Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 11/24/18
Scan Time: 5:26 PM
Log File: e9198756-eff4-11e8-8c8e-000000000000.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8001
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DrSergioO-PC\DrSergioO
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 245810
Threats Detected: 23
Threats Quarantined: 21
Time Elapsed: 5 min, 56 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 13
PUP.Optional.DriverPack, HKU\S-1-5-21-1793344557-1319154974-2362594056-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\drp.su, Quarantined, [944], [472298],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\TYPELIB\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\INTERFACE\{422CA428-AACB-496A-8FDD-86758BCFB756}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\INTERFACE\{995E123A-2A19-4E52-872F-774C5589459C}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\INTERFACE\{A52621AD-E10F-477B-9ACB-B6181610788B}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{422CA428-AACB-496A-8FDD-86758BCFB756}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{995E123A-2A19-4E52-872F-774C5589459C}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A52621AD-E10F-477B-9ACB-B6181610788B}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{422CA428-AACB-496A-8FDD-86758BCFB756}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{995E123A-2A19-4E52-872F-774C5589459C}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A52621AD-E10F-477B-9ACB-B6181610788B}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}, Quarantined, [0], [392686],1.0.8001
Registry Value: 0
(No malicious items detected)
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, [12988], [293294],1.0.8001
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, [12988], [293295],1.0.8001
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, [12988], [293296],1.0.8001
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 7
Trojan.Banker, C:\USERS\DRSERG~1\APPDATA\LOCAL\TEMP\WINORYOAA.EXE, Quarantined, [1991], [602042],1.0.8001
MachineLearning/Anomalous.96%, C:\USERS\DRSERGIOO\DESKTOP\Wireless Network Watcher.lnk, Quarantined, [0], [392687],1.0.8001
MachineLearning/Anomalous.96%, C:\PROGRAM FILES (X86)\NIRSOFT\WIRELESS NETWORK WATCHER\WNETWATCHER.EXE, Quarantined, [0], [392687],1.0.8001
Trojan.MalPack.Gen, C:\CASEO.EXE, Removal Failed, [9616], [78353],1.0.8001
Trojan.MalPack.Gen, C:\MPKGJS.PIF, Removal Failed, [9616], [78353],1.0.8001
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\APPLE SOFTWARE UPDATE\SOFTWAREUPDATE.EXE, Quarantined, [0], [392686],1.0.8001
Trojan.Banker, C:\USERS\DRSERGIOO\APPDATA\LOCAL\TEMP\WINORYOAA.EXE, Quarantined, [1991], [602042],1.0.8001
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
www.malwarebytes.com
-Log Details-
Scan Date: 11/24/18
Scan Time: 5:26 PM
Log File: e9198756-eff4-11e8-8c8e-000000000000.json
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8001
License: Trial
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DrSergioO-PC\DrSergioO
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 245810
Threats Detected: 23
Threats Quarantined: 21
Time Elapsed: 5 min, 56 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 13
PUP.Optional.DriverPack, HKU\S-1-5-21-1793344557-1319154974-2362594056-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\drp.su, Quarantined, [944], [472298],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\TYPELIB\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\INTERFACE\{422CA428-AACB-496A-8FDD-86758BCFB756}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\INTERFACE\{995E123A-2A19-4E52-872F-774C5589459C}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\INTERFACE\{A52621AD-E10F-477B-9ACB-B6181610788B}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{422CA428-AACB-496A-8FDD-86758BCFB756}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{995E123A-2A19-4E52-872F-774C5589459C}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A52621AD-E10F-477B-9ACB-B6181610788B}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{422CA428-AACB-496A-8FDD-86758BCFB756}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{995E123A-2A19-4E52-872F-774C5589459C}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A52621AD-E10F-477B-9ACB-B6181610788B}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}, Quarantined, [0], [392686],1.0.8001
Generic.Malware/Suspicious, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7C1E4FCC-B47E-44AE-8EA7-FA66EBC8BAC4}, Quarantined, [0], [392686],1.0.8001
Registry Value: 0
(No malicious items detected)
Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, [12988], [293294],1.0.8001
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, [12988], [293295],1.0.8001
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, [12988], [293296],1.0.8001
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 7
Trojan.Banker, C:\USERS\DRSERG~1\APPDATA\LOCAL\TEMP\WINORYOAA.EXE, Quarantined, [1991], [602042],1.0.8001
MachineLearning/Anomalous.96%, C:\USERS\DRSERGIOO\DESKTOP\Wireless Network Watcher.lnk, Quarantined, [0], [392687],1.0.8001
MachineLearning/Anomalous.96%, C:\PROGRAM FILES (X86)\NIRSOFT\WIRELESS NETWORK WATCHER\WNETWATCHER.EXE, Quarantined, [0], [392687],1.0.8001
Trojan.MalPack.Gen, C:\CASEO.EXE, Removal Failed, [9616], [78353],1.0.8001
Trojan.MalPack.Gen, C:\MPKGJS.PIF, Removal Failed, [9616], [78353],1.0.8001
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\APPLE SOFTWARE UPDATE\SOFTWAREUPDATE.EXE, Quarantined, [0], [392686],1.0.8001
Trojan.Banker, C:\USERS\DRSERGIOO\APPDATA\LOCAL\TEMP\WINORYOAA.EXE, Quarantined, [1991], [602042],1.0.8001
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)