Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 08/03/2016 Heure de l'analyse: 19:55 Fichier journal: mbm.txt Administrateur: Oui Version: 2.2.0.1024 Base de données de programmes malveillants: v2016.03.08.06 Base de données de rootkits: v2016.02.27.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 10 Processeur: x64 Système de fichiers: NTFS Utilisateur: Karine Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 392927 Temps écoulé: 24 min, 50 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 2 PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9AC2BA14-C8EE-41B6-B7DD-85CC77297D41}, Supprimer au redémarrage, [4b0bc0c52376cd693e8d413b3ec609f7], PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81D00973}, En quarantaine, [f066bdc8b6e344f2d2e1740ac73d4fb1], Valeurs du Registre: 7 PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9AC2BA14-C8EE-41B6-B7DD-85CC77297D41}|Path, \SMW_UpdateTask_Time_313435333835383834322d325b573423416c45555a2a6c, Supprimer au redémarrage, [4b0bc0c52376cd693e8d413b3ec609f7] PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{81d00973}|1, 1456049703, En quarantaine, [f066bdc8b6e344f2d2e1740ac73d4fb1] Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{1304bfaa-1025-470a-8925-50353cc5836b}|NameServer, 82.163.143.171 82.163.142.173, En quarantaine, [87cf7312b5e4c076c2c3284afc08b34d] Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{38e6c61e-a78f-4734-9d50-de4c9437f516}|NameServer, 82.163.143.171 82.163.142.173, En quarantaine, [bc9aef969603cb6b4243dd95ff059070] Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{58eda661-990e-4a7c-b33f-37893540400d}|NameServer, 82.163.143.171 82.163.142.173, En quarantaine, [094d04819efb41f589fc1e5439cb22de] Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{c3f4ff83-fe8e-4b15-8bc0-d47b642bba0c}|NameServer, 82.163.143.171 82.163.142.173, En quarantaine, [68eeed981881f2441e67a3cf1fe5fb05] PUP.Optional.BrowserAir, HKU\S-1-5-21-834990444-1505823523-4223169436-1001\SOFTWARE\REGISTEREDAPPLICATIONS|BrowserAir.ATNF463UELHJJ7YFW7YBVMVMPM, Software\Clients\StartMenuInternet\BrowserAir.ATNF463UELHJJ7YFW7YBVMVMPM\Capabilities, En quarantaine, [193d1570c2d7e5513e8f3b422dd7fc04] Données du Registre: 1 Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Bon : (8.8.8.8), Mauvais : (82.163.143.171 82.163.142.173),Remplacé,[57ffe99c5841dc5a784ce02d83829868] Dossiers: 4 PUP.Optional.Amonetize, C:\ProgramData\{02d6c85e-312c-1}, En quarantaine, [a3b33055d1c88da921c1ad5e3dc6be42], PUP.Optional.Amonetize, C:\ProgramData\{05aa1434-712c-0}, En quarantaine, [0d49ea9b148550e68b571dee778c9a66], PUP.Optional.Amonetize, C:\ProgramData\{1174878f-212c-1}, En quarantaine, [d086afd6f4a5082ed210c645a55e22de], PUP.Optional.Amonetize, C:\ProgramData\{25c11841-012c-0}, En quarantaine, [a7afb8cdbbdeeb4b7f63bb5058ab8d73], Fichiers: 16 PUP.Optional.PastaLeads, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_nps.pastaleads.com_0.localstorage, En quarantaine, [5006c3c2bedb7abca45af044ca3afd03], PUP.Optional.PastaLeads, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, En quarantaine, [3a1c1075cfcadf5745b920147094b34d], PUP.Optional.PastaLeads, C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, En quarantaine, [b5a15a2bacede155e5a2ac8ad232b749], PUP.Optional.PastaLeads, C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, En quarantaine, [11452d580d8c3df9a1e62f0723e1c63a], PUP.Optional.eShopComp, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, En quarantaine, [74e2e5a09ffaa393169f353d8e7631cf], PUP.Optional.eShopComp, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, En quarantaine, [065097ee85147fb76550d79b37cde917], PUP.Optional.UTop, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_utop.it_0.localstorage, En quarantaine, [0f47fb8ad7c260d6f5cd9bda59ab09f7], PUP.Optional.UTop, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_utop.it_0.localstorage-journal, En quarantaine, [6beb05801a7f1f17bb07df9644c0f30d], PUP.Optional.CrossRider, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, En quarantaine, [aaac91f4cecb1a1c11fe9fd7de2615eb], PUP.Optional.CrossRider, C:\Users\Karine\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, En quarantaine, [5ef8157086132b0b1cf34e284eb6be42], PUP.Optional.UTop, C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, En quarantaine, [a5b1533212870c2afccd1866689ca15f], PUP.Optional.UTop, C:\Users\Karine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, En quarantaine, [aea88df88316db5b55740d7152b2b749], PUP.Optional.Amonetize, C:\ProgramData\{02d6c85e-312c-1}\BIT7755.tmp, En quarantaine, [a3b33055d1c88da921c1ad5e3dc6be42], PUP.Optional.Amonetize, C:\ProgramData\{05aa1434-712c-0}\BIT7A36.tmp, En quarantaine, [0d49ea9b148550e68b571dee778c9a66], PUP.Optional.Amonetize, C:\ProgramData\{1174878f-212c-1}\BIT7794.tmp, En quarantaine, [d086afd6f4a5082ed210c645a55e22de], PUP.Optional.Amonetize, C:\ProgramData\{25c11841-012c-0}\BIT7999.tmp, En quarantaine, [a7afb8cdbbdeeb4b7f63bb5058ab8d73], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)