Publicité
Publicité
Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Date de l'analyse: 2015-09-12
Heure de l'analyse: 14:37
Fichier journal: Malwarebytes Journal de l'historique de l'analyse.txt
Administrateur: Oui
Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.09.12.03
Base de données de rootkits: v2015.08.16.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: JACKFL
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 391578
Temps écoulé: 45 min, 43 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 0
(Aucun élément malveillant détecté)
Modules: 0
(Aucun élément malveillant détecté)
Clés du registre: 4
PUP.Optional.InstallCore, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\ICSW1.14, En quarantaine, [39ca58d755361b1b13d6b1e9d82c629e],
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\wincy, En quarantaine, [3ec57eb12863e74f252950d9f310f50b],
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}, En quarantaine, [ec171817018a9e989533e3ddc44007f9],
PUP.Optional.ProductSetup, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\PRODUCTSETUP, En quarantaine, [0ef539f6503b4de9eb0af2b9768ea957],
Valeurs du registre: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}|URL, http://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f[ec171817018a9e989533e3ddc44007f9]D4%26b[ec171817018a9e989533e3ddc44007f9]DIE%26cc[ec171817018a9e989533e3ddc44007f9]Dca%26pa[ec171817018a9e989533e3ddc44007f9]DWincy%26cd[ec171817018a9e989533e3ddc44007f9]D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr[ec171817018a9e989533e3ddc44007f9]D907486232%26a[ec171817018a9e989533e3ddc44007f9]Dwncy_sumalq_15_37%26os[ec171817018a9e989533e3ddc44007f9]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}|TopResultURLFallback, http://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f[ba49d956a7e494a2a22606bae71d847c]D4%26b[ba49d956a7e494a2a22606bae71d847c]DIE%26cc[ba49d956a7e494a2a22606bae71d847c]Dca%26pa[ba49d956a7e494a2a22606bae71d847c]DWincy%26cd[ba49d956a7e494a2a22606bae71d847c]D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr[ba49d956a7e494a2a22606bae71d847c]D907486232%26a[ba49d956a7e494a2a22606bae71d847c]Dwncy_sumalq_15_37%26os[ba49d956a7e494a2a22606bae71d847c]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5
PUP.Optional.ProductSetup, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\PRODUCTSETUP|tb, 0B1N1R1G2R, En quarantaine, [0ef539f6503b4de9eb0af2b9768ea957]
Données du registre: 0
(Aucun élément malveillant détecté)
Dossiers: 0
(Aucun élément malveillant détecté)
Fichiers: 3
PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Local\Chromium\User Data\Default\Secure Preferences, Bon : ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Mauvais : ("session":{"restore_on_startup":4,"startup_urls":["http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D907486232%26a%3Dwncy_sumalq_15_37%26os%3DWindowsRemplacé,[39ca210eb4d7b680f3b8d5d334d143bd]B7Remplacé,[39ca210eb4d7b680f3b8d5d334d143bd]BUltimate&uref=chmm"]}}), %5
PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js, Bon : (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (browser.startup.homepage", "http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), Remplacé,[ce35c06fafdc45f101a72484af56827e]
PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Roaming\Mozilla\Firefox\Profiles\wh2uftnb.default\prefs.js, Bon : (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (browser.startup.homepage", "http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), Remplacé,[73902c038dfe85b14c5c38702dd827d9]
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)
www.malwarebytes.org
Date de l'analyse: 2015-09-12
Heure de l'analyse: 14:37
Fichier journal: Malwarebytes Journal de l'historique de l'analyse.txt
Administrateur: Oui
Version: 2.1.8.1057
Base de données de programmes malveillants: v2015.09.12.03
Base de données de rootkits: v2015.08.16.01
Licence: Gratuit
Protection contre les programmes malveillants: Désactivé
Protection contre les sites Web malveillants: Désactivé
Autoprotection: Désactivé
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: JACKFL
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 391578
Temps écoulé: 45 min, 43 s
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé
Processus: 0
(Aucun élément malveillant détecté)
Modules: 0
(Aucun élément malveillant détecté)
Clés du registre: 4
PUP.Optional.InstallCore, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\ICSW1.14, En quarantaine, [39ca58d755361b1b13d6b1e9d82c629e],
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\wincy, En quarantaine, [3ec57eb12863e74f252950d9f310f50b],
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}, En quarantaine, [ec171817018a9e989533e3ddc44007f9],
PUP.Optional.ProductSetup, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\PRODUCTSETUP, En quarantaine, [0ef539f6503b4de9eb0af2b9768ea957],
Valeurs du registre: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}|URL, http://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f[ec171817018a9e989533e3ddc44007f9]D4%26b[ec171817018a9e989533e3ddc44007f9]DIE%26cc[ec171817018a9e989533e3ddc44007f9]Dca%26pa[ec171817018a9e989533e3ddc44007f9]DWincy%26cd[ec171817018a9e989533e3ddc44007f9]D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr[ec171817018a9e989533e3ddc44007f9]D907486232%26a[ec171817018a9e989533e3ddc44007f9]Dwncy_sumalq_15_37%26os[ec171817018a9e989533e3ddc44007f9]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}|TopResultURLFallback, http://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f[ba49d956a7e494a2a22606bae71d847c]D4%26b[ba49d956a7e494a2a22606bae71d847c]DIE%26cc[ba49d956a7e494a2a22606bae71d847c]Dca%26pa[ba49d956a7e494a2a22606bae71d847c]DWincy%26cd[ba49d956a7e494a2a22606bae71d847c]D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr[ba49d956a7e494a2a22606bae71d847c]D907486232%26a[ba49d956a7e494a2a22606bae71d847c]Dwncy_sumalq_15_37%26os[ba49d956a7e494a2a22606bae71d847c]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5
PUP.Optional.ProductSetup, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\PRODUCTSETUP|tb, 0B1N1R1G2R, En quarantaine, [0ef539f6503b4de9eb0af2b9768ea957]
Données du registre: 0
(Aucun élément malveillant détecté)
Dossiers: 0
(Aucun élément malveillant détecté)
Fichiers: 3
PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Local\Chromium\User Data\Default\Secure Preferences, Bon : ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Mauvais : ("session":{"restore_on_startup":4,"startup_urls":["http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D907486232%26a%3Dwncy_sumalq_15_37%26os%3DWindowsRemplacé,[39ca210eb4d7b680f3b8d5d334d143bd]B7Remplacé,[39ca210eb4d7b680f3b8d5d334d143bd]BUltimate&uref=chmm"]}}), %5
PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js, Bon : (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (browser.startup.homepage", "http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), Remplacé,[ce35c06fafdc45f101a72484af56827e]
PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Roaming\Mozilla\Firefox\Profiles\wh2uftnb.default\prefs.js, Bon : (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (browser.startup.homepage", "http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), Remplacé,[73902c038dfe85b14c5c38702dd827d9]
Secteurs physiques: 0
(Aucun élément malveillant détecté)
(end)