cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 03/08/2016
Heure de l'analyse: 08:19
Fichier journal: AMW_journalAnalyse.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.08.03.04
Base de données de rootkits: v2016.05.27.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé

Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Jerome

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 550076
Temps écoulé: 18 min, 16 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 4
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Supprimer au redémarrage, [1799db6b633760d622e73d5b5da4b24e],
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [a60a6bdb1486d16561bf9613956f25db],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\SearchWindowResults, En quarantaine, [b9f7a89ea2f8f5416e6809c3d42e09f7],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UNINSTALL - EPF2, En quarantaine, [8d23e95d0892989ea06cf505e320f50b],

Valeurs du Registre: 12
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.hohosearch.com/?ts=AHEqA3YlAnQnBU..&v=20160415&uid=2D39C151BAF643621773BF5368347DE2&ptid=epf2&mode=ffsengext, En quarantaine, [a60a6bdb1486d16561bf9613956f25db]
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.hohosearch.com/?ts=AHEqA3YlAnQnBU..&v=20160415&uid=2D39C151BAF643621773BF5368347DE2&ptid=epf2&mode=ffsengext, En quarantaine, [e3cd0f371f7ba0961709614863a1bd43]
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.hohosearch.com/chrome.php?uid=2D39C151BAF643621773BF5368347DE2&ptid=epf2&q={searchTerms}&ts=AHEqA3YlAnQnBU..&v=20160415&mode=ffsengext, En quarantaine, [bcf41630c9d12d0922feeebbe42023dd]
PUP.Optional.HohoSearch.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.hohosearch.com/chrome.php?uid=2D39C151BAF643621773BF5368347DE2&ptid=epf2&ts=AHEqA3YlAnQnBU..&v=20160415&mode=ffexttoolbar&q=, En quarantaine, [179968de4f4be1552ef27039d2326d93]
PUP.Optional.MBot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_be_014010233, En quarantaine, [a709f3535d3db77f64226f3a04ff0ef2],
PUP.Optional.MBot, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|upmbot_be_014010233.exe, C:\Users\User\AppData\Local\mbot_be_014010233\upmbot_be_014010233.exe -runhelper, En quarantaine, [595715310595e74fec9b426757ac28d8]
PUP.Optional.GamesDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_be_005010233, En quarantaine, [4b65bf87a6f4c67024917d2636cda858],
PUP.Optional.Recover, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rec_en_77, En quarantaine, [5c54a79f8812221402db2091db28f010],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Uninstall - epf2|DisplayName, hohosearch - Uninstall, En quarantaine, [8d23e95d0892989ea06cf505e320f50b]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{54944F02-5755-47CF-8E06-E8B0E4CB6BF6}|AutoConfigUrl, http://stop-block.org/wpad.dat?a9ee2c1ccda962c18273002cf5d5b7fd5954750, En quarantaine, [446c172f108add59dccb07ae8084df21]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://stop-block.org/wpad.dat?a9ee2c1ccda962c18273002cf5d5b7fd5954750, En quarantaine, [2789af9789118da93c6affb637cd0ef2]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1611818669-2879724724-3649082833-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://stop-block.org/wpad.dat?a9ee2c1ccda962c18273002cf5d5b7fd5954750, En quarantaine, [a50b192dccceb87e861ebafb6d97a25e]

Données du Registre: 3
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSdQ8KBApARRhGdAwLTA1JFVEOeQoLVRRCRwYQJQBaA10VQFAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlEmSFtHL05qBEoETUFQ, Bon : (www.google.com), Mauvais : (http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSdQ8KBApARRhGdAwLTA1JFVEOeQoLVRRCRwYQJQBaA10VQFAFIk0FA1ADB0VXfVBdFElXTwhwJVhKAlEmSFtHL05qBEoETUFQ),Remplacé,[d2dec680504a0135aa39c5b308fc738d]
Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\Windows\run.vbs,, Bon : (userinit.exe), Mauvais : (wscript C:\Windows\run.vbs,),Remplacé,[931d57eff9a185b15ec5a2ce53b1cd33]
PUM.Optional.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\Windows\run.vbs,, Bon : (userinit.exe), Mauvais : (wscript C:\Windows\run.vbs,),Remplacé,[1a966bdb4a5079bded0aafca46beaf51]

Dossiers: 0
(Aucun élément malveillant détecté)

Fichiers: 65
PUP.Optional.MorePowerfulCleaner, C:\Windows\System32\drivers\MPCKpt.sys, Supprimer au redémarrage, [1799db6b633760d622e73d5b5da4b24e],
Trojan.Dropper.MSIL, C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\5C5CBB84-BC9D-5540-6440-9423B1CFCE29, En quarantaine, [f0c09bab7525a88e24b4e666d92822de],
PUP.Optional.Amonetize, C:\$RECYCLE.BIN\S-1-5-21-1611818669-2879724724-3649082833-1001\$RA3H6UW.appzdam__17909_il4913\adobe.premiere.pro.cc.2015.v9.0.multilingual.patch.keygen.appzdam__17909_il4913.exe, En quarantaine, [78385beba9f10b2bbd1df6d31ce5ce32],
PUP.Optional.DNSUnlocker.ACMB2, C:\$RECYCLE.BIN\S-1-5-21-1611818669-2879724724-3649082833-1001\$RJE0W7Z\ConsoleApplication1.dll, En quarantaine, [ecc4c58164360a2cf075f3ddc140b050],
PUP.Optional.DNSUnlocker, C:\$RECYCLE.BIN\S-1-5-21-1611818669-2879724724-3649082833-1001\$RJE0W7Z\DnsMonitoring.dll, En quarantaine, [6b4571d51a80092d2f4f520957ad8878],
Adware.CloudGuard, C:\$RECYCLE.BIN\S-1-5-21-1611818669-2879724724-3649082833-1001\$RJE0W7Z\dnswilliston.exe, En quarantaine, [7937271f6931e056d636444b33ce02fe],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\0652-6fe7-50fd-530b.exe, En quarantaine, [fcb41b2b445664d2e1f71c85b74a3dc3],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\0dce-058c-c803-01e5.exe, En quarantaine, [7a36ff47b8e27eb8f580aec4de23d52b],
PUP.Optional.Yontoo.Gen, C:\Users\User\AppData\Local\Temp\{45EDD592-07C0-45DB-8267-6095953919B1}.xpi, En quarantaine, [98181f272f6bc86e68c1c16109f838c8],
PUP.Optional.Yontoo.Gen, C:\Users\User\AppData\Local\Temp\{5FA5D3AC-A28B-4EC8-A5E4-88279CDCD273}.xpi, En quarantaine, [506014329901f2448d9c041eb1509f61],
PUP.Optional.Yontoo.Gen, C:\Users\User\AppData\Local\Temp\{8A51349C-6A6A-4739-9E40-40F5451B7B96}.xpi, En quarantaine, [614fd373772384b29d8c1d05b24f6f91],
PUP.Optional.Yontoo.Gen, C:\Users\User\AppData\Local\Temp\{D1918CD2-B97D-4C6E-8110-004091D25950}.xpi, En quarantaine, [e6caa6a09901fb3bca5f5fc3857c58a8],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\facb-b8d2-b60c-734b.exe, En quarantaine, [d2dea1a5f5a579bdd305f5ac0cf59c64],
PUP.Optional.DNSUnlocker, C:\Users\User\AppData\Local\Temp\2576-c0ae-274b-fa4c.exe, En quarantaine, [8e224006b7e361d599e5d28954b017e9],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\946c-303e-bdbc-6611.exe, En quarantaine, [9a1686c02b6fd165d2060f92ab56a858],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\c4b0-c934-e076-db6f.exe, En quarantaine, [129eec5a12881026f580b5bd22df966a],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\ff05-10db-e907-471f.exe, En quarantaine, [317f1b2bd9c1c57112c68918a859669a],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\4c37-9efb-2fe9-35f5.exe, En quarantaine, [446c93b3a4f6b97d83f273ffe41da858],
PUP.Optional.Yontoo, C:\Users\User\AppData\Local\Temp\6335-8b21-3f2b-eac0.exe, En quarantaine, [f4bc3115f5a5a19580580d94956cac54],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nsn3FD0.tmp, En quarantaine, [cbe5fd493e5c4de9154c107835ccc13f],
PUP.Optional.Bundler, C:\Users\User\AppData\Local\Temp\fsdA2DF.exe, En quarantaine, [3f71af979ffb1b1bc013a47e0df3a957],
PUP.Optional.Bundler, C:\Users\User\AppData\Local\Temp\fsdC7CC.exe, En quarantaine, [a50bf155366462d4498a42e08080bb45],
PUP.Optional.YourSearching, C:\Users\User\AppData\Local\Temp\FWn1E7pwhc.exe, En quarantaine, [8d2367df6c2ee353ff44f0a328dc817f],
PUP.Optional.Amonetize, C:\Users\User\AppData\Local\Temp\hib44E6.exe, En quarantaine, [238d4ff7584252e456a9d4f83bc69967],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nsaC4CF.tmp, En quarantaine, [4d6374d2b6e4082eddf1a6c921e39769],
PUP.Optional.MorePowerfulCleaner, C:\Users\User\AppData\Local\Temp\nsc3DBE.tmp, En quarantaine, [466af551316955e10c634f678f758d73],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nse51E8.tmp, En quarantaine, [337d83c3e3b75cdaaa78143ce71b6b95],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nsf85A5.tmp, En quarantaine, [4f6196b0dcbef046a032774c629f639d],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nsh6F8C.tmp, En quarantaine, [b7f9d670f4a6b2843d95be05b849c23e],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nsl6152.tmp, En quarantaine, [e1cffa4c633763d3fc65d8b017eaab55],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nsm88EF.tmp, En quarantaine, [149c71d5f8a2f541636b76f9838133cd],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\zgjqSlO2px.exe, En quarantaine, [921e1e285d3d3ff7d0fac1e1cf325fa1],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nspAA62.tmp, En quarantaine, [298798ae326882b4f7dbccf75ea3d52b],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nswA10B.tmp, En quarantaine, [357b9caa0595a591fad4a6c9f70ddf21],
PUP.Optional.ConvertAd, C:\Users\User\AppData\Local\Temp\nsx7102.tmp, En quarantaine, [7d338db9029803335c72dc93ce361ee2],
PUP.Optional.Yontoo.Gen, C:\Users\User\AppData\Local\Temp\{04451D65-3AFB-44BE-B317-B4DFA2CB9793}.xpi, En quarantaine, [4d6393b3c6d477bf012834eeb948ec14],
PUP.Optional.Yontoo.Gen, C:\Users\User\AppData\Local\Temp\{0D155848-05F6-426F-8582-100D88F9D151}.xpi, En quarantaine, [822ebc8a9ffb2b0b40e9f42ed22fc13f],
PUP.Optional.Yontoo.Gen, C:\Users\User\AppData\Local\Temp\{FA94FC0F-242E-4937-8AF0-556C68B90EC0}.xpi, En quarantaine, [634d9aac3b5f1125aa7ff52dbc4529d7],
PUP.Optional.Tuto4PC, C:\Users\User\AppData\Local\Temp\is-ED4AF.tmp\gentlemjmp_ieu.exe, En quarantaine, [119f67dfa0fa96a0fdd7fc67d42db24e],
PUP.Optional.Amonetize, C:\Users\User\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, En quarantaine, [436d5beb9dfdf93d6f90973540c137c9],
PUP.Optional.Tuto4PC, C:\Users\User\AppData\Local\Temp\XXUL0LRZBUUH\SVH.exe, En quarantaine, [6f41c3830b8fab8b4e941a0e8c74e31d],
PUP.Optional.EoRezo, C:\Windows\Temp\182C.tmp, En quarantaine, [baf663e3a0fad264b053b3ec29d821df],
Adware.ConvertAd, C:\Windows\Temp\3788.tmp, En quarantaine, [525edd694357ab8b772cdf721ce836ca],
Adware.MaxDriver, C:\Windows\Temp\1825.tmp, En quarantaine, [921ee1657e1c44f2d164064f29dbef11],
PUP.Optional.ConvertAd, C:\Windows\Temp\1826.tmp, En quarantaine, [832d25212575b2847a51510318ec837d],
Adware.ConvertAd, C:\Windows\Temp\1827.tmp, En quarantaine, [129ee4621882b77faaf9331e40c4db25],
PUP.Optional.ConvertAd, C:\Windows\Temp\1829.tmp, En quarantaine, [961af1550d8dfb3b382a1c6c0af72ad6],
Adware.AdLoad, C:\Windows\Temp\182B.tmp, En quarantaine, [3878b88e9307ab8b96634e450ef3837d],
PUP.Optional.ConvertAd, C:\Windows\Temp\3782.tmp, En quarantaine, [0fa1321403971b1b22a9054fbe468a76],
PUP.Optional.ConvertAd, C:\Windows\Temp\3784.tmp, En quarantaine, [8927a5a18713db5b1151becae31ea45c],
Adware.AdLoad, C:\Windows\Temp\3785.tmp, En quarantaine, [1c948bbb31693600ca2f642fd829966a],
PUP.Optional.ConvertAd, C:\Windows\Temp\4B0A.tmp, En quarantaine, [2f815fe7a5f52511e1811c6c966b6799],
Adware.ConvertAd, C:\Windows\Temp\4B0D.tmp, En quarantaine, [3a76db6b3d5d3105ce0dc1aa689a6997],
PUP.Optional.ConvertAd, C:\Windows\Temp\4B0E.tmp, En quarantaine, [5d5354f2eab064d2e164338a49b86b95],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\1.tmp.exe, En quarantaine, [bcf4c185366469cdcb235c63c43f7789],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\2.tmp.exe, En quarantaine, [258bc284f4a6072fc925952a7390eb15],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\3.tmp.exe, En quarantaine, [b5fb7bcbf5a541f5bd313887a063b34d],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\4.tmp.exe, En quarantaine, [e6cadc6ac9d1e0561bd3c1fe29daf30d],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\5.tmp.exe, En quarantaine, [b5fb9caa801abf77ffeff5ca38cbae52],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\6.tmp.exe, En quarantaine, [e7c99fa70c8ec47215d9e5da8a796898],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\7.tmp.exe, En quarantaine, [e5cb6cda95051323d717c1fec04335cb],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\8.tmp.exe, En quarantaine, [cfe11630f6a482b4e905318e5ca7768a],
Trojan.Agent.E, C:\Users\User\AppData\Local\Temp\9.tmp.exe, En quarantaine, [a60af84e9a0060d6539be0dfba49fc04],
PUP.Optional.Yontoo, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3me5qic.default\searchplugins\yahoo.xml, En quarantaine, [416f0145e7b338fee62563392adabc44],
PUM.Optional.FireFoxSearchOverride, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z3me5qic.default\user.js, En quarantaine, [1f9192b4e7b3ea4cc68b702c9e662ed2],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité