cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 09/03/2016
Heure de l'analyse: 01:49
Fichier journal:
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.03.08.08
Base de données de rootkits: v2016.02.27.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 8.1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: hamid-hp

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 312980
Temps écoulé: 19 min, 56 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 3
PUP.Optional.Yontoo, HKLM\SOFTWARE\DiscoverTreasure, En quarantaine, [b7a1ef962c6d39fd8fff9780f50eba46],
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [9dbb2c593c5deb4b45cd2de308fbb24e],
PUP.Optional.YesSearches, HKU\S-1-5-21-2449221417-146016851-1928103234-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [1345f98c9009c076238aef8956aeca36],

Valeurs du Registre: 10
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBX0kCHEnAk..&v=20160202&uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&mode=ffsengext, En quarantaine, [9dbb2c593c5deb4b45cd2de308fbb24e]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBX0kCHEnAk..&v=20160202&uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&mode=ffsengext, En quarantaine, [eb6d3253f3a60d291002759b41c216ea]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&q={searchTerms}&ts=AHEpBX0kCHEnAk..&v=20160202&mode=ffsengext, En quarantaine, [c0985e27980139fd739f47c9f70cb947]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&ts=AHEpBX0kCHEnAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [461211747b1e67cfa46ec7493bc8be42]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://stop-block.org/wpad.dat?96c1b95a782008cf5d15a7aabe8fecc56580923, En quarantaine, [98c0711453468caa9c783b443aca7d83]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2449221417-146016851-1928103234-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://stop-block.org/wpad.dat?96c1b95a782008cf5d15a7aabe8fecc56580923, En quarantaine, [0b4d681d0198d363cf20d0a9f50fee12]
PUP.Optional.YesSearches, HKU\S-1-5-21-2449221417-146016851-1928103234-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBX0kCHEnAk..&v=20160202&uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&mode=ffsengext, En quarantaine, [1345f98c9009c076238aef8956aeca36]
PUP.Optional.YesSearches, HKU\S-1-5-21-2449221417-146016851-1928103234-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBX0kCHEnAk..&v=20160202&uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&mode=ffsengext, En quarantaine, [adab7c09346504326c41f68249bb5ba5]
PUP.Optional.YesSearches, HKU\S-1-5-21-2449221417-146016851-1928103234-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&q={searchTerms}&ts=AHEpBX0kCHEnAk..&v=20160202&mode=ffsengext, En quarantaine, [90c8681df6a33ef88e1fe98f35cf7090]
PUP.Optional.YesSearches, HKU\S-1-5-21-2449221417-146016851-1928103234-1001\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=61D7B28F13A621A46880C16402A0ED70&ptid=wak&ts=AHEpBX0kCHEnAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [a6b282036f2aec4a8f1e1b5da4608f71]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 0
(Aucun élément malveillant détecté)

Fichiers: 37
HackTool.IdleKMS, C:\Program Files\KMSpico\KMSELDI.exe, En quarantaine, [ee6a1c6950491d1906dece9381811ae6],
PUP.Optional.StartSurf, C:\Users\hamid-hp\AppData\Local\Temp\0b49fb92.a, En quarantaine, [1e3a6b1a5742ce6810a655800bf6e917],
Adware.IStartSurf, C:\Users\hamid-hp\AppData\Local\Temp\0b4a11f8.a, En quarantaine, [4513d1b4f2a7b581669b9463c23f9a66],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{AEC58B82-21B2-466E-B3ED-EA87B541CD6C}.dll, En quarantaine, [64f489fc1f7aaa8c44e4ea79de23b050],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{B236EC88-EB84-4578-AA2B-A9993DEF44D3}.dll, En quarantaine, [75e340453762a195d553acb705fc7b85],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{C1B74ED5-EF8D-4907-BA7F-3DD3BC7D54EA}.dll, En quarantaine, [b0a8a7de29706cca9692cf9427da30d0],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{5EE81F8E-AC8F-40ED-8907-533701EA419F}.dll, En quarantaine, [1b3df0950f8a320480a8481bfc05d32d],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{20DD1CB9-48E9-48C4-888C-132C58DA6050}.dll, En quarantaine, [d7810184b8e12d09091f74ef837e7987],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{2D308AE6-EF8B-4E53-9ACB-9214378AEBA0}.xpi, En quarantaine, [9dbb473e891094a20f4c92a06d94847c],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{3731B29B-6277-4BFA-86CA-8C5C623B01FF}.xpi, En quarantaine, [362264219009bf77fc5fb280867be31d],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{3C551AA0-D6CA-4065-B4B9-A6614401EF29}.dll, En quarantaine, [36228df811883501b672d093d82924dc],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{3D7904D5-2D87-4CD6-8280-E9B02791E2DC}.xpi, En quarantaine, [a4b47b0a4f4ac86e9ebd74beef129b65],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{46751E51-514F-46FC-8EF4-5EFE52683C06}.dll, En quarantaine, [fe5a0d784f4a61d578b01d4649b8cc34],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{4F9B4480-9CF3-41C0-B58D-AEFE5D958C90}.dll, En quarantaine, [7bdd91f47821da5c141488db5ca5b54b],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{CC0CAEAF-1CFD-4EFA-8C8C-FACECB943D8B}.dll, En quarantaine, [90c88df87326ee4895931f442ad7d927],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{D0AB8416-424B-4D1B-889D-DDCD0E6B19B2}.xpi, En quarantaine, [8dcb2263c9d0ab8b5b00f73b0cf58a76],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{D2312DBD-9BFE-48E1-BEE3-F3EB901AA2F3}.dll, En quarantaine, [9abe90f55d3c50e63bed7ae98978df21],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{D45708A7-9BE2-40EB-B38D-9CD5AD9FA111}.xpi, En quarantaine, [f761d8ada3f60630e37848ea12ef12ee],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{D8A0CAE4-A211-46F7-B2B3-6D16CFD75246}.dll, En quarantaine, [57011372c0d95fd7b3753b2819e8c040],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{113BA541-DC44-4EB2-8CA5-3446A673A0CC}.dll, En quarantaine, [f8608bfa8910e94dbc6c006307fa6c94],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{84A5E2E1-2F51-4491-9E5A-B0FD2317ED0C}.xpi, En quarantaine, [4f0981049cfd49edc893ba784fb2c838],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{87613244-4824-4072-A60B-6805B52936F4}.dll, En quarantaine, [fe5ab1d4f1a8d26451d7d39089782fd1],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{DF44F03F-80BA-4C2B-A8EA-50A27DB89C3A}.xpi, En quarantaine, [dd7b374ed5c4fe388ad1aa881be61be5],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{ED8E5F22-EF0A-49E4-8353-5BD6A37FCCAF}.dll, En quarantaine, [e27695f0b8e10a2c1e0a7ee5e71a13ed],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{F4563F2F-1573-43B8-827C-16EA8C109317}.xpi, En quarantaine, [a1b7b6cf851487afcc8ff042d52c40c0],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{143926BB-A3BB-4FBA-8369-B6C197CED3E7}.dll, En quarantaine, [70e82d58950488aedc4c263d9d6410f0],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{1B47C643-54BD-4AAE-B791-2B9F2A018ADE}.dll, En quarantaine, [8bcd1c69841561d51810b0b322df49b7],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{1F922D02-DE17-4641-980B-7AD3E9598411}.dll, En quarantaine, [aeaa166f732654e27fa9d88bf20f0ff1],
PUP.Optional.YourSearching.ShrtCln, C:\Users\hamid-hp\AppData\Local\Temp\ICP1l6rdnr.exe, En quarantaine, [3523dbaaa6f353e386a548e6a1645ba5],
PUP.Optional.Yontoo.Gen, C:\Users\hamid-hp\AppData\Local\Temp\{04122002-5941-4632-8F10-91395613A022}.xpi, En quarantaine, [df793550b8e191a574e7112119e84ab6],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{042E6C36-37B5-4EB8-9CA5-21705A66C2BA}.dll, En quarantaine, [9ebaafd6356458de1d0b184b679a3fc1],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{089E0AF9-6C77-43C4-B44B-72319C98044F}.dll, En quarantaine, [d1875332f1a8fc3a949498cba45dfc04],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Local\Temp\{0D4CA14A-AE0C-4D52-8EB7-6BB55293F4C1}.dll, En quarantaine, [61f71d68524743f38e9a73f056ab1ae6],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Bon : (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (user_pref("browser.startup.homepage", "http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFcgEMVgwQExhBJQ4BTA1DEQEOeQhdBRRHElMRJVsLUAsSElEFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDdUdGIUpNE1w=");), Remplacé,[83d57d08cfcaef47879ec17a2fd637c9]
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo.xml, En quarantaine, [adabb6cf5c3dc6705f949a9d1de88977],
PUP.Optional.Yontoo, C:\Users\hamid-hp\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js, Bon : (), Mauvais : (user_pref("browser.startup.homepage", "http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFcgEMVgwQExhBJQ4BTA1DEQEOeQhdBRRHElMRJVsLUAsSElEFIk0FA18DB0VXfWFoKB8fHHFKM1pXF1wDdUdGIUpNE1w=");), Remplacé,[e96f790c7722b97d2a09a297fa0b7888]
PUP.Optional.DeskCut, C:\Users\hamid-hp\AppData\Roaming\Mozilla\Firefox\Profiles\ehmcmgcy.dev-edition-default\prefs.js, Bon : (), Mauvais : (deskCutv2@gmail.com), Remplacé,[d682295c72277db94af5e358768f738d]

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité