Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 24/10/2017
Heure de l'analyse: 19:44
Fichier journal: ef5d5c2c-b8e2-11e7-b6a6-2c600cd4856d.json
Administrateur: Oui

-Informations du logiciel-
Version: 3.2.2.2029
Version de composants: 1.0.212
Version de pack de mise à jour: 1.0.3085
Licence: Gratuit

-Informations système-
Système d'exploitation: Windows 10 (Build 14393.1715)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: LAPTOP-5083RR27\david duguet

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 404548
Menaces détectées: 84
Menaces mises en quarantaine: 84
Temps écoulé: 5 min, 23 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 35
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Amazon1ButtonRuntime.dll, En quarantaine, [1492], [441169],1.0.3085
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, En quarantaine, [526], [183362],1.0.3085
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, En quarantaine, [526], [183362],1.0.3085
PUP.Optional.SearchManager, HKU\S-1-5-21-811641356-711831480-4241828057-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, En quarantaine, [526], [183362],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\APPID\Amazon1ButtonRuntime.dll, En quarantaine, [1492], [441169],1.0.3085
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\WajNEn, En quarantaine, [83], [254333],1.0.3085
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En quarantaine, [83], [-1],0.0.0
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, En quarantaine, [1492], [441168],1.0.3085
PUP.Optional.Amazon1Button, HKU\S-1-5-21-811641356-711831480-4241828057-1001\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, En quarantaine, [1492], [441167],1.0.3085
PUP.Optional.Amazon1Button, HKU\S-1-5-19\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, En quarantaine, [1492], [441167],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [577], [236865],1.0.3085
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, En quarantaine, [577], [236865],1.0.3085
PUP.Optional.Conduit, HKU\S-1-5-21-811641356-711831480-4241828057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, En quarantaine, [577], [236865],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.AmazonRuntimeServer, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.Amazon1ButtonRuntime, En quarantaine, [1492], [386607],1.0.3085
PUP.Optional.Amazon1Button, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, En quarantaine, [1492], [441167],1.0.3085
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{eba5dde8}, En quarantaine, [22], [260250],1.0.3085
PUP.Optional.DNSUnlocker.ACMB2, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CCA7D160-BA3C-B989-106D-C24D3E72AC65}, En quarantaine, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A156CF5E-8D4F-48AE-9ACA-20087F82D474}, En quarantaine, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A156CF5E-8D4F-48AE-9ACA-20087F82D474}, En quarantaine, [22], [-1],0.0.0
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr, En quarantaine, [4987], [244209],1.0.3085
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Amazon1ButtonRuntime.dll, En quarantaine, [1492], [441169],1.0.3085
PUP.Optional.StartPage, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WarThunder0, En quarantaine, [46], [186209],1.0.3085
PUP.Optional.Amazon1Button, HKU\S-1-5-20\SOFTWARE\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp, En quarantaine, [1492], [441167],1.0.3085
PUP.Optional.WebSteroids, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, En quarantaine, [5306], [169013],1.0.3085
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, En quarantaine, [5306], [169013],1.0.3085

Valeur du registre: 7
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [83], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-811641356-711831480-4241828057-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [83], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [83], [-1],0.0.0
PUP.Optional.Conduit, HKU\S-1-5-21-811641356-711831480-4241828057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, En quarantaine, [577], [236865],1.0.3085
PUP.Optional.Conduit, HKU\S-1-5-21-811641356-711831480-4241828057-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, En quarantaine, [577], [236865],1.0.3085
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{eba5dde8}|1, En quarantaine, [22], [260250],1.0.3085
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr|{8A4D5A43-C64A-45AB-BDF4-804FE18CEAFD}.SDB, En quarantaine, [4987], [244209],1.0.3085

Données du registre: 12
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{10ac4b75-08a4-4e02-912f-b0888152cc52}|NameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{17b73ea8-4f09-4c01-8d8e-4ed45f1778fa}|NameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{17b73ea8-4f09-4c01-8d8e-4ed45f1778fa}|DhcpNameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}|NameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{27cfb1b0-cd29-46c6-b9df-82585abb1207}|NameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{27cfb1b0-cd29-46c6-b9df-82585abb1207}|DhcpNameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e471389f-f726-49e5-b41d-eaa7c116da35}|NameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e471389f-f726-49e5-b41d-eaa7c116da35}|DhcpNameServer, Remplacé, [22], [-1],0.0.0
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Remplacé, [63], [293461],1.0.3085
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Remplacé, [63], [293461],1.0.3085

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 6
PUP.Optional.AmazonTB, C:\Users\david duguet\AppData\Roaming\Mozilla\Firefox\Profiles\3n6e7j2k.default\jetpack\abb@amazon.com\simple-storage, En quarantaine, [10333], [175409],1.0.3085
PUP.Optional.AmazonTB, C:\USERS\DAVID DUGUET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3N6E7J2K.DEFAULT\JETPACK\ABB@AMAZON.COM, En quarantaine, [10333], [175409],1.0.3085
PUP.Optional.BrowserSecurity, C:\Users\david duguet\AppData\Roaming\Mozilla\Firefox\Profiles\3n6e7j2k.default\jetpack\firefox@browser-security.de\simple-storage, En quarantaine, [1205], [347817],1.0.3085
PUP.Optional.BrowserSecurity, C:\USERS\DAVID DUGUET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3N6E7J2K.DEFAULT\JETPACK\FIREFOX@BROWSER-SECURITY.DE, En quarantaine, [1205], [347817],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\dat, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\PROGRAMDATA\ADJTMKKHD, En quarantaine, [120], [301963],1.0.3085

Fichier: 24
PUP.Optional.AmazonTB, C:\Users\david duguet\AppData\Roaming\Mozilla\Firefox\Profiles\3n6e7j2k.default\jetpack\abb@amazon.com\simple-storage\store.json, En quarantaine, [10333], [175409],1.0.3085
PUP.Optional.HijackedShortCuts, C:\USERS\DAVID DUGUET\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\amazon.fr .lnk, En quarantaine, [15136], [261026],1.0.3085
PUP.Optional.SearchManager, C:\USERS\DAVID DUGUET\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, En quarantaine, [526], [260990],1.0.3085
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\{CCA7D160-BA3C-B989-106D-C24D3E72AC65}, En quarantaine, [22], [-1],0.0.0
PUP.Optional.PullUpdate, C:\PROGRAMDATA\ADJTMKKHD\DAT\TLWKJKC.EXE.CONFIG, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\dat\JQyqRGeLMU.exe, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\dat\JQyqRGeLMU.exe.config, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\dat\NodqbZ.dll, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\dat\TLWKjKc.exe, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\dat\toGwzX.dll, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\info.dat, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\mIfxWBcwv.dat, En quarantaine, [120], [301963],1.0.3085
PUP.Optional.PullUpdate, C:\ProgramData\aDJtMkkhd\mIfxWBcwv.exe.config, En quarantaine, [120], [301963],1.0.3085
PUM.Optional.FireFoxSecurityOverride, C:\USERS\DAVID DUGUET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3N6E7J2K.DEFAULT\USER.JS, En quarantaine, [15264], [302435],1.0.3085
Adware.DNSUnlocker, C:\PROGRAMDATA\{B99F352B-0E34-8280-7AF7-84D509054C29}\TRZ21D6.TMP, En quarantaine, [401], [416588],1.0.3085
Adware.DNSUnlocker, C:\PROGRAMDATA\{151623B6-A2BD-941D-4051-06A3FE0BD080}\TRZ21E7.TMP, En quarantaine, [401], [416588],1.0.3085
Adware.DNSUnlocker, C:\PROGRAMDATA\{1083C533-A728-7298-848A-0271A959BD77}\TRZ21C5.TMP, En quarantaine, [401], [416588],1.0.3085
Adware.DNSUnlocker, C:\PROGRAMDATA\{07D5771F-B07E-C0B4-65C8-6534EBBFEBC4}\TRZ21F7.TMP, En quarantaine, [401], [416588],1.0.3085
PUP.Optional.InstallCore, C:\USERS\DAVID DUGUET\DOWNLOADS\CCLEANER_SETUP.EXE, En quarantaine, [2], [359376],1.0.3085
PUP.Optional.BundleInstaller, C:\USERS\DAVID DUGUET\DOWNLOADS\INSTALL_CCLEANER (2).EXE, En quarantaine, [20], [307492],1.0.3085
PUP.Optional.BundleInstaller, C:\USERS\DAVID DUGUET\DOWNLOADS\INSTALL_CCLEANER (3).EXE, En quarantaine, [20], [307492],1.0.3085
PUP.Optional.BundleInstaller, C:\USERS\DAVID DUGUET\DOWNLOADS\INSTALL_CCLEANER.EXE, En quarantaine, [20], [305128],1.0.3085
PUP.Optional.SecurityCleanerLLC, C:\USERS\DAVID DUGUET\DOWNLOADS\INSTALL_CCLEANER-WIN32.EXE, En quarantaine, [7453], [379150],1.0.3085
PUP.Optional.BundleInstaller, C:\USERS\DAVID DUGUET\DOWNLOADS\INSTALL_CCLEANER (1).EXE, En quarantaine, [20], [307492],1.0.3085

Secteur physique: 0
(Aucun élément malveillant détecté)


(end)