Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'analyse: 11/03/2016
Heure de l'analyse: 18:30
Fichier journal: malwarebytes.txt
Administrateur: Oui
Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.03.11.03
Base de données de rootkits: v2016.02.27.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Alain
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 478516
Temps écoulé: 8 min, 33 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 1
Trojan.Downloader, C:\Program Files (x86)\Microsoft\msapplication.exe, 5844, Supprimer au redémarrage, [99e65d290f8aef475211f118b74b9b65]
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 3
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [8ff0d5b1b0e9c076873a70a4887b8977],
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [f68916703861e74fc6fb7b993dc658a8],
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [e8976a1c089166d095b2a7d68d77758b],
Valeurs du Registre: 13
Trojan.Downloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSAPPLICATION, C:\Program Files (x86)\Microsoft\msapplication.exe, En quarantaine, [99e65d290f8aef475211f118b74b9b65]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [8ff0d5b1b0e9c076873a70a4887b8977]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [502f770f554469cd744d3ada51b23bc5]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [84fb8afc9108a393437ec0546d96857b]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [d0afef97ff9ae1550eb3dc3823e0946c]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [f68916703861e74fc6fb7b993dc658a8]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [3e413c4a2b6efc3a2e9348ccaf54d42c]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [ec938df9aeeb2f073b86868e41c2da26]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [cfb05e2877229c9ac4fd977d956e6d93]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [e8976a1c089166d095b2a7d68d77758b]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [9be48cfaa3f6c67059ee9ae319eb19e7]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [2c5389fdecadc2744007cdb09371bc44]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [0b742462d1c8d56167e0afce7d87c13f]
Données du Registre: 0
(Aucun élément malveillant détecté)
Dossiers: 0
(Aucun élément malveillant détecté)
Fichiers: 8
Trojan.Downloader, C:\Program Files (x86)\Microsoft\msapplication.exe, Supprimer au redémarrage, [99e65d290f8aef475211f118b74b9b65],
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\ZHP\Quarantine\SearchesToYesbnd\shortboost.exe, En quarantaine, [66192066b0e989ad7579ae3ffd0460a0],
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffseng");), Remplacé,[bfc07d097b1ea1951021221d46bf07f9]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : ();
user_pref("app.update.lastUpdateTime.background-update-timer", 1455612641);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1448382363);
), Remplacé,[fe81acdaa4f57cba4de469d6c93c8878]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (hile the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
user_), Remplacé,[5a2589fdd8c1c571d859c17ebf46619f]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (nning,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
user_pref("accessibility.typeahe), Remplacé,[b2cdd2b436631c1ab67bdb640df8f50b]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (lse);
user_pref("app.update.enabled", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1448382243);
user_pref("app.update.lastU), Remplacé,[80ff06806831e452fc35e8572fd69e62]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (user_pref("browser.startup.homepage", "http://www.yessearches.com), Remplacé,[f18ee3a33069af871728dc63e025ad53]
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)
www.malwarebytes.org
Date de l'analyse: 11/03/2016
Heure de l'analyse: 18:30
Fichier journal: malwarebytes.txt
Administrateur: Oui
Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.03.11.03
Base de données de rootkits: v2016.02.27.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Alain
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 478516
Temps écoulé: 8 min, 33 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 1
Trojan.Downloader, C:\Program Files (x86)\Microsoft\msapplication.exe, 5844, Supprimer au redémarrage, [99e65d290f8aef475211f118b74b9b65]
Modules: 0
(Aucun élément malveillant détecté)
Clés du Registre: 3
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [8ff0d5b1b0e9c076873a70a4887b8977],
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [f68916703861e74fc6fb7b993dc658a8],
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [e8976a1c089166d095b2a7d68d77758b],
Valeurs du Registre: 13
Trojan.Downloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSAPPLICATION, C:\Program Files (x86)\Microsoft\msapplication.exe, En quarantaine, [99e65d290f8aef475211f118b74b9b65]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [8ff0d5b1b0e9c076873a70a4887b8977]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [502f770f554469cd744d3ada51b23bc5]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [84fb8afc9108a393437ec0546d96857b]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [d0afef97ff9ae1550eb3dc3823e0946c]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [f68916703861e74fc6fb7b993dc658a8]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [3e413c4a2b6efc3a2e9348ccaf54d42c]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [ec938df9aeeb2f073b86868e41c2da26]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [cfb05e2877229c9ac4fd977d956e6d93]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [e8976a1c089166d095b2a7d68d77758b]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [9be48cfaa3f6c67059ee9ae319eb19e7]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [2c5389fdecadc2744007cdb09371bc44]
PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [0b742462d1c8d56167e0afce7d87c13f]
Données du Registre: 0
(Aucun élément malveillant détecté)
Dossiers: 0
(Aucun élément malveillant détecté)
Fichiers: 8
Trojan.Downloader, C:\Program Files (x86)\Microsoft\msapplication.exe, Supprimer au redémarrage, [99e65d290f8aef475211f118b74b9b65],
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\ZHP\Quarantine\SearchesToYesbnd\shortboost.exe, En quarantaine, [66192066b0e989ad7579ae3ffd0460a0],
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffseng");), Remplacé,[bfc07d097b1ea1951021221d46bf07f9]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : ();
user_pref("app.update.lastUpdateTime.background-update-timer", 1455612641);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1448382363);
), Remplacé,[fe81acdaa4f57cba4de469d6c93c8878]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (hile the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
user_), Remplacé,[5a2589fdd8c1c571d859c17ebf46619f]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (nning,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
user_pref("accessibility.typeahe), Remplacé,[b2cdd2b436631c1ab67bdb640df8f50b]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (lse);
user_pref("app.update.enabled", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1448382243);
user_pref("app.update.lastU), Remplacé,[80ff06806831e452fc35e8572fd69e62]
PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (user_pref("browser.startup.homepage", "http://www.yessearches.com), Remplacé,[f18ee3a33069af871728dc63e025ad53]
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)