Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 11/03/2016 Heure de l'analyse: 18:30 Fichier journal: malwarebytes.txt Administrateur: Oui Version: 2.2.0.1024 Base de données de programmes malveillants: v2016.03.11.03 Base de données de rootkits: v2016.02.27.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 10 Processeur: x64 Système de fichiers: NTFS Utilisateur: Alain Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 478516 Temps écoulé: 8 min, 33 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Désactivé Heuristique: Activé PUP: Activé PUM: Activé Processus: 1 Trojan.Downloader, C:\Program Files (x86)\Microsoft\msapplication.exe, 5844, Supprimer au redémarrage, [99e65d290f8aef475211f118b74b9b65] Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 3 PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [8ff0d5b1b0e9c076873a70a4887b8977], PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [f68916703861e74fc6fb7b993dc658a8], PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [e8976a1c089166d095b2a7d68d77758b], Valeurs du Registre: 13 Trojan.Downloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSAPPLICATION, C:\Program Files (x86)\Microsoft\msapplication.exe, En quarantaine, [99e65d290f8aef475211f118b74b9b65] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [8ff0d5b1b0e9c076873a70a4887b8977] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [502f770f554469cd744d3ada51b23bc5] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [84fb8afc9108a393437ec0546d96857b] PUP.Optional.YesSearches, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [d0afef97ff9ae1550eb3dc3823e0946c] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [f68916703861e74fc6fb7b993dc658a8] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [3e413c4a2b6efc3a2e9348ccaf54d42c] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [ec938df9aeeb2f073b86868e41c2da26] PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [cfb05e2877229c9ac4fd977d956e6d93] PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [e8976a1c089166d095b2a7d68d77758b] PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffsengext, En quarantaine, [9be48cfaa3f6c67059ee9ae319eb19e7] PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&q={searchTerms}&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffsengext, En quarantaine, [2c5389fdecadc2744007cdb09371bc44] PUP.Optional.YesSearches, HKU\S-1-5-21-8089510-509479118-430072937-1000\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl, http://www.yessearches.com/chrome.php?uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&ts=AHEpBHYrBnMqAk..&v=20160202&mode=ffexttoolbar&q=, En quarantaine, [0b742462d1c8d56167e0afce7d87c13f] Données du Registre: 0 (Aucun élément malveillant détecté) Dossiers: 0 (Aucun élément malveillant détecté) Fichiers: 8 Trojan.Downloader, C:\Program Files (x86)\Microsoft\msapplication.exe, Supprimer au redémarrage, [99e65d290f8aef475211f118b74b9b65], PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\ZHP\Quarantine\SearchesToYesbnd\shortboost.exe, En quarantaine, [66192066b0e989ad7579ae3ffd0460a0], PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEpBHYrBnMqAk..&v=20160202&uid=EEEB36B42133D24CF48D19994FA485C7&ptid=dam&mode=ffseng");), Remplacé,[bfc07d097b1ea1951021221d46bf07f9] PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (); user_pref("app.update.lastUpdateTime.background-update-timer", 1455612641); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1448382363); ), Remplacé,[fe81acdaa4f57cba4de469d6c93c8878] PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (hile the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_), Remplacé,[5a2589fdd8c1c571d859c17ebf46619f] PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (nning, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeahe), Remplacé,[b2cdd2b436631c1ab67bdb640df8f50b] PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (), Mauvais : (lse); user_pref("app.update.enabled", false); user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1448382243); user_pref("app.update.lastU), Remplacé,[80ff06806831e452fc35e8572fd69e62] PUP.Optional.YesSearches, C:\Users\Alain\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js, Bon : (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (user_pref("browser.startup.homepage", "http://www.yessearches.com), Remplacé,[f18ee3a33069af871728dc63e025ad53] Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)