rapport-4.txt

Document joint : HBqd6l2oI46_rapport-4.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 16/02/2018
Heure de l'analyse: 04:38
Fichier journal: e924c15a-12ca-11e8-8fa3-0250f2ab3450.json
Administrateur: Oui

-Informations du logiciel-
Version: 3.3.1.2183
Version de composants: 1.0.262
Version de pack de mise à jour: 1.0.3964
Licence: Gratuit

-Informations système-
Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: KRYSTEL\krystel

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 436380
Menaces détectées: 69
Menaces mises en quarantaine: 69
Temps écoulé: 11 min, 34 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 7
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0B5FE6D0-AF4C-461C-AF7D-CFD1876C8519}, En quarantaine, [203], [259199],1.0.3964
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [526], [236865],1.0.3964
PUP.Optional.Conduit, HKU\S-1-5-21-3903720869-3876561350-3014114460-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En quarantaine, [526], [236865],1.0.3964
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr, En quarantaine, [4629], [244209],1.0.3964
PUP.Optional.Uniblue, HKLM\SOFTWARE\CLASSES\pc-mechanic, En quarantaine, [1161], [327238],1.0.3964
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0B5FE6D0-AF4C-461C-AF7D-CFD1876C8519}, En quarantaine, [203], [237511],1.0.3964
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\f0c86825-8c98-412a-8e06-588966d87872-7, En quarantaine, [203], [237511],1.0.3964

Valeur du registre: 10
Trojan.Agent.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En quarantaine, [1999], [-1],0.0.0
Trojan.Agent.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En quarantaine, [1999], [-1],0.0.0
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0B5FE6D0-AF4C-461C-AF7D-CFD1876C8519}|PATH, En quarantaine, [203], [259199],1.0.3964
PUP.Optional.Conduit, HKU\S-1-5-21-3903720869-3876561350-3014114460-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En quarantaine, [526], [236865],1.0.3964
PUP.Optional.Conduit, HKU\S-1-5-21-3903720869-3876561350-3014114460-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, En quarantaine, [526], [236865],1.0.3964
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|HQPROVIDEO 1.6V10.01-BG.EXE, En quarantaine, [1010], [260099],1.0.3964
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|MEDIA+PLAYERVIDED2.5-BG.EXE, En quarantaine, [1010], [260099],1.0.3964
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SMARTSAVER+ 21-BG.EXE, En quarantaine, [1010], [260099],1.0.3964
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|CLIP-HIGH_D_06-BG.EXE, En quarantaine, [1010], [260099],1.0.3964
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, En quarantaine, [4629], [244209],1.0.3964

Données du registre: 4
Trojan.Agent.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, Remplacé, [1999], [362644],1.0.3964
PUP.Optional.Conduit, HKU\S-1-5-21-3903720869-3876561350-3014114460-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Remplacé, [526], [293058],1.0.3964
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Remplacé, [57], [293283],1.0.3964
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Remplacé, [57], [293283],1.0.3964

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 7
PUP.Optional.Movix, C:\Users\krystel\AppData\Roaming\Mozilla\Firefox\Profiles\mha4kykv.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage, En quarantaine, [543], [178563],1.0.3964
PUP.Optional.Movix, C:\USERS\KRYSTEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHA4KYKV.DEFAULT\JETPACK\caa1-aDOiCAxFFMOVIX@jetpack, En quarantaine, [543], [178563],1.0.3964
Trojan.Agent.AppFlsh, C:\ProgramData\{EC2D04EE-BCAF-D568-0D29-A5EADDAB7664}\1.7.1.0, En quarantaine, [1999], [362644],1.0.3964
Trojan.Agent.AppFlsh, C:\PROGRAMDATA\{EC2D04EE-BCAF-D568-0D29-A5EADDAB7664}, En quarantaine, [1999], [362644],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{1F92DAF1-95D0-5037-1316-CE75895445BB}, En quarantaine, [483], [484243],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\USERS\KRYSTEL\APPDATA\LOCAL\{76D0408C-5278-2C34-3FE0-09DC1B88F544}, En quarantaine, [483], [484244],1.0.3964

Fichier: 41
PUP.Optional.Movix, C:\Users\krystel\AppData\Roaming\Mozilla\Firefox\Profiles\mha4kykv.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage\store.json, En quarantaine, [543], [178563],1.0.3964
Trojan.Agent.AppFlsh, C:\PROGRAMDATA\{EC2D04EE-BCAF-D568-0D29-A5EADDAB7664}\1.7.1.0\mina.dll, En quarantaine, [1999], [362644],1.0.3964
Trojan.Agent.AppFlsh, C:\ProgramData\{EC2D04EE-BCAF-D568-0D29-A5EADDAB7664}\1.7.1.0\dExtent, En quarantaine, [1999], [362644],1.0.3964
Trojan.Agent.AppFlsh, C:\ProgramData\{EC2D04EE-BCAF-D568-0D29-A5EADDAB7664}\1.7.1.0\extent, En quarantaine, [1999], [362644],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\{1F92DAF1-95D0-5037-1316-CE75895445BB}\midi, En quarantaine, [483], [484243],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{1F92DAF1-95D0-5037-1316-CE75895445BB}\defa.txt, En quarantaine, [483], [484243],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{1F92DAF1-95D0-5037-1316-CE75895445BB}\hdat1, En quarantaine, [483], [484243],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{1F92DAF1-95D0-5037-1316-CE75895445BB}\hdat2, En quarantaine, [483], [484243],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\ProgramData\{1F92DAF1-95D0-5037-1316-CE75895445BB}\maliri, En quarantaine, [483], [484243],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\USERS\KRYSTEL\APPDATA\LOCAL\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\foda, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\chromium-min.jpg, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\control panel-min-min.JPG, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\down.png, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\ff menu.JPG, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\ff search engine-min.png, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\HowToRemove.html, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\hp-min ff.png, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\hp-min ie.png, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\search engine.gif, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\setup pages.gif, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\sp-min.png, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\start-min.jpg, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\HowToRemove\up.png, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\bapi16.dat, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\bapi17.dat, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\install.log, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\lisa, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\Sqlite3.dll, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\tale, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\uninst.dat, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinYahoo.TskLnk, C:\Users\krystel\AppData\Local\{76D0408C-5278-2C34-3FE0-09DC1B88F544}\uninst.exe, En quarantaine, [483], [484244],1.0.3964
PUP.Optional.WinBing, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DSENGINE.CFG, En quarantaine, [1535], [474787],1.0.3964
PUP.Optional.WinBing, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\DSENGINE.JS, En quarantaine, [1535], [474786],1.0.3964
PUP.Optional.Conduit, C:\USERS\KRYSTEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MHA4KYKV.DEFAULT\PREFS.JS, Remplacé, [526], [301520],1.0.3964
Generic.Malware/Suspicious, C:\USERS\KRYSTEL\APPDATA\ROAMING\ZHP\QUARANTINE\NSI1298.TMP, En quarantaine, [0], [392686],1.0.3964
Generic.Malware/Suspicious, C:\USERS\KRYSTEL\APPDATA\ROAMING\ZHP\QUARANTINE\NSS115A.TMP, En quarantaine, [0], [392686],1.0.3964
Generic.Malware/Suspicious, C:\USERS\KRYSTEL\APPDATA\ROAMING\ZHP\QUARANTINE\NSODA76.TMP, En quarantaine, [0], [392686],1.0.3964
Trojan.Floxif, C:\USERS\KRYSTEL\DOWNLOADS\CCSETUP533.EXE, En quarantaine, [5464], [436382],1.0.3964
PUP.Optional.BundleInstaller, C:\USERS\KRYSTEL\DOWNLOADS\INSTALL-OPENOFFICE-2.EXE, En quarantaine, [18], [326144],1.0.3964
PUP.Optional.SecurySearch, C:\USERS\KRYSTEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Remplacé, [1393], [479531],1.0.3964
PUP.Optional.SecurySearch, C:\USERS\KRYSTEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Remplacé, [1393], [479531],1.0.3964

Secteur physique: 0
(Aucun élément malveillant détecté)

(end)

Signaler le contenu de ce document