Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 23/12/2015 Heure de l'analyse: 12:55 Fichier journal: Rapport d'analyse malwarebytes.txt Administrateur: Oui Version: 2.2.0.1024 Base de données de programmes malveillants: v2015.12.22.03 Base de données de rootkits: v2015.12.18.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: Sivos Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 329895 Temps écoulé: 11 min, 0 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 1 PUP.Optional.Shopperz.BrwsrFlsh, HKU\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz090920151454, En quarantaine, [ec2f2187a4e7e74f0dccec210df751af], Valeurs du Registre: 2 PUP.Optional.CPUMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gpuminer, C:\Users\Sivos\AppData\Roaming\cpuminer\sgminer\start.cmd, En quarantaine, [71aa77314d3e48ee4107e4ee9b68936d] PUP.Optional.SelectionTools, HKU\S-1-5-21-2723524398-1224137838-1255048173-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|Selection Tools.exe, 11000, En quarantaine, [92892f7914770d29af33a865dc2845bb] Données du Registre: 0 (Aucun élément malveillant détecté) Dossiers: 12 PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.5.1, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.7.1, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.PullUpdate, C:\ProgramData\Radio, En quarantaine, [50cb2f79503bf046b538278eef14ba46], PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product\1.0, En quarantaine, [29f2cfd974175dd9315924b1d82b42be], PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product, En quarantaine, [29f2cfd974175dd9315924b1d82b42be], PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868], PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868], PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868], PUP.Optional.Baidu, C:\Program Files (x86)\baidu, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b], PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\dat, En quarantaine, [8a916147870446f035312f8759ab46ba], PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc, En quarantaine, [8a916147870446f035312f8759ab46ba], Fichiers: 33 PUP.Optional.PullUpdate, C:\ProgramData\Radio\prompt.exe, En quarantaine, [de3d04a4672488ae9db1e74b639e639d], PUP.Optional.Shopperz.BrwsrFlsh, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\bsdriver.sys, En quarantaine, [2eed01a706852610155c8c2300046f91], PUP.Optional.Shopperz.BrwsrFlsh, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\cherimoya.sys, En quarantaine, [45d650587f0c8caad9984b640afa758b], PUP.Optional.SoftwareUpdate, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\npsoftwareupdate3.dll.VIR, En quarantaine, [45d624848cff88aebc6ceb48e61b23dd], PUP.Optional.Perion, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\shopperz090920151454\csrcc.exe, En quarantaine, [c85318901279fe382803cf5aab563bc5], PUP.Optional.Perion, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\shopperz090920151454\Pakejokl64.dll, En quarantaine, [b26902a64843a19590c3d455f30ec040], PUP.Optional.SoftwareUpdate, C:\Users\Sivos\AppData\Roaming\ZHP\Quarantine\Software\Update\SoftwareUpdate.exe, En quarantaine, [54c7edbb0586f145bc6c062d44bdd22e], PUP.Optional.Winsock.WnskRST, C:\WINDOWS\System32\trz4D6C.tmp, En quarantaine, [c3583b6db0db3303f405134b38c9fd03], PUP.Optional.Winsock.WnskRST, C:\WINDOWS\SysWOW64\Chfopbirgu.dll, En quarantaine, [d843f9afcac1e84e23d57fdfc63b4ab6], PUP.Optional.Shopperz.BrwsrFlsh, C:\WINDOWS\System32\drivers\cherimoya.sys, Supprimer au redémarrage, [061527819af1ec4a1c55c7e8f90be11f], Rootkit.Komodia.PUA, C:\WINDOWS\System32\drivers\bsdriver.sys, Supprimer au redémarrage, [2dee9216fc8f142278d6b8fa04fd8e72], Rootkit.Agent.A, C:\WINDOWS\System32\drivers\cherimoya.sys, Supprimer au redémarrage, [eb300f9994f784b2e9235862f01237c9], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.5.1\lelluaga.exe.config, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.5.1\sqlite3.dll, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\dat.dat, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.7.1\lelluaga.exe.config, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.PullUpdate.Gen, C:\ProgramData\Osleiitaia\1.0.7.1\sqlite3.dll, En quarantaine, [9c7faff9018a77bfade23152a65d857b], PUP.Optional.Acengine, C:\WINDOWS\Temp\acengine.log, En quarantaine, [1a01a9ffe1aaa0964ee6b2d725dee21e], PUP.Optional.IQIYI, C:\WINDOWS\Fonts\iqiyi_logo.ttf, En quarantaine, [1b00198fbfcc1d19ed09a7fe1be8b947], PUP.Optional.PullUpdate, C:\ProgramData\Radio\prompt.exe.config, En quarantaine, [50cb2f79503bf046b538278eef14ba46], PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, En quarantaine, [29f2cfd974175dd9315924b1d82b42be], PUP.Optional.VBates, C:\Users\Sivos\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, En quarantaine, [29f2cfd974175dd9315924b1d82b42be], PUP.Optional.VBates.WnskRST, C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, En quarantaine, [c05b03a5a2e966d0e6f28d1f33cf9868], PUP.Optional.Baidu, C:\Program Files (x86)\baidu\baidu.ini, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b], PUP.Optional.Baidu, C:\Program Files (x86)\baidu\unins000.dat, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b], PUP.Optional.Baidu, C:\Program Files (x86)\baidu\unins000.exe, En quarantaine, [a5762c7cf2997db90ae7e4d324e0758b], PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\dat\AlVtprq.exe.config, En quarantaine, [8a916147870446f035312f8759ab46ba], PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\dat\GKkwtC.exe.config, En quarantaine, [8a916147870446f035312f8759ab46ba], PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\info.dat, En quarantaine, [8a916147870446f035312f8759ab46ba], PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\XsLykuSfV.dat, En quarantaine, [8a916147870446f035312f8759ab46ba], PUP.Optional.PullUpdate, C:\ProgramData\sqnFskfbc\XsLykuSfV.exe.config, En quarantaine, [8a916147870446f035312f8759ab46ba], PUP.Optional.MyStartSearch, C:\Users\Sivos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Bon : ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Mauvais : ("session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http://www.google.fr/","http://searchy.easylifeapp.com/","http://www.oursurfing.com/?type=hp&ts=1441893055&z=6bec1e97fc0eea8e9749dceg5z3z6g7bae4qdm9tcw&from=amt&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A514454044540","http://www.mystartsearch.com/?type=hp&ts=1441896182&z=1a6f5d9a6207fe5b51ff6beg2zcz3g2bbebt4memfz&from=cmi&uid=WDCXWD7500BPKT-75PK4T0_WD-WX21A514454044540","https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":""},"software_reporter":{"prompt_seed":"20151015","prompt_version":"4.30.1"},"sync":{"remaining_rollback_tries":0}}), Remplacé,[d5466d3b8dfea39319ef90295aaac33d] PUP.Optional.HijackHosts.Gen, C:\WINDOWS\System32\gafs\jecn\pid.dat, En quarantaine, [04175553e6a5af87c868813340c4e21e], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)