 16 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Analyse approfondie des rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 3
PUP.Optional.CrossRider, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\evjd.dll, Supprimer au redémarrage, [948bdfc995f6023400c3e79a29db7a86],
PUP.Optional.CrossRider, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\CookingVideo.dll, Supprimer au redémarrage, [9d827830a6e551e52a72542cad578c74],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\{AFE90956-4E81-82ED-43AE-EEA3FA247512}.dat, Supprimer au redémarrage, [28f7297fe4a71d19dc73565fac58d22e],

Clés du Registre: 11
PUP.Optional.Midie, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\APPTHGILDEM.EXE, En quarantaine, [fa257d2b7516cf67b1e5dbdf81808e72],
PUP.Optional.Midie, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\APPTHGILDEM.EXE, En quarantaine, [fa257d2b7516cf67b1e5dbdf81808e72],
PUP.Optional.CrossRider, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BBE1C090-B940-B55A-BD1E-F3482D3E469C}, En quarantaine, [839c0e9aa2e959dd7d1f8bf558aca759],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, En quarantaine, [eb344365e9a262d41427a62e4ab99967],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\hotnix_RASAPI32, En quarantaine, [001fb1f74942d4627e1f5cac2cd8d32d],
PUP.Optional.Amonetize, HKLM\SOFTWARE\MICROSOFT\TRACING\hotnix_RASMANCS, En quarantaine, [28f72a7e09821d19495457b1788c8b75],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtMedlight, En quarantaine, [849bc5e3a7e4a6900449466b08fa768a],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, En quarantaine, [c85724841f6c4ee886b5874de51eda26],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, En quarantaine, [c15e2484612a1323f5ad129edb271ae6],
PUP.Optional.Linkury, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\mtMedlight, En quarantaine, [37e86b3d8cff51e5c28303ae4db5cb35],
PUP.Optional.HoumPage.ShrtCln, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CF34D395-9FF1-49A0-98A5-8DB1636431B1}, En quarantaine, [d24d2c7cee9db5816409749bac58916f],

Valeurs du Registre: 7
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms}, En quarantaine, [f52a7b2d4447f93d5bdd2461f60dc53b]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{051673E8-4A8C-405D-89E7-954508617F6B}, v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, En quarantaine, [7ca36444dcafd95d6d13d0337e86d62a]
PUP.Optional.LuckyBrowse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{ABD6464C-DFA4-48DC-A132-00C691E1065B}, v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe|Name=LuckyBrowse|, En quarantaine, [9986d5d3226950e6d6aa35ce40c402fe]
PUP.Optional.Linkury, HKU\S-1-5-18\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=DZ&userid=0f16b72d-0b3d-767f-dc3b-39f701d0934e&searchtype=sc&installDate=05-12-2015&barcodeid=50045777&channelid=777, En quarantaine, [f827d3d5b2d996a028c5ffa9f40f6e92]
PUP.Optional.HoumPage.ShrtCln, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{cf34d395-9ff1-49a0-98a5-8db1636431b1}|URL, http://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449282841&a=1026400&uuid=8296bf3a-3a28-44b7-abe6-f3f8e8828b93, En quarantaine, [d24d2c7cee9db5816409749bac58916f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms}, En quarantaine, [be617b2d7a11bf77ad88f68f838025db]
Hijack.AutoConfigURL.ShrtCln, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://unstopp.me/wpad.dat?696b342a81d7463db156b15bd8eb24e32236188, En quarantaine, [54cbc5e3d4b7a49234e30a03a95b9868]

Données du Registre: 3
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({ielnksrch}),Remplacé,[938c21871972063097305c308d77de22]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms}),Remplacé,[0e117a2e870490a6a51cd1bb798bb34d]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1788190544-2841081292-2523875018-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms}),Remplacé,[3de2cade2863c86e596ac4c8a65ead53]

Dossiers: 12
PUP.Optional.Amonetize, C:\Program Files\NixController, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.Amonetize, C:\Program Files\NixController\bin, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.Amonetize, C:\Program Files\NixController\bin\c80a9259-abbf-499e-898c-4857dcc3f19b, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.Amonetize, C:\Program Files\NixController\bin\fc1aa541-956e-4b38-9a97-51db8957d9e0, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\_metadata, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\AppthgildeMs, En quarantaine, [6ab5a0085d2e35018a20bbf77094e51b],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component, Supprimer au redémarrage, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video, Supprimer au redémarrage, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}, Supprimer au redémarrage, [28f7297fe4a71d19dc73565fac58d22e],

Fichiers: 38
PUP.Optional.CrossRider, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\evjd.dll, Supprimer au redémarrage, [948bdfc995f6023400c3e79a29db7a86],
PUP.Optional.CrossRider, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\CookingVideo.dll, Supprimer au redémarrage, [9d827830a6e551e52a72542cad578c74],
PUP.Optional.Midie, C:\ProgramData\AppthgildeM\AppthgildeM.exe, En quarantaine, [fa257d2b7516cf67b1e5dbdf81808e72],
PUP.Optional.Bundler, C:\ProgramData\AppthgildeM\Faxplus.exe, En quarantaine, [c35c8028cfbc2a0caa2df73a1be7dc24],
PUP.Optional.Bundler, C:\ProgramData\AppthgildeM\LabLatfax.dll, En quarantaine, [eb341593d3b80f27c97720608d7737c9],
PUP.Optional.Bundler, C:\ProgramData\AppthgildeM\Movetough.dll, En quarantaine, [36e9feaaff8c112587bac5bbe3212ad6],
PUP.Optional.Linkury.ShrtCln, C:\Users\pc\AppData\Roaming\moses.exe, En quarantaine, [c659d3d5a1ea95a1f1876a4c5ba60bf5],
PUP.Optional.Runner, C:\Users\pc\AppData\Local\Temp\6wnTox\runner.exe, En quarantaine, [e33c2088137862d4990ee36305fbb54b],
PUP.Optional.CrossRider, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\{3FE388BC-A9D3-ABFC-9429-1005BC2B9352}.dll, En quarantaine, [839c0e9aa2e959dd7d1f8bf558aca759],
PUP.Optional.Midie, C:\Users\pc\AppData\Roaming\Moses.dat, En quarantaine, [fd22aefacfbc95a123805060c042ed13],
PUP.Optional.FakeChromeExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.forexapps.info_0.localstorage, En quarantaine, [e83733753d4e91a50c33b5527a8a1ae6],
PUP.Optional.FakeChromeExtension, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.forexapps.info_0.localstorage-journal, En quarantaine, [3fe07a2ebfcc3afc65da46c16f95847c],
PUP.Optional.Amonetize, C:\Program Files\NixController\config.conf, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.Amonetize, C:\Program Files\NixController\bin\fc1aa541-956e-4b38-9a97-51db8957d9e0\Jackson.exe, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.Amonetize, C:\Program Files\NixController\bin\fc1aa541-956e-4b38-9a97-51db8957d9e0\xtc.exe, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.Amonetize, C:\Program Files\NixController\bin\fc1aa541-956e-4b38-9a97-51db8957d9e0\xtc.exe.config, En quarantaine, [de419513b2d9af874e4d96720ff523dd],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\background.js, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\desktop.ini, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\manifest.json, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\128x128.png, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\16x16.png, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\desktop.ini, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\wiki-_16.png, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\wiki_128.png, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\icons\wiki_32.ico, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.WikiSearchMe, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\extensions\fcgnigmofekcllgbiejhmigggmgehkip\1.1.1_0\_metadata\verified_contents.json, En quarantaine, [6eb1b3f5187373c34201703b0ff3827e],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\AppthgildeMs\ff.HP, En quarantaine, [6ab5a0085d2e35018a20bbf77094e51b],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\AppthgildeMs\ff.NT, En quarantaine, [6ab5a0085d2e35018a20bbf77094e51b],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\AppthgildeMs\snp.sc, En quarantaine, [6ab5a0085d2e35018a20bbf77094e51b],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component\config.json, En quarantaine, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component\hello.js, En quarantaine, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component\log.html, Supprimer au redémarrage, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component\manifest.json, En quarantaine, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component\scriptTagContext.js, En quarantaine, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component\tmp_bg.js, En quarantaine, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\Component\uconfig.json, En quarantaine, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\c.dat, En quarantaine, [28f7297fe4a71d19dc73565fac58d22e],
PUP.Optional.CrossAd.Gen, C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\{AFE90956-4E81-82ED-43AE-EEA3FA247512}.dat, Supprimer au redémarrage, [28f7297fe4a71d19dc73565fac58d22e],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité