cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 27/11/2015
Heure de l'analyse: 20:15
Fichier journal: malware 1.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2015.11.27.03
Base de données de rootkits: v2015.11.26.01
Licence: Premium
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7
Processeur: x86
Système de fichiers: NTFS
Utilisateur: mokhtar

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 275584
Temps écoulé: 14 min, 15 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 12
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer.exe, 1972, Supprimer au redémarrage, [18e77012deada591933732660001d12f]
PUP.Optional.BrowseFox, C:\Program Files\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater.exe, 464, Supprimer au redémarrage, [a35c661c5932f145feccb9dfb84956aa]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\5\Plugin.exe, 3264, Supprimer au redémarrage, [42bd9de5d8b393a37b4f514744bdec14]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\Plugin.exe, 3624, Supprimer au redémarrage, [a758245e3d4eff3746846e2a1ee3f709]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\Plugin.exe, 4152, Supprimer au redémarrage, [a758245e3d4eff3746846e2a1ee3f709]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3\Plugin.exe, 3588, Supprimer au redémarrage, [b9462b5749426fc7c3079cfc2fd2946c]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3\Plugin.exe, 4160, Supprimer au redémarrage, [b9462b5749426fc7c3079cfc2fd2946c]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\8\Plugin.exe, 3388, Supprimer au redémarrage, [da25136f771484b228a256428081867a]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\10\Plugin.exe, 3208, Supprimer au redémarrage, [669984fe444759dd1caeecacbd442ed2]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\2\Plugin.exe, 3684, Supprimer au redémarrage, [807fc5bd5833c67020aa098f6f92dd23]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\Plugin.exe, 3468, Supprimer au redémarrage, [01feb7cb8704bd7996342b6df1107987]
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\Plugin.exe, 112, Supprimer au redémarrage, [01feb7cb8704bd7996342b6df1107987]

Modules: 2
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{6A670E74-4746-45BE-A4DB-F90E9A627C3B}.dll, Supprimer au redémarrage, [bd42add5cebd1026a32752466e93f709],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{6A670E74-4746-45BE-A4DB-F90E9A627C3B}.dll, Supprimer au redémarrage, [bd42add5cebd1026a32752466e93f709],

Clés du Registre: 13
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr OutrageousDeal, En quarantaine, [18e77012deada591933732660001d12f],
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr OutrageousDeal, En quarantaine, [a35c661c5932f145feccb9dfb84956aa],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\CLSID\{4e2d2bf0-159f-4257-acf0-b1f29b376fa0}, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{4E7249F6-3124-4E09-BCA9-AE2B09F3D83E}, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{3A69CDF2-B56C-48D3-BB9B-ED2925AEE772}, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\CLSID\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}\INPROCSERVER32, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.Yontoo, HKU\S-1-5-21-2979795745-1785052217-4006304920-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.Yontoo, HKU\S-1-5-21-2979795745-1785052217-4006304920-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E2D2BF0-159F-4257-ACF0-B1F29B376FA0}, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, En quarantaine, [35ca433fa4e782b4b1185bc3fa0807f9],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, En quarantaine, [2fd0e2a0ec9fde581cb161bde41efe02],
PUP.Optional.BrowseFox, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Outrageous Deal, En quarantaine, [a45b5d25f794191de2e81880b64ba759],
PUP.Optional.Yontoo, HKLM\SOFTWARE\OutrageousDeal, En quarantaine, [78878200e2a9cc6a1df460878c77e020],

Valeurs du Registre: 2
PUP.Optional.PluginContainer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr OutrageousDeal|ImagePath, "C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer.exe", En quarantaine, [629df2901378bc7a6aceb6e207fc35cb]
PUP.Optional.Updater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr OutrageousDeal|ImagePath, "C:\Program Files\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater.exe", En quarantaine, [9768255d7e0dcd697eaad9d1ae55a55b]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 21
PUP.Optional.OpenCandy, C:\Users\mokhtar\AppData\Roaming\OpenCandy, En quarantaine, [e31cc0c2711a74c2f0590559f30ff10f],
PUP.Optional.OpenCandy, C:\Users\mokhtar\AppData\Roaming\OpenCandy\8A0D45655A5946E189C4E4CD9C288798, En quarantaine, [e31cc0c2711a74c2f0590559f30ff10f],
PUP.Optional.OpenCandy, C:\Users\mokhtar\AppData\Roaming\OpenCandy\B44800ED89DF47A39B4DDF833530AF56, En quarantaine, [e31cc0c2711a74c2f0590559f30ff10f],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer, En quarantaine, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\10, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\resources, En quarantaine, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\2, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\5, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\resources, En quarantaine, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\8, Supprimer au redémarrage, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\Program Files\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98, Supprimer au redémarrage, [21deef93d7b47eb860d6751ed42e827e],
PUP.Optional.Yontoo, C:\Program Files\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater, En quarantaine, [21deef93d7b47eb860d6751ed42e827e],
PUP.Optional.Yontoo, C:\Program Files\Outrageous Deal, En quarantaine, [08f7fc861477a393f93e40533dc55ba5],
PUP.Optional.Yontoo, C:\Program Files\Outrageous Deal\Extensions, En quarantaine, [08f7fc861477a393f93e40533dc55ba5],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeaimpbmgoebdpmgioiiafncgmfmpcpd\1.0.5807.31455_0, En quarantaine, [7c837b07e4a74ee89f3398fced179e62],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeaimpbmgoebdpmgioiiafncgmfmpcpd, En quarantaine, [7c837b07e4a74ee89f3398fced179e62],

Fichiers: 34
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugincontainer.exe, Supprimer au redémarrage, [18e77012deada591933732660001d12f],
PUP.Optional.BrowseFox, C:\Program Files\Common Files\65ad47d7-2e27-4a5c-b238-26643fdaeb98\updater.exe, Supprimer au redémarrage, [a35c661c5932f145feccb9dfb84956aa],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\5\Plugin.exe, Supprimer au redémarrage, [42bd9de5d8b393a37b4f514744bdec14],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\Plugin.exe, Supprimer au redémarrage, [a758245e3d4eff3746846e2a1ee3f709],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\3\Plugin.exe, Supprimer au redémarrage, [b9462b5749426fc7c3079cfc2fd2946c],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\8\Plugin.exe, Supprimer au redémarrage, [da25136f771484b228a256428081867a],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\10\Plugin.exe, Supprimer au redémarrage, [669984fe444759dd1caeecacbd442ed2],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\2\Plugin.exe, Supprimer au redémarrage, [807fc5bd5833c67020aa098f6f92dd23],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\Plugin.exe, Supprimer au redémarrage, [01feb7cb8704bd7996342b6df1107987],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{6A670E74-4746-45BE-A4DB-F90E9A627C3B}.dll, Supprimer au redémarrage, [bd42add5cebd1026a32752466e93f709],
PUP.Optional.Yontoo, C:\Program Files\Outrageous Deal\Extensions\4e2d2bf0-159f-4257-acf0-b1f29b376fa0.dll, En quarantaine, [32cd98ea94f76acc6c36ee630df5a15f],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\12\resources\plugin.dll, En quarantaine, [47b8f38ff398e155e1e9a8f0c1408779],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\resources\38.0.5.dll, En quarantaine, [47b888fa4645ea4c64662078fc058878],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\resources\39.0.0.dll, En quarantaine, [916e028096f568ce5674d4c4ed14d828],
PUP.Optional.BrowseFox, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\plugins\7\resources\40.0.0.dll, En quarantaine, [d12e067c2269e2548f3b0098b74ac739],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Roaming\OpenCandy\8A0D45655A5946E189C4E4CD9C288798\setup.exe, En quarantaine, [02fd344e0b80191dbb0f3b5d9a67b64a],
PUP.Optional.BrowseFox, C:\Program Files\Outrageous Deal\Uninstaller.exe, En quarantaine, [a45b5d25f794191de2e81880b64ba759],
PUP.Optional.Genieo, C:\Users\mokhtar\AppData\Local\Temp\InstallGenieo.exe, En quarantaine, [f609433f206bb5813eaa71b89e63f30d],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{0658E6F4-438D-4A1C-9B1E-7AF0EA5DF58A}.dll, En quarantaine, [f8075a284e3d40f693370f897988f709],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{0CCEDF15-F1E0-4F4D-9FAC-1D9449A8CCDB}.dll, En quarantaine, [50af0a7823688da9745613856d94af51],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{598B26BC-DFAE-4B7F-BD8E-992D1EC871C6}.dll, En quarantaine, [e21deb97048743f327a3702851b09070],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{5C63C255-5F7E-4CAA-821A-3C05A8D89722}.dll, En quarantaine, [4ab53d45b6d5dd59a228a1f7c53cd42c],
PUP.Optional.BrowseFox, C:\Users\mokhtar\AppData\Local\Temp\{A34E5E7D-0FC4-42D3-AE35-97F181903704}.dll, En quarantaine, [37c8750ddcaf1c1a01c99dfb14ed0000],
PUP.Optional.Somoto, C:\Users\mokhtar\AppData\Local\Temp\appshat_generic.exe, En quarantaine, [3ac55c26513a979fe54e1b138779768a],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_outrageousdeal-a.akamaihd.net_0.localstorage, Supprimer au redémarrage, [15ea750de0ab10261df8786f32d151af],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_outrageousdeal-a.akamaihd.net_0.localstorage-journal, Supprimer au redémarrage, [2bd47c06cfbcec4a110405e20bf82ad6],
PUP.Optional.OpenCandy, C:\Users\mokhtar\AppData\Roaming\OpenCandy\B44800ED89DF47A39B4DDF833530AF56\Opera_NI_stable.exe, En quarantaine, [e31cc0c2711a74c2f0590559f30ff10f],
PUP.Optional.Yontoo, C:\ProgramData\65ad47d7-2e27-4a5c-b238-26643fdaeb98\temp, En quarantaine, [d12e057d711af93dc075d2c18181c739],
PUP.Optional.Yontoo, C:\Program Files\Outrageous Deal\7za.exe, En quarantaine, [08f7fc861477a393f93e40533dc55ba5],
PUP.Optional.Yontoo, C:\Program Files\Outrageous Deal\Extensions\oeaimpbmgoebdpmgioiiafncgmfmpcpd.crx, En quarantaine, [08f7fc861477a393f93e40533dc55ba5],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeaimpbmgoebdpmgioiiafncgmfmpcpd\1.0.5807.31455_0\manifest.json, En quarantaine, [7c837b07e4a74ee89f3398fced179e62],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeaimpbmgoebdpmgioiiafncgmfmpcpd\1.0.5807.31455_0\background.js, En quarantaine, [7c837b07e4a74ee89f3398fced179e62],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeaimpbmgoebdpmgioiiafncgmfmpcpd\1.0.5807.31455_0\content.js, En quarantaine, [7c837b07e4a74ee89f3398fced179e62],
PUP.Optional.Yontoo.ChrPRST, C:\Users\mokhtar\AppData\Roaming\Opera Software\Opera Stable\Extensions\oeaimpbmgoebdpmgioiiafncgmfmpcpd\1.0.5807.31455_0\icon.png, En quarantaine, [7c837b07e4a74ee89f3398fced179e62],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité