Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 29/08/2016 Heure de l'analyse: 12:42 Fichier journal: MIMIZ.txt Administrateur: Oui Version: 2.2.1.1043 Base de données de programmes malveillants: v2016.08.29.03 Base de données de rootkits: v2016.08.15.01 Licence: Essai Protection contre les programmes malveillants: Activé Protection contre les sites Web malveillants: Activé Autoprotection: Désactivé Système d'exploitation: Windows 7 Service Pack 1 Processeur: x86 Système de fichiers: NTFS Utilisateur: Hamza Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 299086 Temps écoulé: 28 min, 43 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé Processus: 1 PUP.Optional.Elex, C:\Users\Hamza\AppData\Roaming\GameLauncher\Seviler\Seviler.exe, 3332, , [795e82ce0298c96de46fd302d82c45bb] Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 4 PUP.Optional.ContentDefender, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mwescontroller, , [f4e3c28e435744f275f87baf7d840cf4], PUP.Optional.HohoSearch, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nfileverbecultControlsdertatainniph.exe, , [5f783917d4c62d09ad8b54925aa7768a], Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\Kaspersky_Reset_Trial_4.0.0.22.DynamicNS, , [785f86ca67333afc6a0f7d1935cd6c94], Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\KRT_5.0.0.117_1_.DynamicNS, , [bc1bcd835d3d34021f5a8e0889798878], Valeurs du Registre: 2 PUP.Optional.WinYahoo, HKU\S-1-5-21-4197130071-3650957751-836229277-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_camstd_16_19¶m1=1¶m2=f[5087a3ad574371c5620d28d460a352ae]D2%26b[5087a3ad574371c5620d28d460a352ae]DIE%26cc[5087a3ad574371c5620d28d460a352ae]Ddz%26pa[5087a3ad574371c5620d28d460a352ae]DWincy%26cd[5087a3ad574371c5620d28d460a352ae]D2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEyDtAyD0Fzz0F0F0AtAzztN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyEtCyCtAzy0D0DtGyC0EyCzytGyEzzyE0DtGyByC0CzztGtAzzyBzztC0E0DtA0CtDyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0BtDtBtA0E0AzztG0DtCtB0FtGyEzyyEtAtG0BtAyEzztG0F0AyC0D0EyBzz0FyEtC0ByE2QtN0A0LzuyE%26cr[5087a3ad574371c5620d28d460a352ae]D1761658240%26a[5087a3ad574371c5620d28d460a352ae]Dwbf_camstd_16_19%26os_ver[5087a3ad574371c5620d28d460a352ae]D6.1%26os[5087a3ad574371c5620d28d460a352ae]DWindowsB7BUltimate, %4, %5 PUP.Optional.Elex, HKU\S-1-5-21-4197130071-3650957751-836229277-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Seviler, "C:\Users\Hamza\AppData\Roaming\GameLauncher\Seviler\Seviler.exe", , [795e82ce0298c96de46fd302d82c45bb] Données du Registre: 0 (Aucun élément malveillant détecté) Dossiers: 3 PUP.Optional.Elex, C:\Users\Hamza\AppData\Roaming\GameLauncher\Seviler, , [795e82ce0298c96de46fd302d82c45bb], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}, , [b12673dd4c4eab8be497821b43c12ad6], Fichiers: 33 PUP.Optional.ContentDefender, C:\Windows\System32\drivers\mwescontroller.sys, , [f4e3c28e435744f275f87baf7d840cf4], PUP.Optional.HohoSearch, C:\Program Files\Plufertnenule\nfileverbecultControlsdertatainniph.exe, , [5f783917d4c62d09ad8b54925aa7768a], PUP.Optional.ContentDefender, C:\Users\Hamza\AppData\Roaming\ZHP\Quarantine\My Web Shield\mwescontroller.sys, , [a0376ae6f2a867cf6a038aa0bf429c64], PUP.Optional.ContentDefender, C:\Users\Hamza\AppData\Roaming\ZHP\Quarantine\My Web Shield\My Web Shield.zip, , [3f9887c9f3a7e056df8e6bbfe120e51b], PUP.Optional.HohoSearch, C:\Program Files\Plufertnenule\nfileverbecultControlsrefsetames.exe, , [993e341c7129f343fc3cfcea02ff55ab], PUP.Optional.RelevantKnowledge, C:\Users\Hamza\AppData\Local\Temp\CSM14E7.tmp, , [17c037197b1fa690cc3f2e4f73917789], HackTool.Kiser, C:\Users\Hamza\Downloads\KRT 2.1 By CHeeToS-S4A.rar, , [cd0a7ad65941ad89887d021d19e716ea], RiskWare.Tool.HCK, C:\Users\Hamza\Downloads\KRT_5.1.0.17.rar, , [85527ad6ddbd0e287837b65a4fb25da3], PUP.Optional.BundleInstaller, C:\Users\Hamza\Downloads\microsoft-access-2010.exe, , [74632d23a3f7ed4955aed58e6b95e719], PUP.Optional.SearchManager, C:\Users\Hamza\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, , [0bccc58ba0fad561dacd7387a55ed030], PUP.Optional.GsearchFinder, C:\Users\Hamza\AppData\Roaming\Profiles\anakackckeqeghzvoward\extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, , [7067e36dd1c9b77f3e4042bbe91a9d63], PUP.Optional.Elex, C:\Users\Hamza\AppData\Roaming\GameLauncher\Seviler\Seviler.exe, , [795e82ce0298c96de46fd302d82c45bb], PUP.Optional.Ghokswa, C:\ProgramData\G??gl? ?hr?m?.lnk.bat, Bon : (), Mauvais : (start "" "C:\Users\Hamza\AppData\Roaming\HPWriter\WrStar.exe" "http://www.trotux.com/?z=58d550fec9028b5fb487c0fg6z9m3g9wezebcwdgdw&from=isr&uid=ST9320310AS_5WV0PJTJXXXX5WV0PJTJ&type=hp"), ,[7e59321e049611250b93309c798b44bc] PUP.Optional.Ghokswa, C:\ProgramData\??zill? Fir?f??.lnk.bat, Bon : (), Mauvais : (start "" "C:\Users\Hamza\AppData\Roaming\HPWriter\WrStar.exe" "http://www.trotux.com/?z=58d550fec9028b5fb487c0fg6z9m3g9wezebcwdgdw&from=isr&uid=ST9320310AS_5WV0PJTJXXXX5WV0PJTJ&type=hp"), ,[50872030a3f7cc6a069aa626ca3aca36] PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\HowToRemove.html, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\chromium-min.jpg, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\control panel-min-min.JPG, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\down.png, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\ff menu.JPG, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\ff search engine-min.png, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\hp-min ff.png, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\hp-min ie.png, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\search engine.gif, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\setup pages.gif, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\sp-min.png, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\start-min.jpg, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\HowToRemove\up.png, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\bapi.dat, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\cide, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\info.dat, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\install.log, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\noce, , [b12673dd4c4eab8be497821b43c12ad6], PUP.Optional.WinYahoo, C:\Users\Hamza\AppData\Local\{4EEC78B0-6A44-1408-07DC-31E023B4CD78}\uninst.dat, , [b12673dd4c4eab8be497821b43c12ad6], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)