Re: Při zapnutí ntb chrome s ruskou stránkou
Napsal: 11 úno 2018 10:11
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 12776,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "OriginWebHelperService.exe",
"name_parent": "",
"pid": 10984,
"path": "C:\\Program Files (x86)\\Origin\\OriginWebHelperService.exe",
"command_line": "\"C:\\Program Files (x86)\\Origin\\OriginWebHelperService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 12992,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "NVIDIA Web Helper.exe",
"name_parent": "nvnodejslauncher.exe",
"pid": 11924,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\NVIDIA Web Helper.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\NVIDIA Web Helper.exe\" index.js",
"pid_parent": 7692,
"path_parent": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\nvnodejslauncher.exe",
"is_64": false
},
{
"name": "conhost.exe",
"name_parent": "NVIDIA Web Helper.exe",
"pid": 8416,
"path": "C:\\Windows\\System32\\conhost.exe",
"command_line": "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0x4",
"pid_parent": 11924,
"path_parent": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\NVIDIA Web Helper.exe",
"is_64": true
},
{
"name": "ApplicationFrameHost.exe",
"name_parent": "svchost.exe",
"pid": 12912,
"path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
"command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "LMS.exe",
"name_parent": "",
"pid": 13408,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 13476,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{7E55A26D-EF95-4A45-9F55-21E52ADF9887}",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "GoogleCrashHandler.exe",
"name_parent": "",
"pid": 13536,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler.exe\"",
"pid_parent": 7564,
"path_parent": "",
"is_64": false
},
{
"name": "GoogleCrashHandler64.exe",
"name_parent": "",
"pid": 13708,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler64.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler64.exe\"",
"pid_parent": 7564,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 8308,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel -p -s tiledatamodelsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 11348,
"path": "",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 14276,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "mfevtps.exe",
"name_parent": "",
"pid": 7348,
"path": "C:\\Windows\\System32\\mfevtps.exe",
"command_line": "\"C:\\Windows\\system32\\mfevtps.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mcapexe.exe",
"name_parent": "",
"pid": 6560,
"path": "C:\\Program Files\\Common Files\\mcafee\\VSCore_15_7\\mcapexe.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\VSCore_15_7\\McApExe.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "McCSPServiceHost.exe",
"name_parent": "",
"pid": 12848,
"path": "C:\\Program Files\\Common Files\\mcafee\\csp\\2.7.371.0\\McCSPServiceHost.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\CSP\\2.7.371.0\\\\McCSPServiceHost.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 6784,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RogueKiller64.exe",
"name_parent": "Explorer.EXE",
"pid": 12560,
"path": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"command_line": "\"C:\\Program Files\\RogueKiller\\RogueKiller64.exe\" ",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "sppsvc.exe",
"name_parent": "",
"pid": 9904,
"path": "C:\\Windows\\System32\\sppsvc.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Start Page",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Start Page",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
16
],
"scan_how_trigger": 16,
"vendors": [
"Tr.Gen"
],
"rule_name": "Firewall",
"view": 256,
"value": "{4A0626F2-B834-4CD5-8692-57B79621F1C1}",
"subkey": "",
"value_old_data": "v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\\Users\\MoonP\\AppData\\Local\\yc\\Application\\yc.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=yc|",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\MoonP\\AppData\\Local\\yc\\Application\\yc.exe",
"path_compressed": "%localappdata%\\yc\\Application\\yc.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Deleted",
"status_choice": 2,
"status_removed": 5
}
],
"tasks": [],
"filesystem": [
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP.AutoIt.Gen"
],
"status_choice": 2,
"processed": [
{
"type": 1,
"name": "En_Laucher.exe",
"path_expanded": "C:\\Games\\SimCity 2013 Offline\\En_Laucher.exe",
"path_compressed": "%SystemDrive%\\Games\\SimCity 2013 Offline\\En_Laucher.exe",
"extra": "",
"md5": "FAFD6B682A929AAD0527FDF62F276E72",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "Deleted",
"status_removed": 1
}
]
}
],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "homepage [https://encrypted.google.com]",
"key": "homepage",
"value": "https://encrypted.google.com"
},
"status_str": "Deleted",
"status_malicious": true,
"status_choice": 2,
"status_removed": 1
},
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "session.startup_urls [https://encrypted.google.com]",
"key": "session.startup_urls",
"value": "https://encrypted.google.com"
},
"status_str": "Deleted",
"status_malicious": true,
"status_choice": 2,
"status_removed": 1
}
],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++\n--- User ---\n[MBR] ef0f557ed2659114be76cfc8c5bba247\n[BSP] 5d9dcb3a1163eae3b7ed518ddcb4f292 : Empty MBR Code\nPartition table:\n0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB\n1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB\n2 - Basic data partition | Offset (sectors): 567296 | Size: 926992 MB\n3 - Basic data partition | Offset (sectors): 1899046912 | Size: 25600 MB\n4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951475712 | Size: 1000 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 12776,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "OriginWebHelperService.exe",
"name_parent": "",
"pid": 10984,
"path": "C:\\Program Files (x86)\\Origin\\OriginWebHelperService.exe",
"command_line": "\"C:\\Program Files (x86)\\Origin\\OriginWebHelperService.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 12992,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "NVIDIA Web Helper.exe",
"name_parent": "nvnodejslauncher.exe",
"pid": 11924,
"path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\NVIDIA Web Helper.exe",
"command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\NVIDIA Web Helper.exe\" index.js",
"pid_parent": 7692,
"path_parent": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\nvnodejslauncher.exe",
"is_64": false
},
{
"name": "conhost.exe",
"name_parent": "NVIDIA Web Helper.exe",
"pid": 8416,
"path": "C:\\Windows\\System32\\conhost.exe",
"command_line": "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0x4",
"pid_parent": 11924,
"path_parent": "C:\\Program Files (x86)\\NVIDIA Corporation\\NvNode\\NVIDIA Web Helper.exe",
"is_64": true
},
{
"name": "ApplicationFrameHost.exe",
"name_parent": "svchost.exe",
"pid": 12912,
"path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
"command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "LMS.exe",
"name_parent": "",
"pid": 13408,
"path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe",
"command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 13476,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{7E55A26D-EF95-4A45-9F55-21E52ADF9887}",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "GoogleCrashHandler.exe",
"name_parent": "",
"pid": 13536,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler.exe\"",
"pid_parent": 7564,
"path_parent": "",
"is_64": false
},
{
"name": "GoogleCrashHandler64.exe",
"name_parent": "",
"pid": 13708,
"path": "C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler64.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\1.3.33.7\\GoogleCrashHandler64.exe\"",
"pid_parent": 7564,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 8308,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel -p -s tiledatamodelsvc",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 11348,
"path": "",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": false
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 14276,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "mfevtps.exe",
"name_parent": "",
"pid": 7348,
"path": "C:\\Windows\\System32\\mfevtps.exe",
"command_line": "\"C:\\Windows\\system32\\mfevtps.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "mcapexe.exe",
"name_parent": "",
"pid": 6560,
"path": "C:\\Program Files\\Common Files\\mcafee\\VSCore_15_7\\mcapexe.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\VSCore_15_7\\McApExe.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "McCSPServiceHost.exe",
"name_parent": "",
"pid": 12848,
"path": "C:\\Program Files\\Common Files\\mcafee\\csp\\2.7.371.0\\McCSPServiceHost.exe",
"command_line": "\"C:\\Program Files\\Common Files\\McAfee\\CSP\\2.7.371.0\\\\McCSPServiceHost.exe\"",
"pid_parent": 904,
"path_parent": "",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 6784,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 596,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RogueKiller64.exe",
"name_parent": "Explorer.EXE",
"pid": 12560,
"path": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"command_line": "\"C:\\Program Files\\RogueKiller\\RogueKiller64.exe\" ",
"pid_parent": 8420,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "sppsvc.exe",
"name_parent": "",
"pid": 9904,
"path": "C:\\Windows\\System32\\sppsvc.exe",
"command_line": "",
"pid_parent": 904,
"path_parent": "",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Start Page",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Start Page",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 256,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
14
],
"scan_how_trigger": 14,
"vendors": [
"PUM.HomePage"
],
"rule_name": "IE Settings",
"view": 512,
"value": "Default_Page_URL",
"subkey": "",
"value_old_data": "http://lenovo17win10.msn.com/?pc=LCTE",
"value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
"path": "HKEY_USERS\\S-1-5-21-2564185752-1118092260-3013568569-1001\\Software\\Microsoft\\Internet Explorer\\Main",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "Replaced (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)",
"status_choice": 2,
"status_removed": 6
},
{
"scan_what": 1,
"scan_how": [
16
],
"scan_how_trigger": 16,
"vendors": [
"Tr.Gen"
],
"rule_name": "Firewall",
"view": 256,
"value": "{4A0626F2-B834-4CD5-8692-57B79621F1C1}",
"subkey": "",
"value_old_data": "v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\\Users\\MoonP\\AppData\\Local\\yc\\Application\\yc.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=yc|",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules",
"extra": "",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "C:\\Users\\MoonP\\AppData\\Local\\yc\\Application\\yc.exe",
"path_compressed": "%localappdata%\\yc\\Application\\yc.exe",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "Deleted",
"status_choice": 2,
"status_removed": 5
}
],
"tasks": [],
"filesystem": [
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP.AutoIt.Gen"
],
"status_choice": 2,
"processed": [
{
"type": 1,
"name": "En_Laucher.exe",
"path_expanded": "C:\\Games\\SimCity 2013 Offline\\En_Laucher.exe",
"path_compressed": "%SystemDrive%\\Games\\SimCity 2013 Offline\\En_Laucher.exe",
"extra": "",
"md5": "FAFD6B682A929AAD0527FDF62F276E72",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "Deleted",
"status_removed": 1
}
]
}
],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "homepage [https://encrypted.google.com]",
"key": "homepage",
"value": "https://encrypted.google.com"
},
"status_str": "Deleted",
"status_malicious": true,
"status_choice": 2,
"status_removed": 1
},
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "session.startup_urls [https://encrypted.google.com]",
"key": "session.startup_urls",
"value": "https://encrypted.google.com"
},
"status_str": "Deleted",
"status_malicious": true,
"status_choice": 2,
"status_removed": 1
}
],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++\n--- User ---\n[MBR] ef0f557ed2659114be76cfc8c5bba247\n[BSP] 5d9dcb3a1163eae3b7ed518ddcb4f292 : Empty MBR Code\nPartition table:\n0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB\n1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB\n2 - Basic data partition | Offset (sectors): 567296 | Size: 926992 MB\n3 - Basic data partition | Offset (sectors): 1899046912 | Size: 25600 MB\n4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951475712 | Size: 1000 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
}
}
}