Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 2015-09-12 Heure de l'analyse: 14:37 Fichier journal: Malwarebytes Journal de l'historique de l'analyse.txt Administrateur: Oui Version: 2.1.8.1057 Base de données de programmes malveillants: v2015.09.12.03 Base de données de rootkits: v2015.08.16.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 7 Service Pack 1 Processeur: x64 Système de fichiers: NTFS Utilisateur: JACKFL Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 391578 Temps écoulé: 45 min, 43 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 0 (Aucun élément malveillant détecté) Clés du registre: 4 PUP.Optional.InstallCore, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\ICSW1.14, En quarantaine, [39ca58d755361b1b13d6b1e9d82c629e], PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\wincy, En quarantaine, [3ec57eb12863e74f252950d9f310f50b], PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}, En quarantaine, [ec171817018a9e989533e3ddc44007f9], PUP.Optional.ProductSetup, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\PRODUCTSETUP, En quarantaine, [0ef539f6503b4de9eb0af2b9768ea957], Valeurs du registre: 3 PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}|URL, http://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f[ec171817018a9e989533e3ddc44007f9]D4%26b[ec171817018a9e989533e3ddc44007f9]DIE%26cc[ec171817018a9e989533e3ddc44007f9]Dca%26pa[ec171817018a9e989533e3ddc44007f9]DWincy%26cd[ec171817018a9e989533e3ddc44007f9]D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr[ec171817018a9e989533e3ddc44007f9]D907486232%26a[ec171817018a9e989533e3ddc44007f9]Dwncy_sumalq_15_37%26os[ec171817018a9e989533e3ddc44007f9]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5 PUP.Optional.WinYahoo, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4BD2A6F0-B55F-4BD4-981B-44AD4946B9E6}|TopResultURLFallback, http://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f[ba49d956a7e494a2a22606bae71d847c]D4%26b[ba49d956a7e494a2a22606bae71d847c]DIE%26cc[ba49d956a7e494a2a22606bae71d847c]Dca%26pa[ba49d956a7e494a2a22606bae71d847c]DWincy%26cd[ba49d956a7e494a2a22606bae71d847c]D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr[ba49d956a7e494a2a22606bae71d847c]D907486232%26a[ba49d956a7e494a2a22606bae71d847c]Dwncy_sumalq_15_37%26os[ba49d956a7e494a2a22606bae71d847c]DWindowsEn quarantaineB7En quarantaineBUltimate&p={searchTerms}, %4, %5 PUP.Optional.ProductSetup, HKU\S-1-5-21-1452870122-1747318372-3773082617-1001\SOFTWARE\PRODUCTSETUP|tb, 0B1N1R1G2R, En quarantaine, [0ef539f6503b4de9eb0af2b9768ea957] Données du registre: 0 (Aucun élément malveillant détecté) Dossiers: 0 (Aucun élément malveillant détecté) Fichiers: 3 PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Local\Chromium\User Data\Default\Secure Preferences, Bon : ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Mauvais : ("session":{"restore_on_startup":4,"startup_urls":["http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sumalq_15_37¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0B0A0B0AtA0EtCtB0CyCtN0D0Tzu0StCtAyEzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtCtC0C0CzzyB0CtGtCtBzz0DtGyEyC0AtDtG0A0F0ByDtG0F0AtA0D0ByEyDtC0EzzyB0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0FyEzyyDyCzzyCtG0A0BtAtAtGyEtBzztBtGzzzytD0CtGtDzy0EyEtD0F0BzytD0CyByC2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D907486232%26a%3Dwncy_sumalq_15_37%26os%3DWindowsRemplacé,[39ca210eb4d7b680f3b8d5d334d143bd]B7Remplacé,[39ca210eb4d7b680f3b8d5d334d143bd]BUltimate&uref=chmm"]}}), %5 PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js, Bon : (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (browser.startup.homepage", "http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), Remplacé,[ce35c06fafdc45f101a72484af56827e] PUP.Optional.WinYahoo, C:\Users\JACKFL\AppData\Roaming\Mozilla\Firefox\Profiles\wh2uftnb.default\prefs.js, Bon : (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (browser.startup.homepage", "http://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy), Remplacé,[73902c038dfe85b14c5c38702dd827d9] Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)