Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 24/01/2018
Heure de l'analyse: 23:16
Fichier journal: 3190e730-0154-11e8-a4d0-1c6f65b1ecbc.json
Administrateur: Oui

-Informations du logiciel-
Version: 3.3.1.2183
Version de composants: 1.0.262
Version de pack de mise à jour: 1.0.3777
Licence: Essai

-Informations système-
Système d'exploitation: Windows 10 (Build 16299.125)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: MEDION\roland

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 306332
Menaces détectées: 90
Menaces mises en quarantaine: 90
Temps écoulé: 1 min, 49 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 24
PUP.Optional.InstallCore, HKU\S-1-5-21-1113307766-930362309-2852264658-1001\SOFTWARE\csastats, En quarantaine, [2], [260986],1.0.3777
PUP.Optional.Wajam, HKU\S-1-5-21-1113307766-930362309-2852264658-1001\SOFTWARE\WajIEnhance, En quarantaine, [71], [244670],1.0.3777
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En quarantaine, [71], [-1],0.0.0
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\WOW6432NODE\BDSERVICES\APPS\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}, En quarantaine, [1880], [366345],1.0.3777
Adware.REOptimizer, HKU\S-1-5-21-1113307766-930362309-2852264658-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119, En quarantaine, [6542], [417947],1.0.3777
PUP.Optional.ParetoLogic, HKU\S-1-5-21-1113307766-930362309-2852264658-1001\SOFTWARE\PARETOLOGIC\PC Health Advisor, En quarantaine, [1880], [366347],1.0.3777
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, En quarantaine, [9299], [246387],1.0.3777
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, En quarantaine, [4342], [424837],1.0.3777
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\WajIEnhance, En quarantaine, [71], [244670],1.0.3777
PUP.Optional.AdvancePCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\B7A64AC7-B828-4D74-98B2-097AFA836948_is1, En quarantaine, [4788], [478155],1.0.3777
PUP.Optional.Searchy, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}, En quarantaine, [6639], [415599],1.0.3777
PUP.Optional.AdvancePCCare, HKLM\SOFTWARE\PCV-VAR, En quarantaine, [4788], [478156],1.0.3777
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, En quarantaine, [9299], [246387],1.0.3777
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\advancedpccare.online, En quarantaine, [51], [251336],1.0.3777
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, En quarantaine, [4342], [424837],1.0.3777
PUP.Optional.ParetoLogic, HKLM\SOFTWARE\WOW6432NODE\PARETOLOGIC\PC Health Advisor, En quarantaine, [1880], [366346],1.0.3777
Adware.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\11598763487076930564, En quarantaine, [1626], [424293],1.0.3777
PUP.Optional.DriverAgent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DrvAgent64, En quarantaine, [2133], [345587],1.0.3777
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\c2b381f703c45ca0209a4da1a2d88a58, En quarantaine, [266], [480976],1.0.3777
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En quarantaine, [71], [170024],1.0.3777
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, En quarantaine, [31], [160141],1.0.3777
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, En quarantaine, [31], [160141],1.0.3777
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En quarantaine, [71], [170024],1.0.3777
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, En quarantaine, [71], [170024],1.0.3777

Valeur du registre: 6
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [71], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1113307766-930362309-2852264658-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [71], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1113307766-930362309-2852264658-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, En quarantaine, [71], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [71], [-1],0.0.0
Adware.REOptimizer, HKU\S-1-5-21-1113307766-930362309-2852264658-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119|DISPLAYNAME, En quarantaine, [6542], [417947],1.0.3777
PUP.Optional.AdvancePCCare, HKLM\SOFTWARE\PCV-VAR|PHONE, En quarantaine, [4788], [478156],1.0.3777

Données du registre: 12
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0582a3b4-4523-457f-8dc5-0d4311cad6de}|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{1dd4c7e6-4c35-49ef-ba25-95c3d3386743}|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2780b7bf-72c8-466e-b662-450051239c0f}|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{4a809099-ef5c-4d6a-9376-44f7dbfed026}|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5ee53399-2410-4a08-a047-6c77744ee128}|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5ee53399-2410-4a08-a047-6c77744ee128}|DhcpNameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{728cae33-a25c-4203-9a44-b0f789abb0e4}|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{88fc3e73-48bf-4573-8b06-973c46ba771d}|NameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{88fc3e73-48bf-4573-8b06-973c46ba771d}|DhcpNameServer, Remplacé, [1626], [-1],0.0.0
Adware.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{b89b2938-a6d7-467c-9a49-9b8cb985ddc5}|NameServer, Remplacé, [1626], [-1],0.0.0

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 19
PUP.Optional.OpenCandy, C:\Users\roland\AppData\Roaming\OpenCandy\OpenCandy_6E3FB41CB2CA448E9004B4E6ED6FE09F, En quarantaine, [460], [173202],1.0.3777
PUP.Optional.OpenCandy, C:\Users\roland\AppData\Roaming\OpenCandy\DF29BA60ECF4422D80C34D34E5CA0B2E, En quarantaine, [460], [173202],1.0.3777
PUP.Optional.OpenCandy, C:\USERS\ROLAND\APPDATA\ROAMING\OPENCANDY, En quarantaine, [460], [173202],1.0.3777
PUP.Optional.ExpressFind, C:\PROGRAMDATA\77790361-426C-4FA2-8CF3-5994543D685D, En quarantaine, [6341], [177047],1.0.3777
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL, En quarantaine, [18], [479103],1.0.3777
PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.online\Advanced-PC-Care, En quarantaine, [51], [181071],1.0.3777
PUP.Optional.AdvancedPCCare, C:\PROGRAMDATA\advancedpccare.online, En quarantaine, [51], [181071],1.0.3777
PUP.Optional.AdvancedPCCare, C:\Users\roland\AppData\Roaming\advancedpccare.online\Advanced-PC-Care, En quarantaine, [51], [181071],1.0.3777
PUP.Optional.AdvancedPCCare, C:\USERS\ROLAND\APPDATA\ROAMING\advancedpccare.online, En quarantaine, [51], [181071],1.0.3777
PUP.Optional.ParetoLogic, C:\USERS\ROLAND\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\PARETOLOGIC\PC HEALTH ADVISOR, En quarantaine, [1880], [366051],1.0.3777
PUP.Optional.ParetoLogic, C:\PROGRAMDATA\PARETOLOGIC\PC HEALTH ADVISOR, En quarantaine, [1880], [366052],1.0.3777
PUP.Optional.ParetoLogic, C:\USERS\ROLAND\APPDATA\ROAMING\PARETOLOGIC\PC HEALTH ADVISOR, En quarantaine, [1880], [366052],1.0.3777
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\47da1e26-1893-1, En quarantaine, [7798], [407181],1.0.3777
PUP.Optional.BitsInstall.BITSRST, C:\PROGRAMDATA\47da1e26-6745-0, En quarantaine, [7798], [407181],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\USERS\ROLAND\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\SYSTEM PROFILE\EXTENSIONS\PBDPAJCDGKNPENDPMECAFMOPKNEFAFHA, En quarantaine, [1312], [466864],1.0.3777

Fichier: 29
PUP.Optional.OpenCandy, C:\Users\roland\AppData\Roaming\OpenCandy\DF29BA60ECF4422D80C34D34E5CA0B2E\AVG_Performance_1379.exe, En quarantaine, [460], [173202],1.0.3777
PUP.Optional.ExpressFind, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\temp, En quarantaine, [6341], [177047],1.0.3777
Trojan.Agent, C:\WINDOWS\SYSWOW64\SSL\XV.DB, En quarantaine, [18], [479103],1.0.3777
Trojan.Agent, C:\Windows\SysWOW64\SSL\ac42cae6cee29509 2.cer, En quarantaine, [18], [479103],1.0.3777
Trojan.Agent, C:\Windows\SysWOW64\SSL\cert.db, En quarantaine, [18], [479103],1.0.3777
Trojan.Agent, C:\Windows\SysWOW64\SSL\x.db, En quarantaine, [18], [479103],1.0.3777
Trojan.Agent, C:\Windows\SysWOW64\SSL\xtls.db, En quarantaine, [18], [479103],1.0.3777
PUP.Optional.ParetoLogic, C:\ProgramData\ParetoLogic\PC Health Advisor\License.rdat, En quarantaine, [1880], [366052],1.0.3777
PUP.Optional.ParetoLogic, C:\ProgramData\ParetoLogic\PC Health Advisor\License_FirstRun.rdat, En quarantaine, [1880], [366052],1.0.3777
PUP.Optional.ParetoLogic, C:\ProgramData\ParetoLogic\PC Health Advisor\License_Time.rdat, En quarantaine, [1880], [366052],1.0.3777
PUP.Optional.ParetoLogic, C:\ProgramData\ParetoLogic\PC Health Advisor\RB.rdat, En quarantaine, [1880], [366052],1.0.3777
PUP.Optional.ParetoLogic, C:\ProgramData\ParetoLogic\PC Health Advisor\tfn.xml, En quarantaine, [1880], [366052],1.0.3777
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\47da1e26-1893-1\47da1e26-1893-1.d, En quarantaine, [7798], [407181],1.0.3777
PUP.Optional.BitsInstall.BITSRST, C:\ProgramData\47da1e26-6745-0\47da1e26-6745-0.d, En quarantaine, [7798], [407181],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\USERS\ROLAND\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\System Profile\Secure Preferences, Remplacé, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\USERS\ROLAND\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\SYSTEM PROFILE\EXTENSIONS\PBDPAJCDGKNPENDPMECAFMOPKNEFAFHA\1.1.3\MANIFEST.JSON, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-128.png, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-18.png, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-48.png, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\images\icon-64.png, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\js\background.js, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata\computed_hashes.json, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\_metadata\verified_contents.json, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\003b8b06, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.QuickSearcher.Generic, C:\Users\roland\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha\1.1.3\index.html, En quarantaine, [1312], [466864],1.0.3777
PUP.Optional.DriverAgent, C:\WINDOWS\SYSWOW64\DRIVERS\DRVAGENT64.SYS, En quarantaine, [2133], [345587],1.0.3777
Adware.Wajam, C:\WINDOWS\SYSTEM32\DRIVERS\C2B381F703C45CA0209A4DA1A2D88A58.SYS, En quarantaine, [266], [480976],1.0.3777
PUP.Optional.Yontoo, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, En quarantaine, [31], [-1],0.0.0
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, En quarantaine, [31], [-1],0.0.0

Secteur physique: 0
(Aucun élément malveillant détecté)


(end)