cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 28/03/2016
Heure de l'analyse: 10:49
Fichier journal: MalwareBytes.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.03.28.03
Base de données de rootkits: v2016.03.12.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: BRIGITTE

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 491393
Temps écoulé: 59 min, 42 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 17
PUP.Optional.Babylon, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, En quarantaine, [4ad9f499891064d2bbbba42525dd42be],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B6A1C3E-5C55-495E-942C-D891548CC3D9}, En quarantaine, [d64d5538e7b2c0764a0e9a7817ede11f],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A35F83A-7028-4ECF-BF58-DFCD5E8B88C3}, En quarantaine, [24ff5538cfca4de964f20c06d33101ff],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F5194339-2D22-44C6-83A9-DBCE8E282360}, En quarantaine, [b66d632a1e7b81b52235b260bb493bc5],
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, En quarantaine, [8d964845bedbde584b23ac8052b26c94],
Adware.ClickPotato, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\clickpotatolitesa, En quarantaine, [e63d0786a1f89a9ce275c7c57f84c33d],
PUP.Optional.InstallCore, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\InstallCore, En quarantaine, [23002f5e1e7bcc6ab2ed50cfbc485ea2],
PUP.Optional.OfferBox, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\OfferBox, En quarantaine, [48dbaedfefaad660cb96cbc28183fa06],
Adware.ShoppingReports, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\ShoppingReport2, En quarantaine, [6db66c21f1a8d66074c635113cc841bf],
PUP.Optional.SweetIM, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\SweetIM, En quarantaine, [44dfe4a943564beb14a1d66463a1be42],
PUP.Optional.Wajam, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\Wajam, En quarantaine, [40e37419b1e82e084f35ad93020251af],
PUP.Optional.PriceGong, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, En quarantaine, [948ff79601981620682a41ed0ff56997],
PUP.Optional.uTorrentBar, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar_FR, En quarantaine, [f033b5d8c1d86acc6b96f54a778dac54],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PAOPONFHFDFNJGDDPNPJKAMBKCGDAAIB, En quarantaine, [ba69a0edf9a0989e541b5bd659aa7c84],
PUP.Optional.ASK, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{13254928-3DAD-4D5F-8A33-1CAE2C3D3A52}, En quarantaine, [81a23756a8f14fe7af4597fb22e203fd],
PUP.Optional.BProtector, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, En quarantaine, [0122d2bb7e1b35018b82eb1df311e21e],
PUP.Optional.Wajam, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\WOW6432NODE\Wajam, En quarantaine, [b3704a43e2b70a2c7f052b15de26619f],

Valeurs du Registre: 18
PUP.Optional.uTorrentBar, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}, En quarantaine, [0023137a8910a6902df24f8246bc649c],
PUP.Optional.uTorrentBar, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}, ¹î ÷®ŠO—ûƒç°?Ž, En quarantaine, [0023137a8910a6902df24f8246bc649c]
PUP.Optional.uTorrentBar, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}, En quarantaine, [0023137a8910a6902df24f8246bc649c],
PUP.Optional.SweetPacks, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{EEE6C35B-6118-11DC-9C72-001320C79847}, En quarantaine, [051e9fee86134aec92439a3627dbd030],
PUP.Optional.SweetPacks, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{EEE6C35B-6118-11DC-9C72-001320C79847}, ????????, En quarantaine, [051e9fee86134aec92439a3627dbd030]
PUP.Optional.Softomate, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, En quarantaine, [73b0cbc25b3e3006a3943d93897916ea],
PUP.Optional.Softomate, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CA3EB689-8F09-4026-AA10-B9534C691CE0}, En quarantaine, [73b0cbc25b3e3006a3943d93897916ea],
PUP.Optional.uTorrentBar, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}, En quarantaine, [49da7518ff9ab48244dbe9e8b25030d0],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4b6a1c3e-5c55-495e-942c-d891548cc3d9}|AppName, LyricsFinder-codedownloader.exe, En quarantaine, [d64d5538e7b2c0764a0e9a7817ede11f]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6a35f83a-7028-4ecf-bf58-dfcd5e8b88c3}|AppName, LyricsFinder-bg.exe, En quarantaine, [24ff5538cfca4de964f20c06d33101ff]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{f5194339-2d22-44c6-83a9-dbce8e282360}|AppName, LyricsFinder-buttonutil.exe, En quarantaine, [b66d632a1e7b81b52235b260bb493bc5]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\paoponfhfdfnjgddpnpjkambkcgdaaib|path, C:\Users\Hugo\AppData\Local\CRE\paoponfhfdfnjgddpnpjkambkcgdaaib.crx, En quarantaine, [ba69a0edf9a0989e541b5bd659aa7c84]
PUP.Optional.BProtector, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=2AC7BCAEC53114BD&affID=123188&tsp=4995, En quarantaine, [b3702a6337628ea835f1f3804bb9e31d]
PUP.Optional.BProtector, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, En quarantaine, [68bb810c14852e0829fe3b38a163c63a]
PUP.Optional.Babylon, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, http://search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_8_&babsrc=SP_ss&mntrId=2ac74149000000000000bcaec53114bd, En quarantaine, [1310a2eb851487affaf329dc07fd5ea2]
PUP.Optional.Babylon, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, En quarantaine, [aa79afde5643a69024c9bd487193827e]
PUP.Optional.ASK, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{13254928-3DAD-4D5F-8A33-1CAE2C3D3A52}|URL, http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=73B9453C-2777-44B6-8CD4-5895D8234D68&apn_sauid=CAFEF2C5-95A2-4BE7-ABFD-B3F95AFDB604, En quarantaine, [81a23756a8f14fe7af4597fb22e203fd]
PUP.Optional.BabSolution, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NTRedirect, C:\Windows\SysWOW64\rundll32.exe "C:\Users\BRIGITTE\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run, En quarantaine, [62c11c7171287abc29b847be1ce8e51b]

Données du Registre: 1
PUP.Optional.StartPage, HKU\S-1-5-21-46871289-3098888360-3430502543-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=2AC7BCAEC53114BD&affID=123188&tsp=4995, Bon : (www.google.com), Mauvais : (http://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=2AC7BCAEC53114BD&affID=123188&tsp=4995),Remplacé,[091a711c7c1d270f461a6abdb94c32ce]

Dossiers: 4
PUP.Optional.ASK, C:\Users\Hugo\AppData\Local\Temp\APNLogs, En quarantaine, [ca59eaa33465152149d7f13724df8080],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639\xpi, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.ASK.Gen, C:\Users\Hugo\AppData\Local\Temp\APN-Stub, En quarantaine, [82a1f7966732a2944a183edf2ad9cd33],

Fichiers: 18
Trojan.Agent.IDK, C:\Users\BRIGITTE\AppData\Roaming\6C112E00-1424597214-81E0-3555-BCAEC53114BD\jorunasu.exe, En quarantaine, [b56e137a504986b05d4eb3a410f256aa],
PUP.Optional.SweetIM, C:\Users\BRIGITTE\AppData\Roaming\ZHP\Quarantine\simupdater.exe, En quarantaine, [958e5736d3c6fb3b8f18e15e897c01ff],
PUP.Optional.Conduit, C:\Users\Hugo\AppData\Local\Temp\utt3017.tmp.exe, En quarantaine, [091a5c31ebae6dc9a7923be48481ca36],
PUP.Optional.Wajam, C:\Users\Hugo\AppData\Local\Temp\wajam_install.exe, En quarantaine, [cd56c6c78910a492b088f43afd03c43c],
PUP.Optional.Babylon, C:\Users\Hugo\AppData\Local\Temp\toolbar7961947.exe, En quarantaine, [b07349443b5ea78fcb58f239f808649c],
PUP.Optional.Babylon, C:\Users\Hugo\AppData\Local\Temp\is1293846689\MyBabylonTB.exe, En quarantaine, [f033325b3a5f241268bb43e85fa149b7],
PUP.Optional.ASK, C:\Users\Hugo\AppData\Local\Temp\APNLogs\ci.log, En quarantaine, [ca59eaa33465152149d7f13724df8080],
PUP.Optional.ASK, C:\Users\Hugo\AppData\Local\Temp\APNLogs\iw.log, En quarantaine, [ca59eaa33465152149d7f13724df8080],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639\manifest.json, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639\CT2851639.txt, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639\CT2851639.xpi, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639\initData.json, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639\version.txt, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.ConduitTB.Gen, C:\Users\Hugo\AppData\Local\Temp\CT2851639\xpi\install.rdf, En quarantaine, [d251fa938811f442bcb59f9243c003fd],
PUP.Optional.WebTInst, C:\Windows\System32\drivers\Msft_Kernel_webTinstMK_01009.Wdf, En quarantaine, [7fa4e9a451480630a0560e330301b64a],
PUP.Optional.APNToolBar.Gen, C:\Users\Hugo\AppData\Local\Temp\ApnStub.exe, En quarantaine, [2af966271a7fc076c602bbda699b649c],
PUP.Optional.ASK.Gen, C:\Users\Hugo\AppData\Local\Temp\APN-Stub\Stbdceefdac-4ec5-4245-a50e-4e1b1fa1ad13.log, En quarantaine, [82a1f7966732a2944a183edf2ad9cd33],
PUM.Optional.FireFoxSearchOverride, C:\Users\BRIGITTE\AppData\Roaming\mozilla\firefox\Profiles\tnkg34oq.default\user.js, En quarantaine, [e34085089504bd790223490d2ed78d73],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité