cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 09/07/2016
Heure de l'analyse: 11:15
Fichier journal: mbam.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.07.09.05
Base de données de rootkits: v2016.05.27.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: user

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 300982
Temps écoulé: 55 min, 22 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 11
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, En quarantaine, [3cbd021f0b8f22149991bdd70002c040],
PUP.Optional.WebSteroids, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, En quarantaine, [3cbd021f0b8f22149991bdd70002c040],
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, En quarantaine, [3cbd021f0b8f22149991bdd70002c040],
PUP.Optional.DynConIE, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, En quarantaine, [12e7ff220a90f34345ad2f6036cc9f61],
PUP.Optional.DynConIE, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, En quarantaine, [12e7ff220a90f34345ad2f6036cc9f61],
PUP.Optional.DynConIE, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, En quarantaine, [12e7ff220a90f34345ad2f6036cc9f61],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, En quarantaine, [877271b0d3c7bb7bef95d1a08979b64a],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, En quarantaine, [877271b0d3c7bb7bef95d1a08979b64a],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3281675, En quarantaine, [2bced54c4852fb3bf2bd746504fe47b9],
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8C23F892}, En quarantaine, [8c6d0b163169b5815b0035c3f90a19e7],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4215800688-2125504471-745768994-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3281675, En quarantaine, [7881e9386634d462827c147d3ec5c13f],

Valeurs du Registre: 9
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, En quarantaine, [03f648d9f2a8b680c426c9f9bf4407f9]
PUP.Optional.Groovorio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Groovorio\\, En quarantaine, [fbfe79a8cad01d19f21c693c9d66b64a]
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{8c23f892}|1, 1457212121, En quarantaine, [8c6d0b163169b5815b0035c3f90a19e7]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://unstopp.me/wpad.dat?43a658fabe3f3e15260629bd85cb0a203090595, En quarantaine, [55a4d948a8f279bdf123e111f90aa759]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{01E11A5A-1463-465D-A24B-EA2140C2BF9D}|NameServer, 82.163.142.7 95.211.158.134, En quarantaine, [a45552cff1a9360091b68c6cc24147b9]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{41D54FD3-1647-44FE-8806-B46B2CF1DC8A}|NameServer, 82.163.142.7 95.211.158.134, En quarantaine, [936639e85941112522259068ed163ac6]
PUP.Optional.WebBar, HKU\S-1-5-21-4215800688-2125504471-745768994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|wb.exe, 11000, En quarantaine, [8277869b188255e1924428bace351ae6]
PUP.Optional.Yontoo, HKU\S-1-5-21-4215800688-2125504471-745768994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, En quarantaine, [e316879ac4d60c2a4ee7b30f30d321df]
Hijack.AutoConfigURL.ShrtCln, HKU\S-1-5-21-4215800688-2125504471-745768994-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://unstopp.me/wpad.dat?43a658fabe3f3e15260629bd85cb0a203090595, En quarantaine, [d029d150bbdfd75f435c8260fe0515eb]

Données du Registre: 3
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIlteVQxCQBgVeQ5cTA1BE1AOeF8BVhRDFVMVIgwLVw1GFAQFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==, Bon : (www.google.com), Mauvais : (http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIlteVQxCQBgVeQ5cTA1BE1AOeF8BVhRDFVMVIgwLVw1GFAQFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==),Remplacé,[8178b9688c0ea0968ba9ed8c16eea35d]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Bon : (8.8.8.8), Mauvais : (82.163.142.7 95.211.158.134),Remplacé,[45b46db433671b1bad747802fc08b54b]
PUP.Optional.Yontoo, HKU\S-1-5-21-4215800688-2125504471-745768994-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIlteVQxCQBgVeQ5cTA1BE1AOeF8BVhRDFVMVIgwLVw1GFAQFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==, Bon : (www.google.com), Mauvais : (http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIlteVQxCQBgVeQ5cTA1BE1AOeF8BVhRDFVMVIgwLVw1GFAQFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==),Remplacé,[f20775ac0d8dbd791d1c42378d77768a]

Dossiers: 2
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk\dat, En quarantaine, [22d7d64b2b6fe5512b088912fe06d030],
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk, En quarantaine, [22d7d64b2b6fe5512b088912fe06d030],

Fichiers: 23
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk\dat\kcCZWkWU.dll, En quarantaine, [ac4d061baaf06accb0f7c580a25f1be5],
PUP.Optional.ZombieInvasion, C:\ProgramData\PodgiDTVk\dat\teyInWioUy.dll, En quarantaine, [5f9ac75a7921d165db271e21e51f33cd],
PUP.Optional.WebShield, C:\Users\user\AppData\Roaming\ZHP\Quarantine\HDeAAfpyrjt.exe, En quarantaine, [7287cd54bfdbc76fc09653db8c75d52b],
PUP.Optional.WebShield, C:\Users\user\AppData\Roaming\ZHP\Quarantine\CVvqmGHvBVa.exe, En quarantaine, [c039140d0199b87e470f9995cf32718f],
PUP.Optional.WebShield, C:\Users\user\AppData\Roaming\ZHP\Quarantine\IogtIvyi.exe, En quarantaine, [19e01908f3a7211559fd062850b158a8],
PUP.Optional.Tuto4PC, C:\Users\user\AppData\Roaming\ZHP\Quarantine\gmsd_fr_004010185\gamesdesktop_widget.exe, En quarantaine, [8178d9481387dd5900fc52e4ed13a15f],
PUP.Optional.Tuto4PC, C:\Users\user\AppData\Roaming\ZHP\Quarantine\gmsd_fr_004010185\gmsd_fr_004010185 - uninstall.exe, En quarantaine, [24d5928f881268cecf32c5bec140a060],
Adware.EoRezo, C:\Users\user\AppData\Roaming\ZHP\Quarantine\gmsd_fr_004010185\gmsd_fr_004010185.exe, En quarantaine, [24d5140db6e42115b4073421d62b42be],
Adware.EoRezo, C:\Users\user\AppData\Roaming\ZHP\Quarantine\gmsd_fr_004010185\predm.exe, En quarantaine, [fcfd2af7cad006308d082062a061916f],
Adware.EoRezo, C:\Users\user\AppData\Roaming\ZHP\Quarantine\gmsd_fr_004010185\gmsd_fr_004010185\upgmsd_fr_004010185.exe, En quarantaine, [17e2e43dd4c6a591f342d6a523de946c],
PUP.Optional.PullUpdate, C:\Users\user\AppData\Roaming\ZHP\Quarantine\WebShield\Uninstall.exe, En quarantaine, [71883ce57e1cdd5990801187768e31cf],
PUP.Optional.WebBar, C:\Users\user\AppData\Local\Setup Wizard\253cd3cc-36d9-4016-8f5e-f9285776733c\web_bar_setup_is2.exe, En quarantaine, [a158839edbbf2b0b22e2d1c9857cfd03],
PUP.Optional.BrowseFox, C:\Users\user\AppData\Local\Setup Wizard\55514571-6320-4d91-9e4b-7630fbc18af4\primarycolorsetup.exe, En quarantaine, [94653fe243575adcfc7797d3e12024dc],
PUP.Optional.EoRezo.Generic, C:\Users\user\AppData\Local\Setup Wizard\5db3dd87-dd53-4651-9e78-4ed92b117ed0\setup_gmsd.exe, En quarantaine, [56a3c65bdac0ec4a3e7a22a27190ae52],
PUP.Optional.SystemHealer, C:\Users\user\AppData\Local\Setup Wizard\a11499d7-1deb-4a8b-aa07-16a5280a98c8\systemhealer.exe, En quarantaine, [7a7fb968603ae6500f0565fde61b9d63],
Trojan.Downloader, C:\Users\user\AppData\Local\Setup Wizard\a9c80d77-733c-427e-abbb-d2896fb454ea\setup.exe, En quarantaine, [d722c65b7525ff375fb15a6fa55cd828],
PUP.Optional.WebShield, C:\Users\user\AppData\Local\Setup Wizard\ce1c4ef7-7d2a-46fa-878f-03bb698797ec\setup.exe, En quarantaine, [ad4c6bb60991a195d5900121d42cc13f],
PUP.Optional.Boxore.WnskRST, C:\Windows\Installer\15f036.msi, En quarantaine, [29d0eb36afeb4ee80cb3a6eb798b5aa6],
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk\dat\HDeAAfpyrjt.exe.config, En quarantaine, [22d7d64b2b6fe5512b088912fe06d030],
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk\dat\IogtIvyi.exe.config, En quarantaine, [22d7d64b2b6fe5512b088912fe06d030],
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk\CVvqmGHvBVa.dat, En quarantaine, [22d7d64b2b6fe5512b088912fe06d030],
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk\CVvqmGHvBVa.exe.config, En quarantaine, [22d7d64b2b6fe5512b088912fe06d030],
PUP.Optional.PullUpdate, C:\ProgramData\PodgiDTVk\info.dat, En quarantaine, [22d7d64b2b6fe5512b088912fe06d030],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité