cjoint

Publicité


Publicité

Commentaire : MBAM1.txt

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 11/12/2016
Heure de l'analyse: 18:14
Fichier journal: MBAM2.txt
Administrateur: Oui

Version: 2.2.1.1043
Base de données de programmes malveillants: v2016.12.11.05
Base de données de rootkits: v2016.11.20.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Coralie

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 327247
Temps écoulé: 22 min, 4 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 0
(Aucun élément malveillant détecté)

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 7
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En quarantaine, [1100cd1955453600fa68e7999d66748c],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [35dc2abc93072e081f8edb66a759d12f],
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En quarantaine, [7a97ffe7a6f4c76fadb53947689b748c],
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}, En quarantaine, [1ff28b5b8f0bb77f2687ed54837d3ec2],
PUP.Optional.InstallCore, HKU\S-1-5-21-2694707582-354999792-1722187687-1000\SOFTWARE\csastats, En quarantaine, [a56cd6107a20f24482dc047cd330659b],
PUP.Optional.SearchManager, HKU\S-1-5-21-2694707582-354999792-1722187687-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En quarantaine, [729fb33349512b0b1483127b847eb050],
PUP.Optional.ProductSetup, HKU\S-1-5-21-2694707582-354999792-1722187687-1000\SOFTWARE\PRODUCTSETUP, En quarantaine, [5cb5f5f183172016ba8e3010f70c55ab],

Valeurs du Registre: 3
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_42¶m1=1¶m2=f[35dc2abc93072e081f8edb66a759d12f]D4%26b[35dc2abc93072e081f8edb66a759d12f]DIE%26cc[35dc2abc93072e081f8edb66a759d12f]Dfr%26pa[35dc2abc93072e081f8edb66a759d12f]Dwincy%26cd[35dc2abc93072e081f8edb66a759d12f]D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyEtDyB0A0F0D0A0C0BzztBtN0D0Tzu0StCyByDtCtN1L2XzutAtFtByEtFtByCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyD0D0DyE0CyEyCtGyC0E0A0FtGtBtA0D0EtGyDzz0ByEtGtByDtD0AtBtB0F0A0AyBtAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyByB0A0ByB0FyEtGyE0AtD0AtGyE0FyD0CtGzzyEyC0BtGtDtCtD0B0EtByBzyyEtA0FtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzyzy%26cr[35dc2abc93072e081f8edb66a759d12f]D1921561775%26a[35dc2abc93072e081f8edb66a759d12f]Dwncy_iobitfs_16_42%26os_ver[35dc2abc93072e081f8edb66a759d12f]D6.1%26os[35dc2abc93072e081f8edb66a759d12f]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}|URL, https://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_42¶m1=1¶m2=f[1ff28b5b8f0bb77f2687ed54837d3ec2]D4%26b[1ff28b5b8f0bb77f2687ed54837d3ec2]DIE%26cc[1ff28b5b8f0bb77f2687ed54837d3ec2]Dfr%26pa[1ff28b5b8f0bb77f2687ed54837d3ec2]Dwincy%26cd[1ff28b5b8f0bb77f2687ed54837d3ec2]D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyEtDyB0A0F0D0A0C0BzztBtN0D0Tzu0StCyByDtCtN1L2XzutAtFtByEtFtByCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyD0D0DyE0CyEyCtGyC0E0A0FtGtBtA0D0EtGyDzz0ByEtGtByDtD0AtBtB0F0A0AyBtAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyByB0A0ByB0FyEtGyE0AtD0AtGyE0FyD0CtGzzyEyC0BtGtDtCtD0B0EtByBzyyEtA0FtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzyzy%26cr[1ff28b5b8f0bb77f2687ed54837d3ec2]D1921561775%26a[1ff28b5b8f0bb77f2687ed54837d3ec2]Dwncy_iobitfs_16_42%26os_ver[1ff28b5b8f0bb77f2687ed54837d3ec2]D6.1%26os[1ff28b5b8f0bb77f2687ed54837d3ec2]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5
PUP.Optional.ProductSetup, HKU\S-1-5-21-2694707582-354999792-1722187687-1000\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, En quarantaine, [5cb5f5f183172016ba8e3010f70c55ab]

Données du Registre: 0
(Aucun élément malveillant détecté)

Dossiers: 1
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FC6A3909-7628-B3CF-F0EE-2D8D6AACA643}, En quarantaine, [927f3ea883177db93183a7eb5ba5b848],

Fichiers: 8
PUP.Optional.SysTweak, C:\Windows\System32\roboot64.exe, En quarantaine, [14fdb82e4e4cda5ce7dd9c97c23e8977],
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FC6A3909-7628-B3CF-F0EE-2D8D6AACA643}\cela, En quarantaine, [927f3ea883177db93183a7eb5ba5b848],
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FC6A3909-7628-B3CF-F0EE-2D8D6AACA643}\anAHO, En quarantaine, [927f3ea883177db93183a7eb5ba5b848],
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FC6A3909-7628-B3CF-F0EE-2D8D6AACA643}\aowLC, En quarantaine, [927f3ea883177db93183a7eb5ba5b848],
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FC6A3909-7628-B3CF-F0EE-2D8D6AACA643}\hdat1, En quarantaine, [927f3ea883177db93183a7eb5ba5b848],
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FC6A3909-7628-B3CF-F0EE-2D8D6AACA643}\hdat2, En quarantaine, [927f3ea883177db93183a7eb5ba5b848],
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{FC6A3909-7628-B3CF-F0EE-2D8D6AACA643}\modela, En quarantaine, [927f3ea883177db93183a7eb5ba5b848],
PUP.Optional.WinYahoo, C:\Users\Coralie\AppData\Local\chromium\User Data\Default\Secure Preferences, Bon : ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Mauvais : ("session":{"restore_on_startup":4,"startup_urls":["https://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_iobitfs_16_42¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyEtDyB0A0F0D0A0C0BzztBtN0D0Tzu0StCyByDtCtN1L2XzutAtFtByEtFtByCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StAyD0D0DyE0CyEyCtGyC0E0A0FtGtBtA0D0EtGyDzz0ByEtGtByDtD0AtBtB0F0A0AyBtAzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EyByB0A0ByB0FyEtGyE0AtD0AtGyE0FyD0CtGzzyEyC0BtGtDtCtD0B0EtByBzyyEtA0FtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzyzy%26cr%3D1921561775%26a%3Dwncy_iobitfs_16_42%26os_ver%3D6.1%26os%3DWindowsRemplacé,[ac659551ccceca6c7ce04c9a9f6441bf]B7Remplacé,[ac659551ccceca6c7ce04c9a9f6441bf]BUltimate"]}}), %5

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité