Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 04/01/2016 Heure de l'analyse: 01:40 Fichier journal: mbam_log.txt Administrateur: Oui Version: 2.2.0.1024 Base de données de programmes malveillants: v2016.01.03.05 Base de données de rootkits: v2015.12.26.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 10 Processeur: x64 Système de fichiers: NTFS Utilisateur: MAHDI Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 448421 Temps écoulé: 27 min, 26 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 4 PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Supprimer au redémarrage, [87ba5dd8c8d19b9b2b6250476b9820e0], PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Supprimer au redémarrage, [fd44cd685d3c3402f994f5a2f013857b], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, En quarantaine, [c08166cf7a1f3afc5e492aeb18ec12ee], PUP.Optional.WinYahoo, HKU\S-1-5-21-668316366-369809051-4075205683-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{83443A5F-63AC-11E5-8271-68F7288EBF75}, En quarantaine, [301151e45d3c37ff5e2726bc0bf8a060], Valeurs du Registre: 6 PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, En quarantaine, [0938a095a8f1191d39d069a107fd60a0], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, En quarantaine, [6ad785b00495162074955baf3dc7a858], PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, En quarantaine, [1928f63fcdccb77ffb0efa10d52f15eb], PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, globalupdate Helper, En quarantaine, [c08166cf7a1f3afc5e492aeb18ec12ee] PUP.Optional.WinYahoo, HKU\S-1-5-21-668316366-369809051-4075205683-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{83443A5F-63AC-11E5-8271-68F7288EBF75}|URL, https://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f[301151e45d3c37ff5e2726bc0bf8a060]D4%26b[301151e45d3c37ff5e2726bc0bf8a060]DIE%26cc[301151e45d3c37ff5e2726bc0bf8a060]Din%26pa[301151e45d3c37ff5e2726bc0bf8a060]DWincy%26cd[301151e45d3c37ff5e2726bc0bf8a060]D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr[301151e45d3c37ff5e2726bc0bf8a060]D1904209555%26a[301151e45d3c37ff5e2726bc0bf8a060]Dwncy_pwrisofs_15_44%26os[301151e45d3c37ff5e2726bc0bf8a060]DWindowsEn quarantaineB10En quarantaineBHome&p={searchTerms}, %4, %5 PUP.Optional.WinYahoo, HKU\S-1-5-21-668316366-369809051-4075205683-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{83443A5F-63AC-11E5-8271-68F7288EBF75}|TopResultURLFallback, https://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f[20214de8afea77bf4144ad3504ff5ba5]D4%26b[20214de8afea77bf4144ad3504ff5ba5]DIE%26cc[20214de8afea77bf4144ad3504ff5ba5]Din%26pa[20214de8afea77bf4144ad3504ff5ba5]DWincy%26cd[20214de8afea77bf4144ad3504ff5ba5]D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr[20214de8afea77bf4144ad3504ff5ba5]D1904209555%26a[20214de8afea77bf4144ad3504ff5ba5]Dwncy_pwrisofs_15_44%26os[20214de8afea77bf4144ad3504ff5ba5]DWindowsEn quarantaineB10En quarantaineBHome&p={searchTerms}, %4, %5 Données du Registre: 1 PUP.Optional.WinYahoo, HKU\S-1-5-21-668316366-369809051-4075205683-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=fMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]D1%26bMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]DIE%26ccMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]Din%26paMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]DWincy%26cdMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26crMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]D1904209555%26aMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]Dwncy_pwrisofs_15_44%26osMauvais : (https://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_44¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtByB0EtAyD0EyEtC0AtCtDyD0BtD0CtN0D0Tzu0StCyEtDtDtN1L2XzutAtFtCyDtFtDtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0BtA0CzzyBtAtGtCyBzzzztGtAzyyEyCtGyCzy0F0DtGtBtA0EzytDyB0CyCyD0BzytB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0EyD0CyC0CyBtGzz0A0EzytGyE0DyE0FtGzztAzyyDtG0B0C0ByD0B0C0FyBtBtA0B0D2QtN0A0LzuyE%26cr%3D1904209555%26a%3Dwncy_pwrisofs_15_44%26os%3DWindows%2B10%2BHome),Remplacé,[94ad0a2bd0c972c45a1f7c24aa5a32ce]DWindowsBon : (www.google.com)B10Bon : (www.google.com)BHome, %4, %5 Dossiers: 0 (Aucun élément malveillant détecté) Fichiers: 2 PUP.Optional.PastaLeads, C:\Users\Mahdi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_nps.pastaleads.com_0.localstorage, En quarantaine, [fb4637feb0e9cb6b1247667ba75c6c94], PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HOWTOREMOVE.HTML.LNK, En quarantaine, [8db45fd61a7f1c1a86fdc3548c783ec2], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)