Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes
www.malwarebytes.com
-Détails du journal-
Date de l'analyse: 18/12/2016
Heure de l'analyse: 21:05
Fichier journal: mbam.txt
Administrateur: Oui
-Informations du logiciel-
Version: 3.0.4.1269
Version de composants: 1.0.39
Version de pack de mise à jour: 1.0.781
Licence: Essai
-Informations système-
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: DESKTOP-QUO032J\jacqu
-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 296295
Temps écoulé: 8 min, 36 s
-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
-Détails de l'analyse-
Processus: 1
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe, En quarantaine, [3978], [181972],1.0.781
Module: 2
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll, En quarantaine, [3978], [181972],1.0.781
Clé du registre: 2
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}\InprocServer32, En quarantaine, [3978], [181972],1.0.781
Valeur du registre: 0
(Aucun élément malveillant détecté)
Flux de données: 0
(Aucun élément malveillant détecté)
Dossier: 12
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\PROGRAMDATA\Microsoft\Performance\Monitor, En quarantaine, [3978], [181972],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\lightbox, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\mbchx, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\img, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\USERS\JACQU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.StartPage, C:\USERS\JACQU\APPDATA\ROAMING\BROWSERMODULE, En quarantaine, [78], [335017],1.0.781
Fichier: 31
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\zepplauncher.mif, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp32E0.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp4251.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp54EC.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp576A.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp576A.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6813.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6E89.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6E89.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp7B8C.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp9067.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp9C79.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp9C79.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmpFBEF.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\{57A89880-F394-91E8-792F-82E0730E5578}, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\{EBE4F2C4-AF9B-0080-0B42-090ED7F90DEA}, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll, En quarantaine, [3978], [181972],1.0.781
Ransom.Cerber, C:\USERS\JACQU\APPDATA\ROAMING\STAGNATION.DLL, En quarantaine, [10], [354064],1.0.781
PUP.Optional.WinZipRegistryOptimizer, C:\WZROSETUP_4.6.2.14.EXE, En quarantaine, [893], [335595],1.0.781
PUP.Optional.FakeExels, C:\USERS\JACQU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG\52.0_0\MANIFEST.JSON, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\css\options.css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\css\popup.css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\img\icon19.png, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\lightbox\lightbox.css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\mbchx\rgpvokjeg_.png, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\background.js, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\popup.html, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\svzal.js, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.StartPage, C:\USERS\JACQU\APPDATA\ROAMING\BROWSERMODULE\COMPONENT.LOG, En quarantaine, [78], [335017],1.0.781
Secteur physique: 0
(Aucun élément malveillant détecté)
(end)
www.malwarebytes.com
-Détails du journal-
Date de l'analyse: 18/12/2016
Heure de l'analyse: 21:05
Fichier journal: mbam.txt
Administrateur: Oui
-Informations du logiciel-
Version: 3.0.4.1269
Version de composants: 1.0.39
Version de pack de mise à jour: 1.0.781
Licence: Essai
-Informations système-
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: DESKTOP-QUO032J\jacqu
-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 296295
Temps écoulé: 8 min, 36 s
-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
-Détails de l'analyse-
Processus: 1
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe, En quarantaine, [3978], [181972],1.0.781
Module: 2
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll, En quarantaine, [3978], [181972],1.0.781
Clé du registre: 2
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}\InprocServer32, En quarantaine, [3978], [181972],1.0.781
Valeur du registre: 0
(Aucun élément malveillant détecté)
Flux de données: 0
(Aucun élément malveillant détecté)
Dossier: 12
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\cache, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\data, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\PROGRAMDATA\Microsoft\Performance\Monitor, En quarantaine, [3978], [181972],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\lightbox, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\mbchx, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\img, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\USERS\JACQU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.StartPage, C:\USERS\JACQU\APPDATA\ROAMING\BROWSERMODULE, En quarantaine, [78], [335017],1.0.781
Fichier: 31
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\SecurityCache\zepplauncher.mif, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp32E0.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp4251.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp54EC.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp576A.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp576A.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6807.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6813.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6E89.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6E89.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp7B8C.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp9067.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp9C79.exe, En quarantaine, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp9C79.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\tmpFBEF.tmp, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\{57A89880-F394-91E8-792F-82E0730E5578}, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\temp\{EBE4F2C4-AF9B-0080-0B42-090ED7F90DEA}, Supprimer au redémarrage, [3978], [181972],1.0.781
Trojan.SathurBot, C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll, En quarantaine, [3978], [181972],1.0.781
Ransom.Cerber, C:\USERS\JACQU\APPDATA\ROAMING\STAGNATION.DLL, En quarantaine, [10], [354064],1.0.781
PUP.Optional.WinZipRegistryOptimizer, C:\WZROSETUP_4.6.2.14.EXE, En quarantaine, [893], [335595],1.0.781
PUP.Optional.FakeExels, C:\USERS\JACQU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG\52.0_0\MANIFEST.JSON, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\css\options.css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\css\popup.css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\img\icon19.png, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\lightbox\lightbox.css, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\mbchx\rgpvokjeg_.png, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\background.js, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\popup.html, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.FakeExels, C:\Users\jacqu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\52.0_0\svzal.js, En quarantaine, [1914], [335034],1.0.781
PUP.Optional.StartPage, C:\USERS\JACQU\APPDATA\ROAMING\BROWSERMODULE\COMPONENT.LOG, En quarantaine, [78], [335017],1.0.781
Secteur physique: 0
(Aucun élément malveillant détecté)
(end)