cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 14/10/2015
Heure de l'analyse: 20:07
Fichier journal: analyse.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2015.10.14.05
Base de données de rootkits: v2015.10.06.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Romain

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 381635
Temps écoulé: 28 min, 30 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 11
PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.7-chromeinstaller, , [776670e6226981b565062d502bd8fc04],
PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.7-codedownloader, , [ca1374e2c5c63402a9c288f505fe11ef],
PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.7-enabler, , [ebf2f660e6a5d85e1259cbb258aba25e],
PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.7-firefoxinstaller, , [e1fc5ff7ee9d4cea93d8304d11f2fd03],
PUP.Optional.Feven, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Feven 1.7-updater, , [e3fab0a605867fb74427700d07fce31d],
PUP.Optional.Feven, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.7, , [736a005619724ee8210d6b12aa592cd4],
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1606E9A9-C5ED-4C10-96B8-2E3740513EF5}, , [05d87fd78b006ccaa5f92e49b54e03fd],
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B8A2294-CFC4-4244-B48D-F94FF75AE50B}, , [b9247bdbb8d346f09a03fe79946f8a76],
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B58D434-8B7E-475C-B28E-58FB20850EDF}, , [a03d99bd513aa591aef03b3ca0630ef2],
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{346B7610-4842-4105-9BE9-67691753CD47}, , [08d54a0c870430060d9291e605fed42c],
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4EE04818-BBB4-46C6-BF28-14F443B4779A}, , [2bb2c0961576c76f5f3f2453d42fd22e],

Valeurs du Registre: 5
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1606E9A9-C5ED-4C10-96B8-2E3740513EF5}|AppName, Feven 1.7-enabler.exe-buttonutil.exe, , [05d87fd78b006ccaa5f92e49b54e03fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1b8a2294-cfc4-4244-b48d-f94ff75ae50b}|AppName, Feven 1.7-bg.exe, , [b9247bdbb8d346f09a03fe79946f8a76]
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2b58d434-8b7e-475c-b28e-58fb20850edf}|AppName, Feven 1.7-buttonutil.exe, , [a03d99bd513aa591aef03b3ca0630ef2]
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{346b7610-4842-4105-9be9-67691753cd47}|AppName, Feven 1.7-codedownloader.exe, , [08d54a0c870430060d9291e605fed42c]
PUP.Optional.CrossRider, HKU\S-1-5-21-164933824-2424214792-3371718756-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4EE04818-BBB4-46C6-BF28-14F443B4779A}|AppName, Feven 1.7-enabler.exe-buttonutil.exe, , [2bb2c0961576c76f5f3f2453d42fd22e]

Données du Registre: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[33aac5913e4d22142a0f6cd2f80c817f]

Dossiers: 3
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\_metadata, , [7c6192c41c6f3ff7172c61f9d032c33d],

Fichiers: 12
PUP.Optional.Yontoo, C:\Users\Romain\AppData\Local\Temp\{0CAAB728-2A3B-4232-8730-3E28A4124563}.dll, , [f5e800561c6fea4c7ad9374ac63bd32d],
PUP.Optional.SaveFrom, C:\Users\Romain\AppData\Roaming\Mozilla\Firefox\Profiles\tomcvoa9.default\extensions\helper-sig@savefrom.net.xpi, , [6b727bdb4348d85e1fc37f36ef145ba5],
PUP.Optional.Yontoo, C:\Users\Romain\AppData\Roaming\Mozilla\Firefox\Profiles\tomcvoa9.default\extensions\{e50734d7-2d31-4fac-884e-090d45a071a4}.xpi, , [e9f4a1b5bad191a5b4d0e8d26d964bb5],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\background.js, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\bookmarklet.js, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\icon-128.png, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\icon-16.png, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\icon-48.png, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\manifest.json, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\_metadata\computed_hashes.json, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.Feven, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\0.1_0\_metadata\verified_contents.json, , [7c6192c41c6f3ff7172c61f9d032c33d],
PUP.Optional.WinYahoo, C:\Users\Romain\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Bon : ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Mauvais : ("session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/","https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_42¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dfr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EtDyCzyzyyD0D0ByE0EyBtA0Dzy0A0EtN0D0Tzu0StCtAzztDtN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCzzzy0CzztDtB0DtGtBtAyEtDtGyBtC0EtBtGtC0Fzy0EtG0B0CyDyCtD0D0E0AyEyB0BtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByByEyCzy0DyDtBtGtD0D0F0EtGyE0C0DzztG0AtC0C0DtGtByDzyyDyBtDyD0C0DyC0CyD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzytD%26cr%3D2088615861%26a%3Dwncy_sumalq_15_42%26os%3DWindows,[a637abab90fb033317c55c0f4db7e719]B7,[a637abab90fb033317c55c0f4db7e719]BHome,[a637abab90fb033317c55c0f4db7e719]BPremium"]},"sync":{"remaining_rollback_tries":0}}), %5

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité