Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 15/04/2018
Heure de l'analyse: 12:27
Fichier journal: 9619da5e-4097-11e8-8d2d-f0761c42a576.json
Administrateur: Oui

-Informations du logiciel-
Version: 3.4.5.2467
Version de composants: 1.0.342
Version de pack de mise à jour: 1.0.4740
Licence: Essai

-Informations système-
Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: PC-L\u00c3\u00a9a\L\u00c3\u00a9a

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 299071
Menaces détectées: 64
Menaces mises en quarantaine: 63
Temps écoulé: 19 min, 33 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 15
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\vosteran.exe, En quarantaine, [357], [244633],1.0.4740
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32, En quarantaine, [6987], [261891],1.0.4740
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS, En quarantaine, [6987], [261891],1.0.4740
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En quarantaine, [3829], [-1],0.0.0
PUP.Optional.CornerSunshine, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\Corner Sunshine, En quarantaine, [823], [320742],1.0.4740
PUP.Optional.CornerSunshine, HKLM\SOFTWARE\CLIENTS\Corner Sunshine, En quarantaine, [823], [320742],1.0.4740
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\WinSaberSvc, En quarantaine, [685], [350440],1.0.4740
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, En quarantaine, [2756], [182847],1.0.4740
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\qkseeService, En quarantaine, [685], [348119],1.0.4740
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update Dynamo Combo, En quarantaine, [36], [253976],1.0.4740
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util Dynamo Combo, En quarantaine, [36], [253976],1.0.4740
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\winzipersvc, En quarantaine, [685], [385015],1.0.4740
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, En quarantaine, [357], [160319],1.0.4740
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, En quarantaine, [357], [160319],1.0.4740
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, En quarantaine, [357], [160319],1.0.4740

Valeur du registre: 10
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, En quarantaine, [357], [232752],1.0.4740
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{69D51DD7-7E20-4C73-A396-7F78A1737E7F}|AUTOCONFIGURL, En quarantaine, [3829], [320554],1.0.4740
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [3829], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2078305155-2812541733-3609955693-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [3829], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [3829], [-1],0.0.0
Adware.Ghokswa, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{7F361BD0-6BE0-4C99-AB3E-749824386397}, En quarantaine, [701], [391309],1.0.4740
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|HP, En quarantaine, [2756], [182847],1.0.4740
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|TAB, En quarantaine, [2756], [182847],1.0.4740
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SP, En quarantaine, [2756], [182847],1.0.4740
PUP.Optional.Trotux, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|SURL, En quarantaine, [2756], [182847],1.0.4740

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 1
PUP.Optional.Elex, C:\PROGRAM FILES (X86)\ATUSEWARD, En quarantaine, [735], [323921],1.0.4740

Fichier: 38
PUP.Optional.Nice, C:\USERS\LéA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1YU64L3Z.DEFAULT-1472154315952\SEARCHPLUGINS\NICE.XML, En quarantaine, [4008], [182762],1.0.4740
PUP.Optional.Nice, C:\USERS\LéA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYCSV1EI.DEFAULT-1472160764440\SEARCHPLUGINS\NICE.XML, En quarantaine, [4008], [182762],1.0.4740
PUP.Optional.GsearchFinder, C:\USERS\LéA\APPDATA\ROAMING\PROFILES\pagpysherhientkanupy\EXTENSIONS\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, En quarantaine, [1309], [261721],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\5.txt, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\9.3.6494.400.manifest, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\BrowserUpdate.exe, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\chrome_elf.dll, Supprimer au redémarrage, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\DeElevator.dll, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\ihpul.exe, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\nerkerther, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\obitain.exe, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\qks.exe, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\saber.exe, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.Elex, C:\Program Files (x86)\Atuseward\winzipper.exe, En quarantaine, [735], [323921],1.0.4740
PUP.Optional.NiceSearches, C:\USERS\LéA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYCSV1EI.DEFAULT-1472160764440\PREFS.JS, Remplacé, [14922], [302810],1.0.4740
Generic.Malware/Suspicious, C:\USERS\LéA\APPDATA\LOCAL\DSISETUP977897962.EXE, En quarantaine, [0], [392686],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\MSVCR120.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\LGPLLIBS.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\MSVCP120.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\FREEBL3.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\LIBGLESV2.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\NSS3.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\SANDBOXBROKER.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\D3DCOMPILER_47.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\ICUUC56.DLL, En quarantaine, [701], [334716],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\MOZGLUE.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\NSSDBM3.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\BREAKPADINJECTOR.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\ICUDT56.DLL, En quarantaine, [701], [334716],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\MOZAVCODEC.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\NSSCKBI.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\ICUIN56.DLL, En quarantaine, [701], [334716],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\MOZAVUTIL.DLL, En quarantaine, [701], [333635],1.0.4740
Adware.Ghokswa, C:\PROGRAM FILES (X86)\FIREFOX\SOFTOKN3.DLL, En quarantaine, [701], [333635],1.0.4740
PUP.Optional.Reimage, C:\USERS\LéA\DOWNLOADS\REIMAGEREPAIR(1).EXE, En quarantaine, [1362], [331559],1.0.4740
PUP.Optional.InstallCore, C:\USERS\LéA\DOWNLOADS\UTORRENT.EXE, Aucune action de l'utilisateur, [392], [76754],1.0.4740
PUP.Optional.SpyHunter, C:\USERS\LéA\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, En quarantaine, [5356], [331753],1.0.4740

Secteur physique: 0
(Aucun élément malveillant détecté)


(end)