cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 16-02-2016
Heure de l'analyse: 13:43
Fichier journal: ÊÞÑíÑ ÇáÝÍÕ.txt
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.02.16.03
Base de données de rootkits: v2016.02.08.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: adil2

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 348510
Temps écoulé: 15 min, 33 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [540f8bd68415979ff312ea679d6729d7],
PUP.Optional.WinYahoo, HKU\S-1-5-21-2854884304-2718679837-1213723221-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [4c175b06afea89adc93b73de917342be],

Valeurs du Registre: 5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_06¶m1=1¶m2=f[540f8bd68415979ff312ea679d6729d7]D4%26b[540f8bd68415979ff312ea679d6729d7]DIE%26cc[540f8bd68415979ff312ea679d6729d7]Dus%26pa[540f8bd68415979ff312ea679d6729d7]DWincy%26cd[540f8bd68415979ff312ea679d6729d7]D2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0DzzyEtDzzyC0B0EyC0FtN0D0Tzu0StCyDtDtDtN1L2XzutAtFtCzztFtDtFyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtCtBtA0FtC0FtGtDyD0AtBtG0A0A0FtCtGyB0BtA0BtG0B0ByEyDyEtB0E0FtDtByCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByCtC0B0F0CzztGyB0B0FtAtGyEtD0EtCtGzytB0D0CtGtD0AtCyE0CyC0EyBtA0FtD0C2QtN0A0LzuyE%26cr[540f8bd68415979ff312ea679d6729d7]D553550649%26a[540f8bd68415979ff312ea679d6729d7]Dwbf_frmr_16_06%26os_ver[540f8bd68415979ff312ea679d6729d7]D10.0%26os[540f8bd68415979ff312ea679d6729d7]DWindowsEn quarantaineB10En quarantaineBPro&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_06¶m1=1¶m2=f[2c37332e8e0b3ff7c04590c19d67cd33]D4%26b[2c37332e8e0b3ff7c04590c19d67cd33]DIE%26cc[2c37332e8e0b3ff7c04590c19d67cd33]Dus%26pa[2c37332e8e0b3ff7c04590c19d67cd33]DWincy%26cd[2c37332e8e0b3ff7c04590c19d67cd33]D2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0DzzyEtDzzyC0B0EyC0FtN0D0Tzu0StCyDtDtDtN1L2XzutAtFtCzztFtDtFyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtCtBtA0FtC0FtGtDyD0AtBtG0A0A0FtCtGyB0BtA0BtG0B0ByEyDyEtB0E0FtDtByCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByCtC0B0F0CzztGyB0B0FtAtGyEtD0EtCtGzytB0D0CtGtD0AtCyE0CyC0EyBtA0FtD0C2QtN0A0LzuyE%26cr[2c37332e8e0b3ff7c04590c19d67cd33]D553550649%26a[2c37332e8e0b3ff7c04590c19d67cd33]Dwbf_frmr_16_06%26os_ver[2c37332e8e0b3ff7c04590c19d67cd33]D10.0%26os[2c37332e8e0b3ff7c04590c19d67cd33]DWindowsEn quarantaineB10En quarantaineBPro&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2854884304-2718679837-1213723221-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_06¶m1=1¶m2=f[4c175b06afea89adc93b73de917342be]D4%26b[4c175b06afea89adc93b73de917342be]DIE%26cc[4c175b06afea89adc93b73de917342be]Dus%26pa[4c175b06afea89adc93b73de917342be]DWincy%26cd[4c175b06afea89adc93b73de917342be]D2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0DzzyEtDzzyC0B0EyC0FtN0D0Tzu0StCyDtDtDtN1L2XzutAtFtCzztFtDtFyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtCtBtA0FtC0FtGtDyD0AtBtG0A0A0FtCtGyB0BtA0BtG0B0ByEyDyEtB0E0FtDtByCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByCtC0B0F0CzztGyB0B0FtAtGyEtD0EtCtGzytB0D0CtGtD0AtCyE0CyC0EyBtA0FtD0C2QtN0A0LzuyE%26cr[4c175b06afea89adc93b73de917342be]D553550649%26a[4c175b06afea89adc93b73de917342be]Dwbf_frmr_16_06%26os_ver[4c175b06afea89adc93b73de917342be]D10.0%26os[4c175b06afea89adc93b73de917342be]DWindowsEn quarantaineB10En quarantaineBPro&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2854884304-2718679837-1213723221-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_06¶m1=1¶m2=f[550ef46dc0d98da95ea6bd941ee6748c]D4%26b[550ef46dc0d98da95ea6bd941ee6748c]DIE%26cc[550ef46dc0d98da95ea6bd941ee6748c]Dus%26pa[550ef46dc0d98da95ea6bd941ee6748c]DWincy%26cd[550ef46dc0d98da95ea6bd941ee6748c]D2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0DzzyEtDzzyC0B0EyC0FtN0D0Tzu0StCyDtDtDtN1L2XzutAtFtCzztFtDtFyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyDtDtCtBtA0FtC0FtGtDyD0AtBtG0A0A0FtCtGyB0BtA0BtG0B0ByEyDyEtB0E0FtDtByCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtByCtC0B0F0CzztGyB0B0FtAtGyEtD0EtCtGzytB0D0CtGtD0AtCyE0CyC0EyBtA0FtD0C2QtN0A0LzuyE%26cr[550ef46dc0d98da95ea6bd941ee6748c]D553550649%26a[550ef46dc0d98da95ea6bd941ee6748c]Dwbf_frmr_16_06%26os_ver[550ef46dc0d98da95ea6bd941ee6748c]D10.0%26os[550ef46dc0d98da95ea6bd941ee6748c]DWindowsEn quarantaineB10En quarantaineBPro&p={searchTerms}, %4, %5
PUP.Optional.NotChromeRun, HKU\S-1-5-21-2854884304-2718679837-1213723221-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_0032FE2B7025935326FB41F21A44F1F3, "C:\Users\adil2\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session, En quarantaine, [0e558ad74d4c80b6565408edb44f946c]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 0
(Aucun élément malveillant détecté)

Fichiers: 9
PUP.Optional.InstallCore, C:\Users\adil2\AppData\Roaming\0I0M0D1F2W1G1I1F1T1Q1P1C\Format Factory Packages\uninstaller.exe, En quarantaine, [e380b5ac4356c175691f1920c33e44bc],
PUP.Optional.APNToolBar, C:\Users\adil2\AppData\Local\Temp\AskPIP_FF_.exe, En quarantaine, [f46f2b36fc9d3ef8a5e957dfd52c669a],
PUP.Optional.383Media, C:\Users\adil2\AppData\Local\Temp\DRHelper_installFinish.exe, En quarantaine, [bca7471aecadc4729c5a07a541c0e41c],
PUP.Optional.383Media, C:\Users\adil2\AppData\Local\Temp\DRHelper_installStart.exe, En quarantaine, [036020416435ef476294d6d6d62b0bf5],
PUP.Optional.383Media, C:\Users\adil2\AppData\Local\Temp\DRHelper_uninstallComplete.exe, En quarantaine, [c3a04c155a3f95a118debbf150b126da],
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\mrt.js, En quarantaine, [bca77ce511887fb7742e9bc29272cb35],
PUP.Optional.Amonetize.Gen, C:\ProgramData\d25c840a-6815-1\BIT2C9E.tmp, En quarantaine, [a0c3530e712887aff0a607572cd838c8],
PUP.Optional.Amonetize.Gen, C:\ProgramData\d25c840a-7833-0\BIT2E26.tmp, En quarantaine, [550e7be6a8f12610bed81d4127dd639d],
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\components.manifest, Bon : (), Mauvais : (component aab33809-6f9f-45f7-9065-2241f0998415 mrt.js), Remplacé,[4023431e1a7f84b28a40d73c798c34cc]

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité