Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 08/06/2016 Heure de l'analyse: 18:16 Fichier journal: mm.txt Administrateur: Oui Version: 2.2.1.1043 Base de données de programmes malveillants: v2016.06.08.06 Base de données de rootkits: v2016.05.27.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 8.1 Processeur: x64 Système de fichiers: NTFS Utilisateur: SALAHEDDINE Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 302194 Temps écoulé: 16 min, 6 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Activé PUM: Activé Processus: 1 RiskWare.MisusedLegit, C:\Windows\securitysvc.exe, 2908, Supprimer au redémarrage, [b6d0f80219800e285ef249ea976a9070] Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 14 RiskWare.MisusedLegit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tvnserver, En quarantaine, [b6d0f80219800e285ef249ea976a9070], PUP.Optional.FindWide, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, En quarantaine, [02843ebcf9a086b0060c31540ef4f30d], PUP.Optional.FindWide, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, En quarantaine, [02843ebcf9a086b0060c31540ef4f30d], Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, En quarantaine, [f19540ba118821153cc943447d85c040], Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040], Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040], Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040], Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, En quarantaine, [f19540ba118821153cc943447d85c040], PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, En quarantaine, [216538c2fa9f70c61adbee95b0529d63], PUP.Optional.eShield, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.eshield.extension_host, En quarantaine, [7b0ba85222774bebbb18814325dee41c], PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\silvernix_RASAPI32, En quarantaine, [a5e1e119d6c382b45f373389e41e8977], PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\silvernix_RASMANCS, En quarantaine, [572f3ac0b0e9023422742795c43e33cd], PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, En quarantaine, [4c3ad624aced9e981929e9bfa75cc13f], PUP.Optional.TNT, HKU\S-1-5-21-225983278-990865864-3999286062-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6E010EA-6EA9-47A3-A40B-599F43128FB4}, En quarantaine, [75119367c8d120164906396f0af9dc24], Valeurs du Registre: 1 PUP.Optional.TNT, HKU\S-1-5-21-225983278-990865864-3999286062-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6E010EA-6EA9-47A3-A40B-599F43128FB4}|OSDFileURL, file:///C:/Users/SALAHEDDINE/AppData/Local/TNT2/Profiles/11467/yah11467.xml, En quarantaine, [75119367c8d120164906396f0af9dc24] Données du Registre: 3 PUP.Optional.eShield, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={3DE2F98D-82D1-406E-84A7-1AE05B9E78BF}&i=, Bon : (www.google.com), Mauvais : (http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={3DE2F98D-82D1-406E-84A7-1AE05B9E78BF}&i=),Remplacé,[b1d59c5ecacf1620fd07144f9e66b54b] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[12747585c4d51323e223f86a43c1c53b] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[7a0c27d31c7d87af8e7793cf8a7add23] Dossiers: 3 PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\task Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769], PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769], PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\vmserve Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769], Fichiers: 9 RiskWare.MisusedLegit, C:\Windows\securitysvc.exe, Supprimer au redémarrage, [b6d0f80219800e285ef249ea976a9070], PUP.Optional.RKN, C:\Users\SALAHEDDINE\Downloads\AutoClickerTyperSetup.exe, En quarantaine, [4d39b545623793a3043fef591fe22ed2], RiskWare.MisusedLegit, C:\Windows\screenhooks32.dll, En quarantaine, [c7bf8971f9a06bcb282767ccb54c58a8], PUP.Optional.Smeazymo, C:\Users\SALAHEDDINE\AppData\Local\silvernix.dat, En quarantaine, [f6909763a6f3ab8b6f24c9f349b9da26], PUP.Optional.Smeazymo, C:\Users\SALAHEDDINE\AppData\Local\silvernix.exe.config, En quarantaine, [d7af0ded74252610662dac106d95d12f], PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Chrome .lnk, En quarantaine, [dea89c5ecacfc472102b7e4bd33021df], PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Firefox .lnk, En quarantaine, [f3932fcb7e1b94a23705ab1ee41f639d], PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Iexplore .lnk, En quarantaine, [a6e00ded3d5c73c32b12c8014db6fd03], PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\task Update\task.exe, En quarantaine, [2b5bb7439702a690c33b20b734cf9769], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)