Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 11/10/2015 Heure de l'analyse: 16:12 Fichier journal: Malwarebytes Anti-Malware.txt Administrateur: Oui Version: 2.1.8.1057 Base de données de programmes malveillants: v2015.10.11.03 Base de données de rootkits: v2015.10.06.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 10 Processeur: x64 Système de fichiers: NTFS Utilisateur: Thibaud Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 504550 Temps écoulé: 1 h, 53 min, 56 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé Processus: 2 PUP.Optional.Miner, C:\ProgramData\Adobe\rundll32.exe, 6140, , [fcb3e47197f4181ee70aee489a6b31cf] Backdoor.Agent.ADB, C:\ProgramData\Adobe\rundll32.exe, 6140, , [4b64183dfc8f2b0bf4d9d77453b05da3] Modules: 0 (Aucun élément malveillant détecté) Clés du registre: 8 PUP.Optional.Miner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNDLL32.EXE, , [fcb3e47197f4181ee70aee489a6b31cf], PUP.Optional.Miner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNDLL32.EXE, , [fcb3e47197f4181ee70aee489a6b31cf], Backdoor.Agent.ADB, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNDLL32.EXE, , [4b64183dfc8f2b0bf4d9d77453b05da3], Backdoor.Agent.ADB, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNDLL32.EXE, , [4b64183dfc8f2b0bf4d9d77453b05da3], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [8926b99ce5a6191d06ee9af70df7956b], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [0ca3ee67b2d9b581b24221704abafa06], PUP.Optional.InstallCore, HKU\S-1-5-21-2019967907-4093017838-2558531480-1000\SOFTWARE\ICSW1.14, , [e9c661f4f695de58ba35506824e0c937], PUP.Optional.SpeedDial, HKU\S-1-5-21-2019967907-4093017838-2558531480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C8E40421-41DB-43FB-A85E-7EFEB3395BF8}, , [d9d6e1743457c175712801d2877d6f91], Valeurs du registre: 7 PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [8926b99ce5a6191d06ee9af70df7956b] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [0ca3ee67b2d9b581b24221704abafa06] PUP.Optional.SpeedDial, HKU\S-1-5-21-2019967907-4093017838-2558531480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C8E40421-41DB-43FB-A85E-7EFEB3395BF8}|URL, http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCyD0AzzyD0D0Dzy0AyDtDtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CyD0CtDtB0AtG0AyCzyyDtG0C0A0AtBtGzzyE0BzztGyBtBtDyCyEyDyEzz0DtDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0C0FtAzztDtCtGyB0CtDtBtG0Czy0F0AtGyBzytAtAtGtB0FyD0AyBtByCzz0C0EtD0B2Q&cr=1048675667&ir=, , [d9d6e1743457c175712801d2877d6f91] PUP.Optional.SpeedDial, HKU\S-1-5-21-2019967907-4093017838-2558531480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C8E40421-41DB-43FB-A85E-7EFEB3395BF8}|TopResultURLFallback, http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_tele_14_25_ff&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCyD0AzzyD0D0Dzy0AyDtDtN0D0Tzu0SzytDtAtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtA0CyD0CtDtB0AtG0AyCzyyDtG0C0A0AtBtGzzyE0BzztGyBtBtDyCyEyDyEzz0DtDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCzy0C0FtAzztDtCtGyB0CtDtBtG0Czy0F0AtGyBzytAtAtGtB0FyD0AyBtByCzz0C0EtD0B2Q&cr=1048675667&ir=, , [0aa5045159326acc15847a590df7c040] PUP.Optional.SpeedDial, HKU\S-1-5-21-2019967907-4093017838-2558531480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C8E40421-41DB-43FB-A85E-7EFEB3395BF8}|FaviconPath, C:\Program Files (x86)\Speedial\1.8.29.15\FavIcon.ico, , [46693c199feca09629704291c73dca36] PUP.Optional.SpeedDial, HKU\S-1-5-21-2019967907-4093017838-2558531480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C8E40421-41DB-43FB-A85E-7EFEB3395BF8}, Speedial, , [8d222035a1ea9e989aff07ccde26d52b] PUP.Optional.SpeedDial, HKU\S-1-5-21-2019967907-4093017838-2558531480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C8E40421-41DB-43FB-A85E-7EFEB3395BF8}|DisplayName, Speedial, , [b0ffe471a9e22d09a2f7b61ddc28f010] Données du registre: 0 (Aucun élément malveillant détecté) Dossiers: 1 PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355, , [bcf359fc8704bd794883b3e18b79f709], Fichiers: 14 PUP.Optional.Miner, C:\ProgramData\Adobe\rundll32.exe, , [fcb3e47197f4181ee70aee489a6b31cf], PUP.Optional.InstallCore, C:\Users\Thibaud\AppData\Local\Temp\ICReinstall_directx-11.exe, , [773845106c1fd85e7818e40819e8d12f], Backdoor.Agent.ADB, C:\ProgramData\Adobe\rundll32.exe, , [4b64183dfc8f2b0bf4d9d77453b05da3], PUP.Optional.WinYahoo, C:\Users\Thibaud\AppData\LocalLow\Microsoft\Internet Explorer\Services\WinYahoo.ico, , [1c93470eed9e56e0220da1f0f014bc44], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\026816f45d2e47b2b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\189b814eae567c7cb11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\21dd2fa5f20cc109b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\34c411b0fb868090b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\509988526bee90c2b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\5ba3ff2d19c3f782b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\6757e794ec36f69eb11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\83096e7eaa178540b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\efab86736db47390b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], PUP.Optional.MultiPlug.Gen, C:\ProgramData\15169047292228424355\f7610c3afe2bbcd1b11597dae30464b1.ini, , [bcf359fc8704bd794883b3e18b79f709], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)