cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 08/09/2015
Heure de l'analyse: 15:01
Fichier journal: Malwar.txt
Administrateur: Oui

Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.09.08.04
Base de données de rootkits: v2015.08.16.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 8.1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: hamid23

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 300536
Temps écoulé: 20 min, 5 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du registre: 1
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{39E524E5-78EF-4C9F-9FFE-10ED67A71DF5}, En quarantaine, [70045bd2a8e3be78cb8444560ff5e917],

Valeurs du registre: 3
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}, En quarantaine, [581cc5681f6c7fb7ef570073867eb050]
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{39E524E5-78EF-4C9F-9FFE-10ED67A71DF5}|Publisher, Linkury, En quarantaine, [730168c5ff8c0f27086ebae0fb096e92]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-419285452-593801264-3396550427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}, En quarantaine, [96decc61eba0f244c77c75fe6b99a957]

Données du registre: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({ielnksrch}),Remplacé,[cba987a65f2c0f276950c59fc83d09f7]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-419285452-593801264-3396550427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}),Remplacé,[e58f44e9f09bbf77d5deda8a9c69a25e]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-419285452-593801264-3396550427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-Kqei7w-qZ2h2xPhxJFi2lcX9CW1kwL6cQplAvPWqCU39G4ULCcUURV9nBhANM3JtZbk5gaS0LirQ,,, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-Kqei7w-qZ2h2xPhxJFi2lcX9CW1kwL6cQplAvPWqCU39G4ULCcUURV9nBhANM3JtZbk5gaS0LirQ,,),Remplacé,[6113d95490fb94a2753f88dcd92c0000]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-419285452-593801264-3396550427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}),Remplacé,[7bf9b07dc8c3e6502f847be9b154a55b]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-419285452-593801264-3396550427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}),Remplacé,[abc9f83594f7d85ef8bb1c48d92c16ea]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-419285452-593801264-3396550427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ_bNyyAFL3UrQ-S5TMPvw9zAlmczD_e6H2l7akZq4Dopl9kOjAQh-hpel6IeWp5i90rjzML8HwzqzZ-7248orxjelrGPrZBamIrbeRQhMT3TOYl6MDCVMZViyBCDveCBrN4W1vvQ8fQ1gM1ywkwoieiL1Qw,,&q={searchTerms}),Remplacé,[7400aa832566a492991c0c5813f26898]

Dossiers: 2
PUP.Optional.Linkury, C:\Program Files\Common Files\gukg0ndz.0s1, En quarantaine, [70045bd2a8e3be78cb8444560ff5e917],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Mattechs, En quarantaine, [86ee56d7335806309f540893ca3b25db],

Fichiers: 14
PUP.Optional.Bundle, C:\$Recycle.Bin\S-1-5-21-419285452-593801264-3396550427-1001\$RV2NTNB.exe, En quarantaine, [3e36ec412962b086f3d2830ac140fc04],
PUP.Optional.FilterResults, C:\Users\hamid23\AppData\Local\Temp\{5876BAED-D24A-47CA-81B1-DBB7E8F06981}.dll, En quarantaine, [e094a885b7d4a19594ca52488b7afe02],
PUP.Optional.Yontoo.Gen, C:\Users\hamid23\AppData\Local\Temp\{862BDA9A-6A24-4357-B93E-824636954705}.xpi, En quarantaine, [e1938f9ed1babe780cd284253cc513ed],
PUP.Optional.FilterResults, C:\Users\hamid23\AppData\Local\Temp\{C7A5B2F9-420C-4A1A-8FAE-63E690A6C51C}.dll, En quarantaine, [c0b4ce5fe9a2b2843f1fd7c363a24bb5],
PUP.Optional.FilterResults, C:\Users\hamid23\AppData\Local\Temp\{0006B7B2-FED1-4685-8A09-43679D4D1F4D}.dll, En quarantaine, [adc735f8acdf191d2a348416c93c0000],
PUP.Optional.OpenCandy, C:\Users\hamid23\AppData\Local\Temp\HYDA166.tmp.1440796926\HTA\3rdparty\OCSetupHlp.dll, En quarantaine, [87ed26077516092d5985533783820af6],
Spyware.NetVizor, C:\Windows\imglib.dll, En quarantaine, [294b5ecfd9b2bc7a5d324cd0030228d8],
PUP.Optional.Linkury, C:\Program Files\Common Files\gukg0ndz.0s1\InstallationConfiguration.xml, En quarantaine, [70045bd2a8e3be78cb8444560ff5e917],
PUP.Optional.Linkury, C:\Program Files\Common Files\gukg0ndz.0s1\uninstall.exe, En quarantaine, [70045bd2a8e3be78cb8444560ff5e917],
PUP.Optional.Linkury, C:\Program Files\Common Files\gukg0ndz.0s1\uninstall.exe.config, En quarantaine, [70045bd2a8e3be78cb8444560ff5e917],
PUP.Optional.Linkury, C:\Program Files\Common Files\gukg0ndz.0s1\uninstall.ico, En quarantaine, [70045bd2a8e3be78cb8444560ff5e917],
PUP.Optional.Linkury.Gen, C:\Windows\System32\findit.xml, En quarantaine, [0e66d95491fab77f5c3632687193e41c],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Mattechs\ff.HP, En quarantaine, [86ee56d7335806309f540893ca3b25db],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Mattechs\ff.NT, En quarantaine, [86ee56d7335806309f540893ca3b25db],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité