Malwarebytes www.malwarebytes.com -Détails du journal- Date de l'analyse: 14/03/2020 Heure de l'analyse: 19:14 Fichier journal: 9e83b84a-661f-11ea-a00c-38eaa7dfecc5.json -Informations du logiciel- Version: 4.1.0.56 Version de composants: 1.0.848 Version de pack de mise à jour: 1.0.20710 Licence: Gratuit -Informations système- Système d'exploitation: Windows 8.1 Processeur: x64 Système de fichiers: NTFS Utilisateur: SYLVAIN\sylvain -Résumé de l'analyse- Type d'analyse: Analyse des menaces Analyse lancée par: Manuel Résultat: Terminé Objets analysés: 322128 Menaces détectées: 94 Menaces mises en quarantaine: 89 Temps écoulé: 1 h, 3 min, 17 s -Options d'analyse- Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Détection PUM: Détection -Détails de l'analyse- Processus: 3 PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoClient.exe, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoIC.exe, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoService.exe, En quarantaine, 5395, 735215, , , , Module: 5 PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoClient.exe, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoEngine.dll, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoIC.exe, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoService.exe, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\X64\RSENGINEPM_X64.DLL, En quarantaine, 5395, 788612, , , , Clé du registre: 25 PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, En quarantaine, 5395, 757809, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SOFTWARE\Segurazo, En quarantaine, 5395, 709100, 1.0.20710, , ame, PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\BHOAGCEACAKLIMPCEJJOFABNGCJKEBFG, En quarantaine, 430, 773804, , , , PUP.Optional.SearchManager, HKU\S-1-5-21-807545615-2131037709-1446104897-1004\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\BHOAGCEACAKLIMPCEJJOFABNGCJKEBFG, En quarantaine, 430, 773804, , , , PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bhoagceacaklimpcejjofabngcjkebfg, En quarantaine, 430, 773804, 1.0.20710, , ame, PUP.Optional.Groovorio, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\BLMCHFPIMPBBDMGPCIECLABEAFKLJBHM, En quarantaine, 1222, 238915, , , , PUP.Optional.Groovorio, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\blmchfpimpbbdmgpcieclabeafkljbhm, En quarantaine, 1222, 238915, 1.0.20710, , ame, PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NCCFGPAMBOIONIGDPFJMIJHLGMGDBAEL, En quarantaine, 430, 773807, , , , PUP.Optional.SearchManager, HKU\S-1-5-21-807545615-2131037709-1446104897-1004\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NCCFGPAMBOIONIGDPFJMIJHLGMGDBAEL, Supprimer au redémarrage, 430, 773807, , , , PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nccfgpamboionigdpfjmijhlgmgdbael, Supprimer au redémarrage, 430, 773807, 1.0.20710, , ame, PUP.Optional.WinYahoo, HKU\S-1-5-21-807545615-2131037709-1446104897-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, En quarantaine, 245, 254682, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\Segurazo, Supprimer au redémarrage, 5395, 730655, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SOFTWARE\WOW6432NODE\Segurazo, Supprimer au redémarrage, 5395, 709100, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SegurazoIC, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SEGURAZOKD, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SegurazoSvc, Supprimer au redémarrage, 5395, 735215, , , , PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\Segurazo, En quarantaine, 5395, 730655, 1.0.20710, , ame, PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-18\SOFTWARE\WebDiscoverBrowser, Supprimer au redémarrage, 1712, 253912, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SegurazoSvc, En quarantaine, 5395, 713771, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\segurazoclient_RASAPI32, Supprimer au redémarrage, 5395, 709099, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\segurazoclient_RASMANCS, En quarantaine, 5395, 709099, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SegurazoService_RASAPI32, En quarantaine, 5395, 709099, 1.0.20710, , ame, PUP.Optional.Segurazo, HKLM\SOFTWARE\MICROSOFT\TRACING\SegurazoService_RASMANCS, En quarantaine, 5395, 709099, 1.0.20710, , ame, PUP.Optional.Goovario, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B184B685-C3DD-49F1-86EB-25856E443676}, En quarantaine, 6795, 307235, 1.0.20710, , ame, PUP.Optional.Bonanza, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EC6EEB76-A21E-46C4-BAFB-18868CA929A7}, En quarantaine, 5830, 183578, 1.0.20710, , ame, Valeur du registre: 4 PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PLUS-HD-1.6-BG.EXE, En quarantaine, 1939, 260099, 1.0.20710, , ame, PUP.Optional.WinYahoo, HKU\S-1-5-21-807545615-2131037709-1446104897-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, En quarantaine, 245, 254682, 1.0.20710, , ame, PUP.Optional.Goovario, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B184B685-C3DD-49F1-86EB-25856E443676}|PATH, En quarantaine, 6795, 307235, 1.0.20710, , ame, PUP.Optional.Bonanza, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EC6EEB76-A21E-46C4-BAFB-18868CA929A7}|PATH, En quarantaine, 5830, 183578, 1.0.20710, , ame, Données du registre: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Remplacé, 5288, 292819, 1.0.20710, , ame, Flux de données: 0 (Aucun élément malveillant détecté) Dossier: 11 PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\X86, Échec de la suppression, 5395, 788611, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\X64, Échec de la suppression, 5395, 788612, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\AMD64, Échec de la suppression, 5395, 788613, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SEGURAZO, Échec de la suppression, 5395, 788615, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAMDATA\SEGURAZO, Échec de la suppression, 5395, 788616, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\SEGURAZOCLIENT, En quarantaine, 5395, 788617, 1.0.20710, , ame, PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\images, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\USERS\SYLVAIN\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC, En quarantaine, 14985, 731233, 1.0.20710, , ame, PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0, En quarantaine, 14985, 731232, , , , PUP.Optional.FakeCHRMExt.Generic, C:\USERS\SYLVAIN\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD, En quarantaine, 14985, 731232, 1.0.20710, , ame, Fichier: 45 PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\Quarantine\S e g u r a z o A n t i v i r u s.lnk, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\Quarantine\Segurazo.DIR\S e g u r a z o A n t i v i r u s.lnk, En quarantaine, 5395, 735215, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoClient.exe, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoEngine.dll, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoIC.config, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoIC.exe, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoKD.sys, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoService.config, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoService.exe, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoShell64_v102035.dll, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoShell86_v102035.dll, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoTools.dll, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\SegurazoUninstaller.exe, En quarantaine, 5395, 735215, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\rsEngine.config, En quarantaine, 5395, 735216, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\rsEngine.dll, En quarantaine, 5395, 735216, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\rsEngineHelper.exe, En quarantaine, 5395, 735216, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\rsEngineHelper.exe.config, En quarantaine, 5395, 735216, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\rsEngineSDK.dll, En quarantaine, 5395, 735216, 1.0.20710, , ame, PUP.Optional.FakeCHRMExt.Generic, C:\USERS\SYLVAIN\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\JGHILJAAGGLMCDEOPNJKFHCIKJNDDHHC\14.1.4.58_0\MANIFEST.JSON, En quarantaine, 14985, 731233, 1.0.20710, , ame, PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\images\chromium.svg, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\images\shadow.png, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\background.html, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\background.js, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\config.json, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\test.js, En quarantaine, 14985, 731233, , , , PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\jghiljaagglmcdeopnjkfhcikjnddhhc\14.1.4.58_0\tr.js, En quarantaine, 14985, 731233, , , , PUP.Optional.Segurazo, C:\PROGRAM FILES (X86)\SEGURAZO\X64\RSENGINEPM_X64.DLL, En quarantaine, 5395, 788612, 1.0.20710, , ame, PUP.Optional.FakeCHRMExt.Generic, C:\USERS\SYLVAIN\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\EXTENSIONS\NCJBEINGOKDEIMLMOLAGJADDCCFDLKBD\1.0.0.58_0\MANIFEST.JSON, En quarantaine, 14985, 731232, 1.0.20710, , ame, PUP.Optional.FakeCHRMExt.Generic, C:\Users\sylvain\AppData\Local\chromium\User Data\Default\Extensions\ncjbeingokdeimlmolagjaddccfdlkbd\1.0.0.58_0\background.html, En quarantaine, 14985, 731232, , , , PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZO.DIR\SEGURAZOIC.EXE, En quarantaine, 5395, 714543, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZO.DIR\SEGURAZOCLIENT.EXE, En quarantaine, 5395, 765094, 1.0.20710, , ame, Generic.Malware/Suspicious, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\BROWSER.EXE, En quarantaine, 0, 392686, 1.0.20710, , shuriken, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZO.DIR\SEGURAZOSERVICE.EXE, En quarantaine, 5395, 765094, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZO.DIR\SEGURAZOUNINSTALLER.EXE, En quarantaine, 5395, 765094, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZO.DIR\SEGURAZOENGINE.DLL, En quarantaine, 5395, 714174, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZOENGINE.DLL, En quarantaine, 5395, 714174, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZOSERVICE.EXE, En quarantaine, 5395, 765094, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZOUNINSTALLER.EXE, En quarantaine, 5395, 765094, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\ROAMING\ZHP\QUARANTINE\SEGURAZOCLIENT.EXE, En quarantaine, 5395, 765094, 1.0.20710, , ame, PUP.Optional.Segurazo, C:\USERS\SYLVAIN\APPDATA\LOCAL\TEMP\TMPSEC1285521\SEGURAZO.EXE, En quarantaine, 5395, 765094, 1.0.20710, , ame, Backdoor.Bot, C:\USERS\SYLVAIN\APPDATA\LOCAL\TEMP\MXUMYECD.ZIP.PART, En quarantaine, 3525, 495225, 1.0.20710, , ame, Generic.Malware/Suspicious, C:\USERS\SYLVAIN\APPDATA\LOCAL\TEMP\Y1OGS7PV.ZIP.PART, En quarantaine, 0, 392686, 1.0.20710, , shuriken, Backdoor.Bot, C:\USERS\SYLVAIN\APPDATA\LOCAL\TEMP\G3QE1DU6.ZIP.PART, En quarantaine, 3525, 495225, 1.0.20710, , ame, Adware.InstallCore, C:\USERS\SYLVAIN\DOWNLOADS\JAVASETUP_0519149612.EXE, En quarantaine, 495, 621826, 1.0.20710, , ame, PUP.Optional.Iminent, C:\WINDOWS\INSTALLER\A79D5B.MSI, En quarantaine, 87, 76684, 1.0.20710, , ame, Secteur physique: 0 (Aucun élément malveillant détecté) WMI: 0 (Aucun élément malveillant détecté) (end)