Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 31/05/2017 Heure de l'analyse: 13:29 Fichier journal: historique analyse malwarebytes.txt Administrateur: Oui Version: 2.2.0.1024 Base de données de programmes malveillants: v2017.05.31.05 Base de données de rootkits: v2017.05.27.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 10 Processeur: x64 Système de fichiers: NTFS Utilisateur: serge Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 301931 Temps écoulé: 6 min, 43 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé Processus: 1 Adware.Elex, C:\Users\serge\AppData\Local\background_fault\aswRD.exe, 2076, Supprimer au redémarrage, [ebc6e13dacfd1c1a69f8973e778a44bc] Modules: 5 Adware.Elex, C:\ProgramData\BIT\BIT.dll, Supprimer au redémarrage, [e8c930ee8029bc7a39b09e80b44c30d0], Adware.Elex, C:\Windows\Temp\hpE846.tmp\SSS.dll, Supprimer au redémarrage, [3f72c25cbdec0b2bd39a1ed83ec2e31d], PUP.Optional.Elex, C:\Users\serge\AppData\Roaming\WinSAPSvc\WinSAP.dll, Supprimer au redémarrage, [cde44cd2ecbdf2448217322311ef1de3], Adware.Elex, C:\Users\serge\AppData\Roaming\WinSAPSvc\WinSAP.dll, Supprimer au redémarrage, [2b86829c5257ae88b3563b2d8b761de3], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\bf.dll, Supprimer au redémarrage, [ebc6e13dacfd1c1a69f8973e778a44bc], Clés du Registre: 12 Adware.Elex, HKLM\SOFTWARE\b`nl{y, En quarantaine, [0ca507178f1a90a6c98ab221af52758b], Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A1DF116-0831-4CC1-93F3-F4631A9E41D0}, Supprimer au redémarrage, [b6fbfc22703914229b95019ca55bcf31], Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Milimili, Supprimer au redémarrage, [535e66b8f7b2ed49c82e8418eb15fe02], Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\b`nl{y, En quarantaine, [11a0d14d44658da90a49f2e13ac7eb15], Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971}, En quarantaine, [3a77110d7c2d5adcdbc0f862de23659b], Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\terana, En quarantaine, [30812fef5554c76fbf3eaf229f627888], PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinSAPSvc, En quarantaine, [cde44cd2ecbdf2448217322311ef1de3], PUP.Optional.Downloader.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FIREFOXDL, En quarantaine, [278af12d7732de587484aabe28d98977], Adware.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APPLEMYSU, En quarantaine, [03ae5ac41297f6409acc8207c140619f], Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\terana, En quarantaine, [ab06f22c9e0b4fe7af3ab41de120da26], Adware.Elex, HKU\.DEFAULT\SOFTWARE\b`nl{y, En quarantaine, [e1d08c92f4b52214301cab28f1107987], Adware.Elex, HKU\S-1-5-18\SOFTWARE\b`nl{y, En quarantaine, [b9f8ff1f5c4d191d0550fad9d32e8b75], Valeurs du Registre: 6 Adware.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0A1DF116-0831-4CC1-93F3-F4631A9E41D0}|Path, \Milimili, Supprimer au redémarrage, [b6fbfc22703914229b95019ca55bcf31] PUP.Optional.Downloader.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FirefoxDL|ImagePath, "C:\Windows\TEMP\hpE846.tmp\QQBrowser.exe" -isvc, En quarantaine, [278af12d7732de587484aabe28d98977] Adware.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ApplemySU|ImagePath, "C:\Windows\TEMP\hpE846.tmp\GoogleUpdats.exe" -r, En quarantaine, [03ae5ac41297f6409acc8207c140619f] Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{565CD4A5-134E-4D5D-904F-8A8C39391547}, v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\MIO\loader\sandiskxsdssda240g_164260468109.dat|Name=QQLive???sandiskxsdssda240g_164260468109.dat|, En quarantaine, [7e335dc1dbce4ee8c5575893a061f709] Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{183CE716-B25A-45B2-977B-71121942191E}, v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\MIO\loader\sandiskxsdssda240g_164260468109.dat|Name=QQLive???sandiskxsdssda240g_164260468109.dat|, En quarantaine, [555cfc22cddc87af51cbc2297b86ef11] Adware.Elex, HKU\S-1-5-21-1464852129-375543038-4221675552-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|background_fault, "C:\Users\serge\AppData\Local\background_fault\aswRD.exe" "C:\Users\serge\AppData\Local\background_fault\bf.dll",background_fault_collector, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc] Données du Registre: 0 (Aucun élément malveillant détecté) Dossiers: 6 Adware.Elex, C:\Windows\Temp\hpE846.tmp, Supprimer au redémarrage, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Program Files (x86)\MIO\loader, En quarantaine, [5d54180609a03bfb09589708d32ee917], Adware.Elex, C:\Program Files (x86)\MIO, En quarantaine, [5d54180609a03bfb09589708d32ee917], Adware.Elex.Generic, C:\Users\serge\AppData\Local\terana, Supprimer au redémarrage, [714022fca2075ed85e93785946bb60a0], Adware.Elex, C:\Users\serge\AppData\Roaming\WinSAPSvc, Supprimer au redémarrage, [2b86829c5257ae88b3563b2d8b761de3], Adware.Elex, C:\Users\serge\AppData\Local\background_fault, Supprimer au redémarrage, [ebc6e13dacfd1c1a69f8973e778a44bc], Fichiers: 50 Adware.Elex, C:\ProgramData\BIT\BIT.dll, Supprimer au redémarrage, [e8c930ee8029bc7a39b09e80b44c30d0], Adware.Elex, C:\Windows\System32\Tasks\Milimili, En quarantaine, [fbb62fef4465171f1994a5fa629ed22e], Adware.Elex, C:\Windows\Temp\hpE846.tmp\Snarer.msi, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\goopdate.dll, Supprimer au redémarrage, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\Americanas.ico, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\aswRD.exe, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\BigFarm.ico, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\big_bang_empire.ico, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\Bmd.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\CasasBahia.ico, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\CJ, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\dat, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\GoogleUpdats.exe, Supprimer au redémarrage, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\kitty1.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\mio.ini, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\psmachine.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\QQBrowser.exe, Supprimer au redémarrage, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\QQBrowserFrame.dll, Supprimer au redémarrage, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\SJ, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\SSS.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\UAC.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\wtup.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\XOBd.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\XOBr.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\xyp, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Windows\Temp\hpE846.tmp\yacqq.dll, En quarantaine, [3f72c25cbdec0b2bd39a1ed83ec2e31d], Adware.Elex, C:\Program Files (x86)\MIO\loader\sandiskxsdssda240g_164260468109.dat, En quarantaine, [5d54180609a03bfb09589708d32ee917], Adware.Elex, C:\Program Files (x86)\MIO\MIO.exe, En quarantaine, [5d54180609a03bfb09589708d32ee917], Adware.Elex.Generic, C:\Users\serge\AppData\Local\terana\terana.dll, Supprimer au redémarrage, [714022fca2075ed85e93785946bb60a0], PUP.Optional.Elex, C:\Users\serge\AppData\Roaming\WinSAPSvc\WinSAP.dll, Supprimer au redémarrage, [cde44cd2ecbdf2448217322311ef1de3], PUP.Optional.Downloader.Generic, C:\Windows\Temp\hpE846.tmp\QQBrowser.exe, Supprimer au redémarrage, [278af12d7732de587484aabe28d98977], Adware.Elex, C:\Users\serge\AppData\Roaming\WinSAPSvc\WinSAP.dll, Supprimer au redémarrage, [2b86829c5257ae88b3563b2d8b761de3], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\7za.dll, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\7za.exe, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\aswRD.exe, Supprimer au redémarrage, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\bf.dll, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\ccv_blob.bin, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\cfsa_blob.bin, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\cfs_blob.bin, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\fcv_blob.bin, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\freebl3.dll, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\icv_blob.bin, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\mozglue.dll, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\nss3.dll, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\nssdbm3.dll, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\QQIme.exe, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\QQImeRegSkin.exe, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\softokn3.dll, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\t, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Adware.Elex, C:\Users\serge\AppData\Local\background_fault\wb_blob.bin, En quarantaine, [ebc6e13dacfd1c1a69f8973e778a44bc], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)