Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/6/17
Scan Time: 5:58 PM
Logfile: hh.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.0
Update Package Version: 1.0.1673
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-68PKU5S\Nicolas

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362414
Time Elapsed: 4 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
Ransom.SageLocker, HKU\S-1-5-21-1342937529-621865817-1712451933-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|TbwSlaye, Quarantined, [2014], [387176],1.0.1673

Registry Data: 9
Ransom.SageLocker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, Replaced, [2014], [387176],1.0.1673
Ransom.SageLocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, Replaced, [2014], [387176],1.0.1673
Ransom.SageLocker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, Replaced, [2014], [387176],1.0.1673
Ransom.SageLocker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, Replaced, [2014], [387176],1.0.1673
Hijack.UserInit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|USERINIT, Replaced, [527], [291538],1.0.1673
Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|USERINIT, Replaced, [527], [291538],1.0.1673
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, [17749], [293294],1.0.1673
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, [17749], [293295],1.0.1673
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, [17749], [293296],1.0.1673

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 12
Ransom.SageLocker, C:\USERS\CRAPA\APPDATA\LOCAL\USGLVSUP\DYXXGVEG.EXE, Quarantined, [2014], [387176],1.0.1673
Ransom.SageLocker, C:\USERS\CRAPA\APPDATA\LOCAL\TEMP\TBWSLAYE.EXE, Quarantined, [2014], [387176],1.0.1673
Trojan.Agent, C:\USERS\CRAPA\APPDATA\ROAMING\WINDOWS.EXE.TMP, Quarantined, [17], [226377],1.0.1673
Trojan.Agent.MSIL, C:\USERS\CRAPA\APPDATA\ROAMING\ZHP\QUARANTINE\WINDOWS.EXE.VIR, Quarantined, [188], [280036],1.0.1673
Ransom.SageLocker, C:\USERS\CRAPA\APPDATA\LOCAL\TEMP\JRT\FIINUF20, Quarantined, [2014], [387176],1.0.1673
Ransom.SageLocker, C:\USERS\CRAPA\APPDATA\LOCAL\TEMP\MUPDNFKJ.EXE, Quarantined, [2014], [387176],1.0.1673
Ransom.SageLocker, C:\WINDOWS\TEMP\FIINUF20, Quarantined, [2014], [387176],1.0.1673
HackTool.GameHack, C:\USERS\CRAPA\DOWNLOADS\ELOBUDDY-SETUP.EXE, Quarantined, [491], [332850],1.0.1673
HackTool.GameHack, C:\USERS\CRAPA\DOWNLOADS\ELOBUDDY-SETUP (2).EXE, Quarantined, [491], [332850],1.0.1673
Trojan.Agent.MSIL, C:\USERS\CRAPA\DOWNLOADS\NETFU.ZIP, Quarantined, [188], [280036],1.0.1673
HackTool.GameHack, C:\USERS\CRAPA\DOWNLOADS\ELOBUDDY-SETUP (1).EXE, Quarantined, [491], [332850],1.0.1673
Ransom.SageLocker, C:\USERS\CRAPA\APPDATA\LOCAL\FIINUF20, Quarantined, [2014], [387176],1.0.1673

Physical Sector: 0
(No malicious items detected)


(end)