Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'analyse: 08/06/2016
Heure de l'analyse: 18:16
Fichier journal: mm.txt
Administrateur: Oui
Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.06.08.06
Base de données de rootkits: v2016.05.27.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: SALAHEDDINE
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 302194
Temps écoulé: 16 min, 6 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 1
RiskWare.MisusedLegit, C:\Windows\securitysvc.exe, 2908, Supprimer au redémarrage, [b6d0f80219800e285ef249ea976a9070]
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 14
RiskWare.MisusedLegit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tvnserver, En quarantaine, [b6d0f80219800e285ef249ea976a9070],
PUP.Optional.FindWide, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, En quarantaine, [02843ebcf9a086b0060c31540ef4f30d],
PUP.Optional.FindWide, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, En quarantaine, [02843ebcf9a086b0060c31540ef4f30d],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, En quarantaine, [f19540ba118821153cc943447d85c040],
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, En quarantaine, [216538c2fa9f70c61adbee95b0529d63],
PUP.Optional.eShield, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.eshield.extension_host, En quarantaine, [7b0ba85222774bebbb18814325dee41c],
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\silvernix_RASAPI32, En quarantaine, [a5e1e119d6c382b45f373389e41e8977],
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\silvernix_RASMANCS, En quarantaine, [572f3ac0b0e9023422742795c43e33cd],
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, En quarantaine, [4c3ad624aced9e981929e9bfa75cc13f],
PUP.Optional.TNT, HKU\S-1-5-21-225983278-990865864-3999286062-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6E010EA-6EA9-47A3-A40B-599F43128FB4}, En quarantaine, [75119367c8d120164906396f0af9dc24],
Valeurs du Registre: 1
PUP.Optional.TNT, HKU\S-1-5-21-225983278-990865864-3999286062-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6E010EA-6EA9-47A3-A40B-599F43128FB4}|OSDFileURL, file:///C:/Users/SALAHEDDINE/AppData/Local/TNT2/Profiles/11467/yah11467.xml, En quarantaine, [75119367c8d120164906396f0af9dc24]
Données du Registre: 3
PUP.Optional.eShield, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={3DE2F98D-82D1-406E-84A7-1AE05B9E78BF}&i=, Bon : (www.google.com), Mauvais : (http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={3DE2F98D-82D1-406E-84A7-1AE05B9E78BF}&i=),Remplacé,[b1d59c5ecacf1620fd07144f9e66b54b]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[12747585c4d51323e223f86a43c1c53b]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[7a0c27d31c7d87af8e7793cf8a7add23]
Dossiers: 3
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\task Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\vmserve Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
Fichiers: 9
RiskWare.MisusedLegit, C:\Windows\securitysvc.exe, Supprimer au redémarrage, [b6d0f80219800e285ef249ea976a9070],
PUP.Optional.RKN, C:\Users\SALAHEDDINE\Downloads\AutoClickerTyperSetup.exe, En quarantaine, [4d39b545623793a3043fef591fe22ed2],
RiskWare.MisusedLegit, C:\Windows\screenhooks32.dll, En quarantaine, [c7bf8971f9a06bcb282767ccb54c58a8],
PUP.Optional.Smeazymo, C:\Users\SALAHEDDINE\AppData\Local\silvernix.dat, En quarantaine, [f6909763a6f3ab8b6f24c9f349b9da26],
PUP.Optional.Smeazymo, C:\Users\SALAHEDDINE\AppData\Local\silvernix.exe.config, En quarantaine, [d7af0ded74252610662dac106d95d12f],
PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Chrome .lnk, En quarantaine, [dea89c5ecacfc472102b7e4bd33021df],
PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Firefox .lnk, En quarantaine, [f3932fcb7e1b94a23705ab1ee41f639d],
PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Iexplore .lnk, En quarantaine, [a6e00ded3d5c73c32b12c8014db6fd03],
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\task Update\task.exe, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)
www.malwarebytes.org
Date de l'analyse: 08/06/2016
Heure de l'analyse: 18:16
Fichier journal: mm.txt
Administrateur: Oui
Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.06.08.06
Base de données de rootkits: v2016.05.27.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: SALAHEDDINE
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 302194
Temps écoulé: 16 min, 6 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 1
RiskWare.MisusedLegit, C:\Windows\securitysvc.exe, 2908, Supprimer au redémarrage, [b6d0f80219800e285ef249ea976a9070]
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 14
RiskWare.MisusedLegit, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\tvnserver, En quarantaine, [b6d0f80219800e285ef249ea976a9070],
PUP.Optional.FindWide, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, En quarantaine, [02843ebcf9a086b0060c31540ef4f30d],
PUP.Optional.FindWide, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FEB2313-F89B-4AC6-8153-84025604A06A}, En quarantaine, [02843ebcf9a086b0060c31540ef4f30d],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Malwarebytes Activator by mustafa elkhatib.DynamicNS, En quarantaine, [f19540ba118821153cc943447d85c040],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, En quarantaine, [f19540ba118821153cc943447d85c040],
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, En quarantaine, [216538c2fa9f70c61adbee95b0529d63],
PUP.Optional.eShield, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.eshield.extension_host, En quarantaine, [7b0ba85222774bebbb18814325dee41c],
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\silvernix_RASAPI32, En quarantaine, [a5e1e119d6c382b45f373389e41e8977],
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\silvernix_RASMANCS, En quarantaine, [572f3ac0b0e9023422742795c43e33cd],
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, En quarantaine, [4c3ad624aced9e981929e9bfa75cc13f],
PUP.Optional.TNT, HKU\S-1-5-21-225983278-990865864-3999286062-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6E010EA-6EA9-47A3-A40B-599F43128FB4}, En quarantaine, [75119367c8d120164906396f0af9dc24],
Valeurs du Registre: 1
PUP.Optional.TNT, HKU\S-1-5-21-225983278-990865864-3999286062-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6E010EA-6EA9-47A3-A40B-599F43128FB4}|OSDFileURL, file:///C:/Users/SALAHEDDINE/AppData/Local/TNT2/Profiles/11467/yah11467.xml, En quarantaine, [75119367c8d120164906396f0af9dc24]
Données du Registre: 3
PUP.Optional.eShield, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={3DE2F98D-82D1-406E-84A7-1AE05B9E78BF}&i=, Bon : (www.google.com), Mauvais : (http://services.eshield.com/general/newhometab.php?hometab=home&partner=11467&guid={3DE2F98D-82D1-406E-84A7-1AE05B9E78BF}&i=),Remplacé,[b1d59c5ecacf1620fd07144f9e66b54b]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[12747585c4d51323e223f86a43c1c53b]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Remplacé,[7a0c27d31c7d87af8e7793cf8a7add23]
Dossiers: 3
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\task Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\vmserve Update, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
Fichiers: 9
RiskWare.MisusedLegit, C:\Windows\securitysvc.exe, Supprimer au redémarrage, [b6d0f80219800e285ef249ea976a9070],
PUP.Optional.RKN, C:\Users\SALAHEDDINE\Downloads\AutoClickerTyperSetup.exe, En quarantaine, [4d39b545623793a3043fef591fe22ed2],
RiskWare.MisusedLegit, C:\Windows\screenhooks32.dll, En quarantaine, [c7bf8971f9a06bcb282767ccb54c58a8],
PUP.Optional.Smeazymo, C:\Users\SALAHEDDINE\AppData\Local\silvernix.dat, En quarantaine, [f6909763a6f3ab8b6f24c9f349b9da26],
PUP.Optional.Smeazymo, C:\Users\SALAHEDDINE\AppData\Local\silvernix.exe.config, En quarantaine, [d7af0ded74252610662dac106d95d12f],
PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Chrome .lnk, En quarantaine, [dea89c5ecacfc472102b7e4bd33021df],
PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Firefox .lnk, En quarantaine, [f3932fcb7e1b94a23705ab1ee41f639d],
PUP.Optional.Iminent, C:\Users\SALAHEDDINE\AppData\Local\Iexplore .lnk, En quarantaine, [a6e00ded3d5c73c32b12c8014db6fd03],
PUP.Optional.CommonUpdate.PrxySvrRST, C:\Program Files (x86)\Common Update\task Update\task.exe, En quarantaine, [2b5bb7439702a690c33b20b734cf9769],
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)