Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes
www.malwarebytes.com
-Détails du journal-
Date de l'analyse: 22/02/2017
Heure de l'analyse: 17:37
Fichier journal: mbam.txt
Administrateur: Oui
-Informations du logiciel-
Version: 3.0.6.1469
Version de composants: 1.0.50
Version de pack de mise à jour: 1.0.1064
Licence: Gratuit
-Informations système-
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: ARTHUR\USER
-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 511042
Temps écoulé: 12 min, 51 s
-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)
Module: 0
(Aucun élément malveillant détecté)
Clé du registre: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5d2b51fe}, En quarantaine, [46], [260250],1.0.1064
Valeur du registre: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5d2b51fe}|1, En quarantaine, [46], [260250],1.0.1064
Données du registre: 8
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer, Remplacé, [17950], [293494],1.0.1064
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{7ab8c86d-177c-4bed-b970-3c029fa37cb0}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9dadb3a5-c074-4482-ab16-cd3f66ea8c16}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{a98e3542-c145-43cf-9972-75cef9fb2354}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ad36df25-9e82-4bf0-8040-0369e7ccb197}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{bd5628f2-b7b5-42c7-a409-b2f8528414ad}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ecd4bc80-3aa7-47c2-8f15-6497a234bc10}|NameServer, Remplacé, [17950], [-1],0.0.0
Flux de données: 0
(Aucun élément malveillant détecté)
Dossier: 2
PUP.Optional.WindowService, C:\USERS\USER\APPDATA\LOCAL\TEMP\WS, En quarantaine, [1982], [357979],1.0.1064
Adware.Agent.Generic, C:\PROGRAMDATA\{9EF7FA56-295C-4DFD-150A-4B72ECED2125}, En quarantaine, [1707], [331038],1.0.1064
Fichier: 28
PUP.Optional.Komodia, C:\WINDOWS\System32\drivers\zdwfp64.sys, En quarantaine, [1292], [106354],0.0.0
Adware.OptimizerEliteMax, C:\USERS\USER\APPDATA\LOCAL\TEMP\D17DBC30-56AB-46A5-936D-7B4B9AEC22C7\ONESYSTEMCARE.EXE, En quarantaine, [539], [311034],1.0.1064
Adware.NeoBar.Generic, C:\USERS\USER\APPDATA\LOCAL\TEMP\74872192-E134-4033-B3DB-88BCE2A66CBF\YT.EXE, En quarantaine, [2602], [351605],1.0.1064
PUP.Optional.WindowService, C:\USERS\USER\APPDATA\LOCAL\TEMP\WS\CONFIG.JSON, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\128x128.png, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\3FD8203C72118EAE2D2F56EC5A014851, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\ati_upd.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\InstallUtil.InstallLog, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\Interop.Shell32.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\Newtonsoft.Json.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\Newtonsoft.Json.xml, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\NLog.config, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\NLog.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\NLog.xml, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\state, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.exe, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.InstallLog, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.InstallState, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.Lib.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.Komodia, C:\WINDOWS\TEMP\ZDENGINE.LOG, En quarantaine, [1292], [257778],1.0.1064
PUP.Optional.CrossRider, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, En quarantaine, [307], [256629],1.0.1064
PUP.Optional.CrossRider, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, En quarantaine, [307], [256629],1.0.1064
PUP.Optional.Yontoo, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage, En quarantaine, [71], [304355],1.0.1064
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Échec de la suppression, [71], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\USER\NTUSER.POL, En quarantaine, [71], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, En quarantaine, [71], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage-journal, En quarantaine, [71], [304355],1.0.1064
Adware.Agent.Generic, C:\PROGRAMDATA\{9EF7FA56-295C-4DFD-150A-4B72ECED2125}\83B70C5C-341C-BBF7-B103-64443C639A49.exe, En quarantaine, [1707], [331038],1.0.1064
Secteur physique: 0
(Aucun élément malveillant détecté)
(end)
www.malwarebytes.com
-Détails du journal-
Date de l'analyse: 22/02/2017
Heure de l'analyse: 17:37
Fichier journal: mbam.txt
Administrateur: Oui
-Informations du logiciel-
Version: 3.0.6.1469
Version de composants: 1.0.50
Version de pack de mise à jour: 1.0.1064
Licence: Gratuit
-Informations système-
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: ARTHUR\USER
-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 511042
Temps écoulé: 12 min, 51 s
-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)
Module: 0
(Aucun élément malveillant détecté)
Clé du registre: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5d2b51fe}, En quarantaine, [46], [260250],1.0.1064
Valeur du registre: 1
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5d2b51fe}|1, En quarantaine, [46], [260250],1.0.1064
Données du registre: 8
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer, Remplacé, [17950], [293494],1.0.1064
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{7ab8c86d-177c-4bed-b970-3c029fa37cb0}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9dadb3a5-c074-4482-ab16-cd3f66ea8c16}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{a98e3542-c145-43cf-9972-75cef9fb2354}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ad36df25-9e82-4bf0-8040-0369e7ccb197}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{bd5628f2-b7b5-42c7-a409-b2f8528414ad}|NameServer, Remplacé, [17950], [-1],0.0.0
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{ecd4bc80-3aa7-47c2-8f15-6497a234bc10}|NameServer, Remplacé, [17950], [-1],0.0.0
Flux de données: 0
(Aucun élément malveillant détecté)
Dossier: 2
PUP.Optional.WindowService, C:\USERS\USER\APPDATA\LOCAL\TEMP\WS, En quarantaine, [1982], [357979],1.0.1064
Adware.Agent.Generic, C:\PROGRAMDATA\{9EF7FA56-295C-4DFD-150A-4B72ECED2125}, En quarantaine, [1707], [331038],1.0.1064
Fichier: 28
PUP.Optional.Komodia, C:\WINDOWS\System32\drivers\zdwfp64.sys, En quarantaine, [1292], [106354],0.0.0
Adware.OptimizerEliteMax, C:\USERS\USER\APPDATA\LOCAL\TEMP\D17DBC30-56AB-46A5-936D-7B4B9AEC22C7\ONESYSTEMCARE.EXE, En quarantaine, [539], [311034],1.0.1064
Adware.NeoBar.Generic, C:\USERS\USER\APPDATA\LOCAL\TEMP\74872192-E134-4033-B3DB-88BCE2A66CBF\YT.EXE, En quarantaine, [2602], [351605],1.0.1064
PUP.Optional.WindowService, C:\USERS\USER\APPDATA\LOCAL\TEMP\WS\CONFIG.JSON, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\128x128.png, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\3FD8203C72118EAE2D2F56EC5A014851, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\ati_upd.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\InstallUtil.InstallLog, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\Interop.Shell32.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\Newtonsoft.Json.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\Newtonsoft.Json.xml, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\NLog.config, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\NLog.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\NLog.xml, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\state, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.exe, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.InstallLog, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.InstallState, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.WindowService, C:\Users\USER\AppData\Local\Temp\WS\WindowService.Lib.dll, En quarantaine, [1982], [357979],1.0.1064
PUP.Optional.Komodia, C:\WINDOWS\TEMP\ZDENGINE.LOG, En quarantaine, [1292], [257778],1.0.1064
PUP.Optional.CrossRider, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, En quarantaine, [307], [256629],1.0.1064
PUP.Optional.CrossRider, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, En quarantaine, [307], [256629],1.0.1064
PUP.Optional.Yontoo, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage, En quarantaine, [71], [304355],1.0.1064
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Échec de la suppression, [71], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\USER\NTUSER.POL, En quarantaine, [71], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, En quarantaine, [71], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_static.coupontime00.coupontime.co_0.localstorage-journal, En quarantaine, [71], [304355],1.0.1064
Adware.Agent.Generic, C:\PROGRAMDATA\{9EF7FA56-295C-4DFD-150A-4B72ECED2125}\83B70C5C-341C-BBF7-B103-64443C639A49.exe, En quarantaine, [1707], [331038],1.0.1064
Secteur physique: 0
(Aucun élément malveillant détecté)
(end)