Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 30/10/2016
Heure de l'analyse: 17:52
Fichier journal: Rapport_malware.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.10.30.08
Base de données de rootkits: v2016.09.26.02
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Laurence

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 390166
Temps écoulé: 12 min, 15 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 1
PUP.Optional.SafeGuard.ChrPRST, C:\Program Files (x86)\XBox\XBLive.exe, 3068, Supprimer au redémarrage, [67f92976faa0eb4b42802da4f90908f8]

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 23
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}, En quarantaine, [b7a92c7348525cdaf25dcacc7191ff01], 
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , En quarantaine, [3d232e717426c86e859f8039cb38e11f], 
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, En quarantaine, [0d53bee17426d165628889547d869e62], 
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, En quarantaine, [64fcbee1dac0c1757e6db4299172a25e], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BROWSEMNGR.EXE, En quarantaine, [6bf5f3acc5d54bebaa40ced763a05ea2], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLTMNGSVC.EXE, En quarantaine, [a6ba39661d7da88e07eac2e3956ee61a], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RJATYDIMOFU.EXE, En quarantaine, [7be52877673371c539e412948f7437c9], 
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder sat, En quarantaine, [1c444f503763cd6903ab9a3c2ad89d63], 
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder sun, En quarantaine, [de827d22e8b262d43975f1e5d9292fd1], 
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder05, En quarantaine, [0c54148b4852c571921c9442689a6d93], 
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder24, En quarantaine, [213f9d0223776accf9b5a82e7b87cc34], 
PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\RELTEK, En quarantaine, [4b15940bc7d3132328d559904eb5639d], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BROWSEMNGR.EXE, En quarantaine, [b9a7633cdcbe38fec02a7332db2838c8], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLTMNGSVC.EXE, En quarantaine, [71ef1f80d0ca59dd6091edb8f50e51af], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RJATYDIMOFU.EXE, En quarantaine, [f16fecb3b3e7ce688b926d39ed1649b7], 
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, En quarantaine, [d987425decae42f4e97c05d69b6710f0], 
PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\RELTEK, En quarantaine, [fb653b6457434aecec1198519f642dd3], 
PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX, En quarantaine, [67f92976faa0eb4b42802da4f90908f8], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz071020151013, En quarantaine, [253b465959412e0860e4459e30d3857b], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{827EAF42-00E9-4F9E-A5B7-659003D501A1}, En quarantaine, [dd8336690793aa8cad76abea699ab54b], 
PUP.Optional.Gameo, HKU\S-1-5-21-3598442851-1422663116-1831931895-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\EA9A5B7C_0, En quarantaine, [352bffa0128865d169c3aa296b979868], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-3598442851-1422663116-1831931895-1001\SOFTWARE\{827EAF42-00E9-4F9E-A5B7-659003D501A1}, En quarantaine, [00604b54f5a5cd691e05d0c5d033c13f], 
PUP.Optional.VBates, HKU\S-1-5-21-3598442851-1422663116-1831931895-1001_Classes\SOFTWARE\{827EAF42-00E9-4F9E-A5B7-659003D501A1}, En quarantaine, [6000cdd2cbcfe74f17fbf6fa4bb8b34d], 

Valeurs du Registre: 21
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130888064817406544, En quarantaine, [7de35c43bbdf55e1ba69dddc53b0b44c]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130888064817406544, En quarantaine, [322e940bf8a2a59102217e3b3ac9cb35]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130888064817406544, En quarantaine, [49174956930793a39d86bdfc00032fd1]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130888064817406544, En quarantaine, [2e32c1deaded191dd54e368351b218e8]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130888064817406544, En quarantaine, [e67a6b34e6b4f24469ba9722e122768a]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130888064817406544, En quarantaine, [144c46596139d95d28fbc1f809fa59a7]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130888064817406544, En quarantaine, [3d232e717426c86e859f8039cb38e11f]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BROWSEMNGR.EXE|debugger, tasklist.exe, En quarantaine, [6bf5f3acc5d54bebaa40ced763a05ea2]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLTMNGSVC.EXE|debugger, En quarantaine, [a6ba39661d7da88e07eac2e3956ee61a], 
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RJATYDIMOFU.EXE|debugger, tasklist.exe, En quarantaine, [7be52877673371c539e412948f7437c9]
PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\RELTEK|channel, egg3, En quarantaine, [4b15940bc7d3132328d559904eb5639d]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BROWSEMNGR.EXE|debugger, tasklist.exe, En quarantaine, [b9a7633cdcbe38fec02a7332db2838c8]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLTMNGSVC.EXE|debugger, En quarantaine, [71ef1f80d0ca59dd6091edb8f50e51af], 
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RJATYDIMOFU.EXE|debugger, tasklist.exe, En quarantaine, [f16fecb3b3e7ce688b926d39ed1649b7]
PUP.Optional.DeskTopPlay, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dply_en_042010109, En quarantaine, [abb54956b3e749ed862af9c49f64e719], 
PUP.Optional.Navegaki.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\RELTEK|channel, egg3, En quarantaine, [fb653b6457434aecec1198519f642dd3]
PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX|ImagePath, C:\Program Files (x86)\XBox\XBLive.exe, En quarantaine, [67f92976faa0eb4b42802da4f90908f8]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-18\SOFTWARE\{827EAF42-00E9-4F9E-a5B7-659003D501A1}|Name, C:\Program Files\shopperz071020151013\Abeogfie.exe, En quarantaine, [dd8336690793aa8cad76abea699ab54b]
PUP.Optional.Gameo, HKU\S-1-5-21-3598442851-1422663116-1831931895-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\ea9a5b7c_0, {2}.\\?\hdaudio#func_01&ven_14f1&dev_506e&subsys_17aaa001&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\rearlineouttopo/00010001|\Device\HarddiskVolume5\Users\Laurence\AppData\Roaming\Gameo\gameo.exe%b{00000000-0000-0000-0000-000000000000}, En quarantaine, [352bffa0128865d169c3aa296b979868]
PUP.Optional.Shopperz.BrwsrFlsh, HKU\S-1-5-21-3598442851-1422663116-1831931895-1001\SOFTWARE\{827EAF42-00E9-4F9E-a5B7-659003D501A1}|Name, C:\Program Files\shopperz071020151013\Abeogfie.exe, En quarantaine, [00604b54f5a5cd691e05d0c5d033c13f]
PUP.Optional.VBates, HKU\S-1-5-21-3598442851-1422663116-1831931895-1001_Classes\SOFTWARE\{827EAF42-00E9-4F9E-a5B7-659003D501A1}|Name, C:\Program Files\shopperz071020151013\Abeogfie.exe, En quarantaine, [6000cdd2cbcfe74f17fbf6fa4bb8b34d]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 4
PUP.Optional.VBates, C:\Users\Laurence\AppData\LocalLow\Company\Product\1.0, En quarantaine, [243c8c13c7d36cca53d9a321e81b1ee2], 
PUP.Optional.VBates, C:\Users\Laurence\AppData\LocalLow\Company\Product, En quarantaine, [243c8c13c7d36cca53d9a321e81b1ee2], 
PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive\Egg, En quarantaine, [c0a01c8323778aac4ccb35c230d3d030], 
PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive, En quarantaine, [c0a01c8323778aac4ccb35c230d3d030], 

Fichiers: 8
PUP.Optional.OpenCandy, C:\Users\Laurence\AppData\Roaming\uTorrent\updates\3.4.3_40097.exe, En quarantaine, [5709e9b613873105d8c50a5e36cc5fa1], 
PUP.Optional.WinNetSvc, C:\Users\Laurence\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe, En quarantaine, [6ef2c7d829715bdbe6a007a13cc8b54b], 
PUP.Optional.WordShark, C:\Windows\System32\drivers\wsfd_vt_1_10_0_20.sys, En quarantaine, [e977fda28614231369deb876ca37f60a], 
PUP.Optional.WordShark, C:\Windows\System32\drivers\wsfd_vw_1_10_0_20.sys, En quarantaine, [b1af940b643656e0f453b975768b27d9], 
PUP.Optional.VBates, C:\Users\Laurence\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, En quarantaine, [243c8c13c7d36cca53d9a321e81b1ee2], 
PUP.Optional.VBates, C:\Users\Laurence\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, En quarantaine, [243c8c13c7d36cca53d9a321e81b1ee2], 
PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive\Egg\{dx0bfo8z88a6483f8bd3d99958aa5f40160614}.config, En quarantaine, [c0a01c8323778aac4ccb35c230d3d030], 
PUP.Optional.SafeGuard.ChrPRST, C:\Program Files (x86)\XBox\XBLive.exe, Supprimer au redémarrage, [67f92976faa0eb4b42802da4f90908f8], 

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)