Malwarebytes
www.malwarebytes.com

-DÃ©tails du journal-
Date de l'analyse: 04/09/2017
Heure de l'analyse: 13:40
Fichier journal: 39b55e89-916e-11e7-bf6d-38eaa78aff9e.json
Administrateur: Oui

-Informations du logiciel-
Version: 3.2.2.2018
Version de composants: 1.0.186
Version de pack de mise Ã  jour: 1.0.2723
Licence: Essai

-Informations systÃ¨me-
SystÃ¨me d'exploitation: Windows 7 Service Pack 1
Processeur: x64
SystÃ¨me de fichiers: NTFS
Utilisateur: HP-PC\HP

-RÃ©sumÃ© de l'analyse-
Type d'analyse: Analyse des menaces
RÃ©sultat: TerminÃ©
Objets analysÃ©s: 347707
Menaces dÃ©tectÃ©es: 75
Menaces mises en quarantaine: 73
Temps Ã©coulÃ©: 10 min, 6 s

-Options d'analyse-
MÃ©moire: ActivÃ©
DÃ©marrage: ActivÃ©
SystÃ¨me de fichiers: ActivÃ©
Archives: ActivÃ©
Rootkits: ActivÃ©
Heuristique: ActivÃ©
PUP: DÃ©tection
PUM: DÃ©tection

-DÃ©tails de l'analyse-
Processus: 0
(Aucun Ã©lÃ©ment malveillant dÃ©tectÃ©)

Module: 0
(Aucun Ã©lÃ©ment malveillant dÃ©tectÃ©)

ClÃ© du registre: 28
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, En quarantaine, [1050], [327193],1.0.2723
PUP.Optional.Reimage, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\Reimage, En quarantaine, [1050], [357494],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, En quarantaine, [1050], [327197],1.0.2723
PUP.Optional.Reimage, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., En quarantaine, [1050], [327203],1.0.2723
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En quarantaine, [318], [-1],0.0.0
PUP.Optional.Reimage, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\REIMAGE\PC REPAIR, En quarantaine, [1050], [327204],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, En quarantaine, [1050], [327193],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE, En quarantaine, [1050], [327200],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, En quarantaine, [1050], [332504],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, En quarantaine, [1050], [327193],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE, En quarantaine, [1050], [327200],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, En quarantaine, [1050], [336077],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, En quarantaine, [1050], [327206],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, En quarantaine, [1050], [332494],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, En quarantaine, [1050], [332494],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, En quarantaine, [1050], [332494],1.0.2723

Valeur du registre: 11
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, En quarantaine, [318], [372702],1.0.2723
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, En quarantaine, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Ãchec de la suppression, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, En quarantaine, [318], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Ãchec de la suppression, [318], [-1],0.0.0
PUP.Optional.Reimage, HKU\S-1-5-21-973574304-4213879892-3365473658-1000\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, En quarantaine, [1050], [327204],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE|, En quarantaine, [1050], [327200],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, En quarantaine, [1050], [332504],1.0.2723
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REIMAGE.EXE|, En quarantaine, [1050], [327200],1.0.2723
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES|, En quarantaine, [318], [372700],1.0.2723

DonnÃ©es du registre: 0
(Aucun Ã©lÃ©ment malveillant dÃ©tectÃ©)

Flux de donnÃ©es: 0
(Aucun Ã©lÃ©ment malveillant dÃ©tectÃ©)

Dossier: 10
PUP.Optional.StartPage, C:\USERS\HP\APPDATA\ROAMING\BROWSERMODULE, En quarantaine, [46], [335017],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PBDPAJCDGKNPENDPMECAFMOPKNEFAFHA, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\js, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG, En quarantaine, [2148], [389742],1.0.2723

Fichier: 26
PUP.Optional.StartPage, C:\USERS\HP\APPDATA\ROAMING\BROWSERMODULE\COMPONENT.LOG, En quarantaine, [46], [335017],1.0.2723
PUP.Optional.Reimage, C:\USERS\HP\APPDATA\LOCAL\TEMP\REIMAGE.LOG, En quarantaine, [1050], [334717],1.0.2723
PUP.Optional.Tables, C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLYM0A86.DEFAULT\EXTENSIONS\378507@EXTCORP.NET.XPI, En quarantaine, [867], [413446],1.0.2723
PUP.Optional.Reimage, C:\USERS\HP\APPDATA\LOCAL\TEMP\REIMAGEPACKAGE.EXE, En quarantaine, [1050], [384803],1.0.2723
PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGE.LOG, En quarantaine, [1050], [334717],1.0.2723
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\LOCAL\TEMP\BROWMODULE.EXE, En quarantaine, [2148], [422993],1.0.2723
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JLYM0A86.DEFAULT\CHROME\USERCONTENT.CSS, En quarantaine, [2148], [389741],1.0.2723
PUP.Optional.QuickSearcher, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PBDPAJCDGKNPENDPMECAFMOPKNEFAFHA\1.1.3\MANIFEST.JSON, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-128.png, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-18.png, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-48.png, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-64.png, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js\background.js, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata\computed_hashes.json, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata\verified_contents.json, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\003b8b06, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.QuickSearcher, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\index.html, En quarantaine, [84], [302485],1.0.2723
PUP.Optional.BrowserModule, C:\USERS\HP\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\FNGMHNNPILHPLAEEDIFHCCCEOMCLGFBG\78.0_0\MANIFEST.JSON, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon128.png, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon16.png, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon24.png, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\icon\icon32.png, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\js\background.js, En quarantaine, [2148], [389742],1.0.2723
PUP.Optional.BrowserModule, C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\78.0_0\index.html, En quarantaine, [2148], [389742],1.0.2723
Generic.Malware/Suspicious, C:\WINDOWS\SYSWOW64\WOWREG32MGR.EXE, En quarantaine, [0], [392686],1.0.2723
PUP.Optional.Reimage, C:\WINDOWS\TEMP\REIMAGEDEFINITIONUPDATE.EXE, En quarantaine, [1050], [327181],1.0.2723

Secteur physique: 0
(Aucun Ã©lÃ©ment malveillant dÃ©tectÃ©)


(end)