cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 13/07/2016
Heure de l'analyse: 21:44
Fichier journal: journal d'analyse.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.07.13.10
Base de données de rootkits: v2016.05.27.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: pompido

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 336060
Temps écoulé: 36 min, 17 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 4
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}, En quarantaine, [a2ecb073ebaf0036aaaeaf2ca75cce32],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, En quarantaine, [830be43f990192a4efbe00c4ed16966a],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}, En quarantaine, [c8c6f52e3a6075c19a149d2718ebae52],
PUP.Optional.TNT, HKU\S-1-5-21-2428007030-3290115269-3721999086-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6CC61CC6-ECA7-4E5D-B8D7-207757E25460}, En quarantaine, [afdf27fc32686dc9c3589821cd3611ef],

Valeurs du Registre: 10
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|URL, http://www.default-search.net/search?sid=514&aid=109&itype=n&ver=15946&tm=677&src=ds&p={searchTerms}, En quarantaine, [a2ecb073ebaf0036aaaeaf2ca75cce32]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_22¶m1=1¶m2=fEn quarantaineD4%26bEn quarantaineDIE%26ccEn quarantaineDma%26paEn quarantaineDWincy%26cdEn quarantaineD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AzztByCzztAtGyByD0F0CtG0F0AyD0BtGyEyD0F0EtG0CtA0AtCyCyB0EzyyD0AtBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtDyD0FzytCyCtGtB0E0E0AtGyEtBtAzytGzyyEyEtCtGyD0E0F0B0EzzzzyE0C0D0E0C2QtN0A0LzutB%26crEn quarantaineD204180877%26aEn quarantaineDwncy_clu_15_22%26osEn quarantaineDWindows 8.1 Single Language&p={searchTerms}, [830be43f990192a4efbe00c4ed16966a], %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_22¶m1=1¶m2=fEn quarantaineD4%26bEn quarantaineDIE%26ccEn quarantaineDma%26paEn quarantaineDWincy%26cdEn quarantaineD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AzztByCzztAtGyByD0F0CtG0F0AyD0BtGyEyD0F0EtG0CtA0AtCyCyB0EzyyD0AtBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtDyD0FzytCyCtGtB0E0E0AtGyEtBtAzytGzyyEyEtCtGyD0E0F0B0EzzzzyE0C0D0E0C2QtN0A0LzutB%26crEn quarantaineD204180877%26aEn quarantaineDwncy_clu_15_22%26osEn quarantaineDWindows 8.1 Single Language&p={searchTerms}, [93fb39eac8d21125931a9232e0234db3], %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|URL, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_25¶m1=1¶m2=fEn quarantaineD4%26bEn quarantaineDIE%26ccEn quarantaineDma%26paEn quarantaineDWinYahoo%26cdEn quarantaineD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByCtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzy0AtAtBtDzyyCtGtC0B0EtAtG0C0CtC0EtGtBtDtCyBtG0FtC0D0FtDzztB0FtAzyyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DyEyCtA0AyDtGyEzz0FyEtGyEyB0CyBtG0AzzyB0FtGzy0F0CtAtB0B0E0EyE0A0BtC2QtN0A0LzutB%26crEn quarantaineD1070861680%26aEn quarantaineDwny_tele_15_25%26osEn quarantaineDWindows 8.1 Single Language&p={searchTerms}, [c8c6f52e3a6075c19a149d2718ebae52], %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_25¶m1=1¶m2=fEn quarantaineD4%26bEn quarantaineDIE%26ccEn quarantaineDma%26paEn quarantaineDWinYahoo%26cdEn quarantaineD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByCtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzy0AtAtBtDzyyCtGtC0B0EtAtG0C0CtC0EtGtBtDtCyBtG0FtC0D0FtDzztB0FtAzyyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DyEyCtA0AyDtGyEzz0FyEtGyEyB0CyBtG0AzzyB0FtGzy0F0CtAtB0B0E0EyE0A0BtC2QtN0A0LzutB%26crEn quarantaineD1070861680%26aEn quarantaineDwny_tele_15_25%26osEn quarantaineDWindows 8.1 Single Language&p={searchTerms}, [d3bb0221a8f29a9c0da12a9aef14e719], %5
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|DisplayName, default-search.net, En quarantaine, [1a7443e01189171f87901f816e957987]
PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|SuggestionsURL_JSON, http://www.default-search.net?sid=514&aid=109&itype=n&ver=15946&tm=677&src=ds&p={searchTerms}&ft=json, En quarantaine, [47474bd84e4c2a0c9285f1af3ac9b24e]
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|FaviconPath, C:\Program Files (x86)\Assets Manager\smdmf\favicon.ico, En quarantaine, [276767bc4852c17556eb429c09faae52]
PUP.Optional.TNT2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{EF5806EF-9D54-497B-91EB-B7A44F04A0FF}, v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ayoub\AppData\Local\TNT2\2.0.0.1983\TNT2User.exe|Name=TNT2|, En quarantaine, [0d812003fe9c043215bf7c7130d34ab6]
PUP.Optional.TNT, HKU\S-1-5-21-2428007030-3290115269-3721999086-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6CC61CC6-ECA7-4E5D-B8D7-207757E25460}|OSDFileURL, file:///C:/Users/ayoub/AppData/Local/TNT2/Profiles/11443/yah11443.xml, En quarantaine, [afdf27fc32686dc9c3589821cd3611ef]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 2
PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack, En quarantaine, [2d61081babeff640fc56b70235cd6d93],
PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage, En quarantaine, [2d61081babeff640fc56b70235cd6d93],

Fichiers: 6
CrackTool.KMSPico, C:\Program Files\KMSpico\KMSELDI.exe, En quarantaine, [c7c7be65cecce5511390ebc00ef34db3],
PUP.Optional.WinYahoo, C:\Users\ayoub\AppData\LocalLow\Microsoft\Internet Explorer\Services\WinYahoo.ico, En quarantaine, [3e509e85851574c28993434eb0538e72],
PUP.Optional.DefaultSearch.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, En quarantaine, [d6b8ad76a4f6e056e72c455b10f31ee2],
PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\extensions\caa1-aDOiCAxFFMOVIX@jetpack.xpi, En quarantaine, [e1ad48db87134aec35949c10ad569b65],
PUP.Optional.WinYahoo, C:\Users\ayoub\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, En quarantaine, [a2ec7ca7f0aa44f263939d26a063827e],
PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage\store.json, En quarantaine, [2d61081babeff640fc56b70235cd6d93],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité