Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 13/07/2016 Heure de l'analyse: 21:44 Fichier journal: ÊÞÑíÑ ÇáÈÍË scan.txt Administrateur: Oui Version: 2.2.1.1043 Base de données de programmes malveillants: v2016.07.13.10 Base de données de rootkits: v2016.05.27.01 Licence: Essai Protection contre les programmes malveillants: Activé Protection contre les sites Web malveillants: Activé Autoprotection: Désactivé Système d'exploitation: Windows 10 Processeur: x64 Système de fichiers: NTFS Utilisateur: pompido Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 336060 Temps écoulé: 36 min, 17 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 4 PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}, , [a2ecb073ebaf0036aaaeaf2ca75cce32], PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, , [830be43f990192a4efbe00c4ed16966a], PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}, , [c8c6f52e3a6075c19a149d2718ebae52], PUP.Optional.TNT, HKU\S-1-5-21-2428007030-3290115269-3721999086-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6CC61CC6-ECA7-4E5D-B8D7-207757E25460}, , [afdf27fc32686dc9c3589821cd3611ef], Valeurs du Registre: 10 PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|URL, http://www.default-search.net/search?sid=514&aid=109&itype=n&ver=15946&tm=677&src=ds&p={searchTerms}, , [a2ecb073ebaf0036aaaeaf2ca75cce32] PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_22¶m1=1¶m2=fD4%26bDIE%26ccDma%26paDWincy%26cdD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AzztByCzztAtGyByD0F0CtG0F0AyD0BtGyEyD0F0EtG0CtA0AtCyCyB0EzyyD0AtBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtDyD0FzytCyCtGtB0E0E0AtGyEtBtAzytGzyyEyEtCtGyD0E0F0B0EzzzzyE0C0D0E0C2QtN0A0LzutB%26crD204180877%26aDwncy_clu_15_22%26osDWindows 8.1 Single Language&p={searchTerms}, [830be43f990192a4efbe00c4ed16966a], %5 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_clu_15_22¶m1=1¶m2=fD4%26bDIE%26ccDma%26paDWincy%26cdD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByEyEtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyE0F0AzztByCzztAtGyByD0F0CtG0F0AyD0BtGyEyD0F0EtG0CtA0AtCyCyB0EzyyD0AtBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0CtDyD0FzytCyCtGtB0E0E0AtGyEtBtAzytGzyyEyEtCtGyD0E0F0B0EzzzzyE0C0D0E0C2QtN0A0LzutB%26crD204180877%26aDwncy_clu_15_22%26osDWindows 8.1 Single Language&p={searchTerms}, [93fb39eac8d21125931a9232e0234db3], %5 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|URL, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_25¶m1=1¶m2=fD4%26bDIE%26ccDma%26paDWinYahoo%26cdD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByCtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzy0AtAtBtDzyyCtGtC0B0EtAtG0C0CtC0EtGtBtDtCyBtG0FtC0D0FtDzztB0FtAzyyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DyEyCtA0AyDtGyEzz0FyEtGyEyB0CyBtG0AzzyB0FtGzy0F0CtAtB0B0E0EyE0A0BtC2QtN0A0LzutB%26crD1070861680%26aDwny_tele_15_25%26osDWindows 8.1 Single Language&p={searchTerms}, [c8c6f52e3a6075c19a149d2718ebae52], %5 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}|TopResultURLFallback, http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_tele_15_25¶m1=1¶m2=fD4%26bDIE%26ccDma%26paDWinYahoo%26cdD2XzuyEtN2Y1L1Qzu0AyB0C0FtN0D0Tzu0StCtByCtBtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzy0AtAtBtDzyyCtGtC0B0EtAtG0C0CtC0EtGtBtDtCyBtG0FtC0D0FtDzztB0FtAzyyCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzyD0DyEyCtA0AyDtGyEzz0FyEtGyEyB0CyBtG0AzzyB0FtGzy0F0CtAtB0B0E0EyE0A0BtC2QtN0A0LzutB%26crD1070861680%26aDwny_tele_15_25%26osDWindows 8.1 Single Language&p={searchTerms}, [d3bb0221a8f29a9c0da12a9aef14e719], %5 PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|DisplayName, default-search.net, , [1a7443e01189171f87901f816e957987] PUP.Optional.DefaultSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|SuggestionsURL_JSON, http://www.default-search.net?sid=514&aid=109&itype=n&ver=15946&tm=677&src=ds&p={searchTerms}&ft=json, , [47474bd84e4c2a0c9285f1af3ac9b24e] PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2514}|FaviconPath, C:\Program Files (x86)\Assets Manager\smdmf\favicon.ico, , [276767bc4852c17556eb429c09faae52] PUP.Optional.TNT2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{EF5806EF-9D54-497B-91EB-B7A44F04A0FF}, v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ayoub\AppData\Local\TNT2\2.0.0.1983\TNT2User.exe|Name=TNT2|, , [0d812003fe9c043215bf7c7130d34ab6] PUP.Optional.TNT, HKU\S-1-5-21-2428007030-3290115269-3721999086-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6CC61CC6-ECA7-4E5D-B8D7-207757E25460}|OSDFileURL, file:///C:/Users/ayoub/AppData/Local/TNT2/Profiles/11443/yah11443.xml, , [afdf27fc32686dc9c3589821cd3611ef] Données du Registre: 0 (Aucun élément malveillant détecté) Dossiers: 2 PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack, , [2d61081babeff640fc56b70235cd6d93], PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage, , [2d61081babeff640fc56b70235cd6d93], Fichiers: 6 CrackTool.KMSPico, C:\Program Files\KMSpico\KMSELDI.exe, , [c7c7be65cecce5511390ebc00ef34db3], PUP.Optional.WinYahoo, C:\Users\ayoub\AppData\LocalLow\Microsoft\Internet Explorer\Services\WinYahoo.ico, , [3e509e85851574c28993434eb0538e72], PUP.Optional.DefaultSearch.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, , [d6b8ad76a4f6e056e72c455b10f31ee2], PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\extensions\caa1-aDOiCAxFFMOVIX@jetpack.xpi, , [e1ad48db87134aec35949c10ad569b65], PUP.Optional.WinYahoo, C:\Users\ayoub\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, , [a2ec7ca7f0aa44f263939d26a063827e], PUP.Optional.Movix, C:\Users\ayoub\AppData\Roaming\Mozilla\Firefox\Profiles\e3v3i08p.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage\store.json, , [2d61081babeff640fc56b70235cd6d93], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)