Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 05/08/2019
Heure de l'analyse: 19:20
Fichier journal: 5e8ee2c4-b7a5-11e9-9095-00235ae31dc5.json

-Informations du logiciel-
Version: 3.8.3.2965
Version de composants: 1.0.613
Version de pack de mise à jour: 1.0.11872
Licence: Essai

-Informations système-
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Lacment\Paul

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 286471
Menaces détectées: 56
Menaces mises en quarantaine: 56
Temps écoulé: 18 min, 7 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 20
PUP.Optional.FileConverter, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{27100E88-8830-44ED-9D6A-CA24F3523F39}, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{27100E88-8830-44ED-9D6A-CA24F3523F39}, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{27100E88-8830-44ED-9D6A-CA24F3523F39}, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{27100E88-8830-44ED-9D6A-CA24F3523F39}\InprocServer32, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{27100E88-8830-44ED-9D6A-CA24F3523F39}\InprocServer32, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.DealPly, HKU\S-1-5-21-1814201530-556698652-2204207854-1000\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, En quarantaine, [60], [237621],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1fb4a2eb-67e7-4170-972e-3f234ef76504}, En quarantaine, [451], [237509],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{349301B8-039D-4F4B-B11C-31CD6F47D05C}, En quarantaine, [451], [237508],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{349301b8-039d-4f4b-b11c-31cd6f47d05c}, En quarantaine, [451], [237508],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E48DEBEE-00D1-4D30-9843-BDE9BD53FC34}, En quarantaine, [451], [237508],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e48debee-00d1-4d30-9843-bde9bd53fc34}, En quarantaine, [451], [237508],1.0.11872
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\CinemaHD For Pro 2.4cV15.12-nv, En quarantaine, [451], [237350],1.0.11872
PUP.Optional.1ClickMovieDownload, HKU\S-1-5-18\SOFTWARE\ClickMovie1-Downloaderv10-nv, En quarantaine, [2083], [235171],1.0.11872
PUP.Optional.CinemaGo, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\CineGO2V06.10, En quarantaine, [2870], [236472],1.0.11872
PUP.Optional.CinemaHDPro, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\CinemaHD For Pro 2.4cV15.12, En quarantaine, [2876], [236477],1.0.11872
PUP.Optional.1ClickMovieDownload, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\ClickMovie1-Downloaderv10, En quarantaine, [2083], [235170],1.0.11872
PUP.Optional.CrossRider, HKU\S-1-5-21-1814201530-556698652-2204207854-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1fb4a2eb-67e7-4170-972e-3f234ef76504}, En quarantaine, [451], [237487],1.0.11872
PUP.Optional.CrossRider, HKU\S-1-5-21-1814201530-556698652-2204207854-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{349301b8-039d-4f4b-b11c-31cd6f47d05c}, En quarantaine, [451], [237486],1.0.11872
PUP.Optional.CrossRider, HKU\S-1-5-21-1814201530-556698652-2204207854-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e48debee-00d1-4d30-9843-bde9bd53fc34}, En quarantaine, [451], [237486],1.0.11872
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\vosteran.exe, En quarantaine, [418], [244633],1.0.11872

Valeur du registre: 11
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1fb4a2eb-67e7-4170-972e-3f234ef76504}|APPNAME, En quarantaine, [451], [237509],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{349301b8-039d-4f4b-b11c-31cd6f47d05c}|APPNAME, En quarantaine, [451], [237508],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e48debee-00d1-4d30-9843-bde9bd53fc34}|APPNAME, En quarantaine, [451], [237508],1.0.11872
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|CINEGO2V06.10-BG.EXE, En quarantaine, [1894], [260099],1.0.11872
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|WINSERVICE86-BG.EXE, En quarantaine, [1894], [260099],1.0.11872
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|BROWSERSAPPPROPLUS-V2.3-BG.EXE, En quarantaine, [1894], [260099],1.0.11872
PUP.Optional.CrossRider, HKU\S-1-5-21-1814201530-556698652-2204207854-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1fb4a2eb-67e7-4170-972e-3f234ef76504}|APPNAME, En quarantaine, [451], [237487],1.0.11872
PUP.Optional.CrossRider, HKU\S-1-5-21-1814201530-556698652-2204207854-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{349301b8-039d-4f4b-b11c-31cd6f47d05c}|APPNAME, En quarantaine, [451], [237486],1.0.11872
PUP.Optional.CrossRider, HKU\S-1-5-21-1814201530-556698652-2204207854-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e48debee-00d1-4d30-9843-bde9bd53fc34}|APPNAME, En quarantaine, [451], [237486],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{349301b8-039d-4f4b-b11c-31cd6f47d05c}|APPNAME, En quarantaine, [451], [237508],1.0.11872
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e48debee-00d1-4d30-9843-bde9bd53fc34}|APPNAME, En quarantaine, [451], [237508],1.0.11872

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 1
PUP.Optional.FileConverter, C:\PROGRAM FILES (X86)\FileConverter_1.5, En quarantaine, [1964], [177141],1.0.11872

Fichier: 24
PUP.Optional.WinYahoo, C:\USERS\PAUL\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\WINYAHOO.ICO, En quarantaine, [241], [233831],1.0.11872
PUP.Optional.WebInstr, C:\WINDOWS\SYSTEM32\DRIVERS\Msft_Kernel_webinstrNewH_01009.Wdf, En quarantaine, [5808], [244814],1.0.11872
PUP.Optional.RecentlyFix, C:\USERS\PAUL\APPDATA\LOCAL\RECENTLY-FIX.DB, En quarantaine, [5039], [242255],1.0.11872
PUP.Optional.FileConverter, C:\Program Files (x86)\FileConverter_1.5\FileConverter_1.5ToolbarHelper.exe, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, C:\Program Files (x86)\FileConverter_1.5\ldrtbFile.dll, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, C:\Program Files (x86)\FileConverter_1.5\prxtbFile.dll, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, C:\Program Files (x86)\FileConverter_1.5\tbFile.dll, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, C:\Program Files (x86)\FileConverter_1.5\toolbar.cfg, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.FileConverter, C:\Program Files (x86)\FileConverter_1.5\uninstall.exe, En quarantaine, [1964], [177141],1.0.11872
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\2K GAMES\03BCA67F-9FFC-4724-9A88-541690363F76.DLL, En quarantaine, [446], [301094],1.0.11872
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\2K GAMES\8D85ED71-E4BB-4DCD-9B05-C9B217261B5E.DLL, En quarantaine, [446], [301094],1.0.11872
PUP.Optional.CrossRider, C:\PROGRAM FILES (X86)\ADAP054G\091ED61C-2073-4BAC-ABD4-38BA62226901.DLL, En quarantaine, [451], [301027],1.0.11872
PUP.Optional.CrossRider, C:\PROGRAM FILES (X86)\ADAP054G\2A1C63F5-0608-43DA-B4A8-97CD4F5AD5AF.DLL, En quarantaine, [451], [301027],1.0.11872
PUP.Optional.SupraSavings, C:\TEMP\T.MSI, En quarantaine, [12], [278336],1.0.11872
PUP.Optional.OfferBox, C:\WINDOWS\SYSWOW64\UPDATE.EXE, En quarantaine, [2315], [394728],1.0.11872
PUP.Optional.InstallCore, C:\USERS\PAUL\DOWNLOADS\GOOGLE-AUTO-BACKUP.EXE, En quarantaine, [446], [527982],1.0.11872
PUP.Optional.Solimba, C:\USERS\PAUL\DOWNLOADS\MSN_MESSENGER.EXE, En quarantaine, [506], [585684],1.0.11872
PUP.Optional.Conduit, C:\USERS\PAUL\DOWNLOADS\FILECONVERTER_1.5.EXE, En quarantaine, [206], [111936],1.0.11872
PUP.Optional.InstallCore, C:\USERS\PAUL\DOWNLOADS\MINECRAFT (2).EXE, En quarantaine, [446], [274607],1.0.11872
PUP.Optional.MSW, C:\USERS\PAUL\DOWNLOADS\WINRAR_5-1_FR_9632.EXE, En quarantaine, [11067], [56875],1.0.11872
PUP.Optional.Boxore.WnskRST, C:\WINDOWS\INSTALLER\19A1C8D.MSI, En quarantaine, [908], [299541],1.0.11872
PUP.Optional.WebAdSystem, C:\WINDOWS\INSTALLER\60519.MSI, En quarantaine, [2534], [77381],1.0.11872
PUP.Optional.SmartBar, C:\WINDOWS\INSTALLER\7BC4E3.MSI, En quarantaine, [2297], [278323],1.0.11872
PUP.Optional.Boxore.WnskRST, C:\WINDOWS\INSTALLER\7BC4D1.MSI, En quarantaine, [908], [299541],1.0.11872

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)