Malwarebytes Anti-Malware www.malwarebytes.org Date de l'analyse: 21/05/2016 Heure de l'analyse: 01:49 Fichier journal: exam malwarebytes.txt Administrateur: Oui Version: 2.2.1.1043 Base de données de programmes malveillants: v2016.05.20.08 Base de données de rootkits: v2016.05.20.01 Licence: Gratuit Protection contre les programmes malveillants: Désactivé Protection contre les sites Web malveillants: Désactivé Autoprotection: Désactivé Système d'exploitation: Windows 10 Processeur: x64 Système de fichiers: NTFS Utilisateur: Thibaut Type d'analyse: Analyse des menaces Résultat: Terminé Objets analysés: 392400 Temps écoulé: 26 min, 41 s Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Activé PUM: Activé Processus: 0 (Aucun élément malveillant détecté) Modules: 0 (Aucun élément malveillant détecté) Clés du Registre: 3 PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [d058dbfdb2e7fc3ac52f60f1e51db050], PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [d058dbfdb2e7fc3ac52f60f1e51db050], PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D181FE83}, , [9a8e9b3d6b2e78be8b3491454cb7c040], Valeurs du Registre: 5 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d181fe83}|1, 1458227415, , [9a8e9b3d6b2e78be8b3491454cb7c040] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{bf97633a-1bab-4b29-a33a-af8447efdd7e}|NameServer, 82.163.142.7 95.211.158.134, , [8b9d30a876235fd74067ffd7be45a060] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{c0459912-802e-4847-9ebd-4af00f5b8f0e}|NameServer, 82.163.142.7 95.211.158.134, , [899f37a16b2e7db9b2f5379f36cde31d] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{e1d101d0-5198-4689-8356-0776ac11fdad}|NameServer, 82.163.142.7 95.211.158.134, , [67c19a3eddbc290dbdea12c409fa7c84] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{ef3275c1-2d1a-47d9-a05f-42ab41654489}|NameServer, 82.163.142.7 95.211.158.134, , [85a310c818811e18ccdb1fb731d20df3] Données du Registre: 1 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Bon : (8.8.8.8), Mauvais : (82.163.142.7 95.211.158.134),,[a4845385930652e43ef9aea1c044b34d] Dossiers: 4 PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\net_search, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.OneSafePCCleaner, C:\Users\Thibaut\Documents\OneSafe PC Cleaner, , [43e53f991980bf77f1b765353bc74bb5], Fichiers: 40 PUP.Optional.DailyWiki, C:\Users\Thibaut\AppData\Roaming\ZHP\Quarantine\DailyWiki.5.2.0tr.exe, , [43e54f89079266d07ecc6705857c52ae], PUP.Optional.InstallCore, C:\Users\Thibaut\AppData\Roaming\ZHP\Quarantine\ICReinstall_installcore, , [0c1ccb0d574283b302b0df477789bb45], PUP.Optional.InstallCore, C:\Users\Thibaut\AppData\Local\Temp\VhA83wR\1\installcore, , [84a4be1af2a7fa3c981abd69f50b12ee], PUP.Optional.OneSystemCare, C:\Users\Thibaut\AppData\Local\Temp\VhA83wR\251\OneSystemCare.exe, , [9d8bcc0cc6d31422278b633321e024dc], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\config.ini, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\everything.dll, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\everything.exe, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\helper.dll, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\Patch.dll, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\SearchBase.exe, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\uninst.exe, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\net_search\bing.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\net_search\google.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\net_search\search_config.ini, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\net_search\SFK.ini, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\net_search\SFKEX.ini, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\net_search\yahoo.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\bing.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\caret.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\FileListItem.xml, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\FileListItem_bing.xml, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\FileListItem_google.xml, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\frame.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\frame2.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\google.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\guide.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\icon_search.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\mainpanel.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\MainPannel.xml, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\panel_base.xml, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\search_content_list.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\WndMask.xml, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.Everything, C:\Users\Thibaut\AppData\Everything\skin\yahoo.png, , [d1576c6cfd9c3cfa1133364ad033af51], PUP.Optional.UTop, C:\Users\Thibaut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage, , [ad7bffd93c5db086d189fcd4828124dc], PUP.Optional.UTop, C:\Users\Thibaut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utop.it_0.localstorage-journal, , [29ff38a05247d1655dfdaa2658aba858], PUP.Optional.Yontoo, C:\Users\Thibaut\AppData\Roaming\Mozilla\Firefox\Profiles\5fyuq26f.default\extensions\{1e5a3a42-3eec-4940-b277-f29e9d2514dd}.xpi, , [78b01cbc0a8f4beb6faef1e0b44fba46], PUP.Optional.OneSafePCCleaner, C:\Users\Thibaut\Documents\OneSafe PC Cleaner\CookieExclusions.txt, , [43e53f991980bf77f1b765353bc74bb5], PUP.Optional.OneSafePCCleaner, C:\Users\Thibaut\Documents\OneSafe PC Cleaner\img1.png, , [43e53f991980bf77f1b765353bc74bb5], PUP.Optional.OneSafePCCleaner, C:\Users\Thibaut\Documents\OneSafe PC Cleaner\img2.png, , [43e53f991980bf77f1b765353bc74bb5], PUM.Optional.FireFoxSearchOverride, C:\Users\Thibaut\AppData\Roaming\Mozilla\Firefox\Profiles\5fyuq26f.default\user.js, , [f335e6f28019c67053c8d39c7094649c], Secteurs physiques: 0 (Aucun élément malveillant détecté) (end)