cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 29/01/2016
Heure de l'analyse: 16:38
Fichier journal: rapport mbam.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.01.29.04
Base de données de rootkits: v2016.01.20.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Antonin

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 377491
Temps écoulé: 50 min, 25 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 6
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, En quarantaine, [3e2af649b4e5ae88f43b8adac43ea060],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, En quarantaine, [3e2af649b4e5ae88f43b8adac43ea060],
PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, En quarantaine, [3e2af649b4e5ae88f43b8adac43ea060],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [30388bb43f5afe38717307fe4fb517e9],
PUP.Optional.Komodia, HKU\S-1-5-21-2557947956-915253954-3006674449-1001\SOFTWARE\INSTALLPATH\STATUS, En quarantaine, [1355e05ff1a81a1ce77d7ec1a36119e7],
PUP.Optional.WinYahoo, HKU\S-1-5-21-2557947956-915253954-3006674449-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [4127ea55cbceaf874d9560a5d82c6b95],

Valeurs du Registre: 7
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://fi.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_47¶m1=1¶m2=f[30388bb43f5afe38717307fe4fb517e9]D4%26b[30388bb43f5afe38717307fe4fb517e9]DIE%26cc[30388bb43f5afe38717307fe4fb517e9]Dfi%26pa[30388bb43f5afe38717307fe4fb517e9]DWinYahoo%26cd[30388bb43f5afe38717307fe4fb517e9]D2XzuyEtN2Y1L1QzuzzyEtAyEzyyByB0D0FtDyDyC0EtAzyyDtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0D0FtC0D0ByBtGyC0F0AzytGtCtByCtCtGtDtC0B0BtG0F0D0D0CyE0EyBzy0EzyyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAyD0FzzyC0CyCtG0CyEtCyEtGyEzyyB0BtG0Bzy0EtDtGzy0AzyyEzzzz0F0FtCtA0F0D2QtN0A0LzuyE%26cr[30388bb43f5afe38717307fe4fb517e9]D334727234%26a[30388bb43f5afe38717307fe4fb517e9]Dwny_tele_15_47%26os[30388bb43f5afe38717307fe4fb517e9]DWindowsEn quarantaineB8.1&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://fi.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_47¶m1=1¶m2=f[32363f00772267cf8e56e91c788cdb25]D4%26b[32363f00772267cf8e56e91c788cdb25]DIE%26cc[32363f00772267cf8e56e91c788cdb25]Dfi%26pa[32363f00772267cf8e56e91c788cdb25]DWinYahoo%26cd[32363f00772267cf8e56e91c788cdb25]D2XzuyEtN2Y1L1QzuzzyEtAyEzyyByB0D0FtDyDyC0EtAzyyDtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0D0FtC0D0ByBtGyC0F0AzytGtCtByCtCtGtDtC0B0BtG0F0D0D0CyE0EyBzy0EzyyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAyD0FzzyC0CyCtG0CyEtCyEtGyEzyyB0BtG0Bzy0EtDtGzy0AzyyEzzzz0F0FtCtA0F0D2QtN0A0LzuyE%26cr[32363f00772267cf8e56e91c788cdb25]D334727234%26a[32363f00772267cf8e56e91c788cdb25]Dwny_tele_15_47%26os[32363f00772267cf8e56e91c788cdb25]DWindowsEn quarantaineB8.1&p={searchTerms}, %4, %5
PUP.Optional.InternetQuickAccess, HKLM\SOFTWARE\POLICIES\CHROMIUM\EXTENSIONINSTALLSOURCES|1, http://ext.internetquickaccess.com/*, En quarantaine, [c99f1a250d8cd561de0c280a788cd32d]
PUP.Optional.InternetQuickAccess, HKLM\SOFTWARE\WOW6432NODE\POLICIES\CHROMIUM\EXTENSIONINSTALLSOURCES|1, http://ext.internetquickaccess.com/*, En quarantaine, [94d4a49b82176ccaecfe032fed17df21]
PUP.Optional.Komodia, HKU\S-1-5-21-2557947956-915253954-3006674449-1001\SOFTWARE\INSTALLPATH\STATUS|FlowsurfCB, P, En quarantaine, [1355e05ff1a81a1ce77d7ec1a36119e7]
PUP.Optional.WinYahoo, HKU\S-1-5-21-2557947956-915253954-3006674449-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://fi.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_47¶m1=1¶m2=f[4127ea55cbceaf874d9560a5d82c6b95]D4%26b[4127ea55cbceaf874d9560a5d82c6b95]DIE%26cc[4127ea55cbceaf874d9560a5d82c6b95]Dfi%26pa[4127ea55cbceaf874d9560a5d82c6b95]DWinYahoo%26cd[4127ea55cbceaf874d9560a5d82c6b95]D2XzuyEtN2Y1L1QzuzzyEtAyEzyyByB0D0FtDyDyC0EtAzyyDtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0D0FtC0D0ByBtGyC0F0AzytGtCtByCtCtGtDtC0B0BtG0F0D0D0CyE0EyBzy0EzyyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAyD0FzzyC0CyCtG0CyEtCyEtGyEzyyB0BtG0Bzy0EtDtGzy0AzyyEzzzz0F0FtCtA0F0D2QtN0A0LzuyE%26cr[4127ea55cbceaf874d9560a5d82c6b95]D334727234%26a[4127ea55cbceaf874d9560a5d82c6b95]Dwny_tele_15_47%26os[4127ea55cbceaf874d9560a5d82c6b95]DWindowsEn quarantaineB8.1&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2557947956-915253954-3006674449-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://fi.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_47¶m1=1¶m2=f[7eead56acdccdb5b479b9d686f958b75]D4%26b[7eead56acdccdb5b479b9d686f958b75]DIE%26cc[7eead56acdccdb5b479b9d686f958b75]Dfi%26pa[7eead56acdccdb5b479b9d686f958b75]DWinYahoo%26cd[7eead56acdccdb5b479b9d686f958b75]D2XzuyEtN2Y1L1QzuzzyEtAyEzyyByB0D0FtDyDyC0EtAzyyDtN0D0Tzu0StCyEtBtDtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyE0D0D0FtC0D0ByBtGyC0F0AzytGtCtByCtCtGtDtC0B0BtG0F0D0D0CyE0EyBzy0EzyyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAyD0FzzyC0CyCtG0CyEtCyEtGyEzyyB0BtG0Bzy0EtDtGzy0AzyyEzzzz0F0FtCtA0F0D2QtN0A0LzuyE%26cr[7eead56acdccdb5b479b9d686f958b75]D334727234%26a[7eead56acdccdb5b479b9d686f958b75]Dwny_tele_15_47%26os[7eead56acdccdb5b479b9d686f958b75]DWindowsEn quarantaineB8.1&p={searchTerms}, %4, %5

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 3
PUP.Optional.Amonetize, C:\Program Files\REACHit, En quarantaine, [482056e99207320414d20e37f70d669a],
PUP.Optional.Amonetize, C:\Program Files\REACHit\packages, En quarantaine, [482056e99207320414d20e37f70d669a],
PUP.Optional.Amonetize, C:\Program Files\REACHit\packages\fe5663fc-fc9d-4c24-904f-1c0af89b213c, En quarantaine, [482056e99207320414d20e37f70d669a],

Fichiers: 34
PUP.Optional.Amonetize, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\bundle_flowsurfcb[2].exe.VIR, En quarantaine, [9bcd4df27f1adb5b72de64e0946d59a7],
PUP.Optional.ConvertAd, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\hnss9a20.tmp.VIR, En quarantaine, [65037ac5d4c50234edccf3676d95748c],
PUP.Optional.Elex, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\ihpmserver.exe.VIR, En quarantaine, [94d4e45b9cfd65d1d5cd94269a676997],
PUP.Optional.ConvertAd, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\jnsm7ddc.tmp.VIR, En quarantaine, [52161b2495042214d1eae27813ef37c9],
PUP.Optional.ConvertAd, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\knsc65ba.tmpfs.VIR, En quarantaine, [4b1d78c7e8b116202973f6e0709129d7],
PUP.Optional.Tuto4PC, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\newversion.exe.VIR, En quarantaine, [105848f7b0e9c6703d1565f1fe02758b],
PUP.Optional.Amonetize, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\reachit.exe.VIR, En quarantaine, [fe6a1d220a8f0234ef311543738da35d],
Adware.EoRezo, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\setup_ospd_us[1].exe.VIR, En quarantaine, [4f19df60cbce0135cc7811bbbd4404fc],
PUP.Optional.SoftwareUpdater, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\updater.exe.VIR, En quarantaine, [f672ea55ecade45273d6f64f24dc9f61],
PUP.Optional.ConvertAd, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\vopackage[1].exe.VIR, En quarantaine, [78f00c336b2ea1954458983e728f7e82],
PUP.Optional.CheckOffer, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\vuupc_vo2_8907[1].exe.VIR, En quarantaine, [204882bd1f7a3ef85d096ba32fd2629e],
PUP.Optional.BrowseFox, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\{15b38a02-7a0f-4a33-8739-ecaf7ea3f55a}gw64.sys.VIR, En quarantaine, [0e5a37083e5bc670a7ac3dafbe464fb1],
PUP.Optional.ConvertAd, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\32444335-1454072206-3036-464b-8434977df056.DIR\vnsm4CB0.tmp, En quarantaine, [9ccc142b9cfd3ff719839145f70ada26],
PUP.Optional.Elex, C:\Users\Antonin\AppData\Roaming\ZHP\Quarantine\raydld.DIR\Raydld.exe, En quarantaine, [3b2d1827693075c14f5608b281808977],
PUP.Optional.ConvertAd, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RSOIVQP.tmp, En quarantaine, [e68272cda7f2320445d48f44f60be818],
Adware.AdLoad, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RC95THB.tmp, En quarantaine, [70f8cc73e5b4fd395a93588619e8d42c],
PUP.Optional.Komodia.WnskRST, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RI3X3BK.tmp, En quarantaine, [aabefe410891fe38c71f23a508f957a9],
Adware.MaxDriver, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$R3O8970.tmp, En quarantaine, [491f3c030b8e8caa95c1863b32d2718f],
PUP.Optional.ConvertAd, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RG9VI0O.tmp, En quarantaine, [f7710b346c2de353e7eb88384fb503fd],
Adware.EoRezo, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RZIX2Z5.tmp, En quarantaine, [c5a30b348514072f5fe5be0e58a9b24e],
PUP.Optional.ConvertAd, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$R84JKS8.tmp, En quarantaine, [3236330cc0d938fe5200580b12f023dd],
PUP.Optional.ConvertAd, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$ROZMMHR.tmp, En quarantaine, [1652152ad3c6d462c2be7ae9d62cc23e],
PUP.Optional.CheckOffer, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RACRSZU.tmp, En quarantaine, [86e2e956eeab102686e030deb64b32ce],
Adware.ConvertAd, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RAS34A9.tmp, En quarantaine, [e28699a6732605318790f3ca71937e82],
Adware.EoRezo.Gen, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$R8FI8TJ.tmp\569.exe, En quarantaine, [e880a39cc2d78fa75d20725f27dabc44],
PUP.Optional.Tuto4PC, C:\$Recycle.Bin\S-1-5-21-2557947956-915253954-3006674449-1001\$RR9OT6J\newversion.exe, En quarantaine, [3830f946ff9ad95d3022dd798f71c739],
Trojan.Vundo, C:\Windows\SysWOW64\ddrawt.dll, En quarantaine, [9ace7ac514858fa7b334b1f1966b827e],
PUP.Optional.InternetQuickAccess, C:\Users\Antonin\AppData\Local\Chromium\Application\chrome.exe, En quarantaine, [9fc9d966792092a403b399b1ab56619f],
RiskWare.IStealer, C:\Windows\KMSAuto.exe, En quarantaine, [095fd16e0f8a0b2bab1134118a78b44c],
PUP.Optional.InstallCore, C:\Users\Antonin\Desktop\Jeux\trackmania-nations.exe, En quarantaine, [6cfc0b349efb013589ba79da8d74cb35],
PUP.Optional.Amonetize, C:\Program Files\REACHit\config.conf, En quarantaine, [482056e99207320414d20e37f70d669a],
PUP.Optional.Amonetize, C:\Program Files\REACHit\REACHit.exe.config, En quarantaine, [482056e99207320414d20e37f70d669a],
PUP.Optional.Amonetize, C:\Program Files\REACHit\packages\fe5663fc-fc9d-4c24-904f-1c0af89b213c\clean.exe, En quarantaine, [482056e99207320414d20e37f70d669a],
PUP.Optional.Amonetize, C:\Program Files\REACHit\packages\fe5663fc-fc9d-4c24-904f-1c0af89b213c\clean.exe.config, En quarantaine, [482056e99207320414d20e37f70d669a],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité