Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 27/04/2018
Heure de l'analyse: 17:10
Fichier journal: 19ecb66e-4a2d-11e8-bd3d-001bb9fc62c8.json
Administrateur: Oui

-Informations du logiciel-
Version: 3.4.5.2467
Version de composants: 1.0.342
Version de pack de mise à jour: 1.0.4894
Licence: Gratuit

-Informations système-
Système d'exploitation: Windows 7 Service Pack 1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: 3abir-PC\3abir

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 175185
Menaces détectées: 50
Menaces mises en quarantaine: 49
Temps écoulé: 16 min, 17 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 2
Trojan.PasswordStealer, C:\USERS\3ABIR\APPDATA\ROAMING\MICROSOFT\SECURITY\MCRSTDIO.EXE, En quarantaine, [3629], [514873],1.0.4894
Generic.Malware/Suspicious, C:\USERS\3ABIR\APPDATA\ROAMING\22B7C6C05DF43489889415\SVCHOST.EXE, En quarantaine, [0], [392686],1.0.4894

Module: 2
Trojan.PasswordStealer, C:\USERS\3ABIR\APPDATA\ROAMING\MICROSOFT\SECURITY\MCRSTDIO.EXE, En quarantaine, [3629], [514873],1.0.4894
Generic.Malware/Suspicious, C:\USERS\3ABIR\APPDATA\ROAMING\22B7C6C05DF43489889415\SVCHOST.EXE, En quarantaine, [0], [392686],1.0.4894

Clé du registre: 23
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WINHOSTSTARTFORMACHINE, En quarantaine, [512], [511641],1.0.4894
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C2130560-1238-4BA9-98E9-AEC725F53357}, En quarantaine, [512], [511641],1.0.4894
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C2130560-1238-4BA9-98E9-AEC725F53357}, En quarantaine, [512], [511641],1.0.4894
Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinHostStartForMachine, En quarantaine, [3799], [-1],0.0.0
Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2130560-1238-4BA9-98E9-AEC725F53357}, En quarantaine, [3799], [-1],0.0.0
Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2130560-1238-4BA9-98E9-AEC725F53357}, En quarantaine, [3799], [-1],0.0.0
Trojan.CoreBot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\btlr, En quarantaine, [4622], [515824],1.0.4894
Trojan.CoreBot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\butldsk, En quarantaine, [4622], [515825],1.0.4894
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Opera scheduled Autoupdate 4086469641, En quarantaine, [3778], [510920],1.0.4894
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{21D92454-FBC3-4DD4-9AFB-DC68CFC44457}, En quarantaine, [3778], [510920],1.0.4894
Trojan.Agent.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{21D92454-FBC3-4DD4-9AFB-DC68CFC44457}, En quarantaine, [3778], [510920],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{343EE2BA-15E9-D8C0-BCED-5E40D6D77A94}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0C3D13BD-FBEB-4399-AF01-128E2ED8A751}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{0C3D13BD-FBEB-4399-AF01-128E2ED8A751}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{5B946284-FC37-E40E-B89E-5015F5A8661F}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D25B00E8-7D33-478E-85EE-73AD241E508D}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{D25B00E8-7D33-478E-85EE-73AD241E508D}, En quarantaine, [394], [511696],1.0.4894
Trojan.MalPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Opera scheduled Autoupdate 4086469641, En quarantaine, [3893], [515931],1.0.4894
Trojan.MalPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{21D92454-FBC3-4DD4-9AFB-DC68CFC44457}, En quarantaine, [3893], [515931],1.0.4894
Trojan.MalPack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{21D92454-FBC3-4DD4-9AFB-DC68CFC44457}, En quarantaine, [3893], [515931],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{3E1C5874-53EF-866F-40C7-6925D6475865}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{346A9440-1E61-4BDA-8925-9ACF066B8949}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{346A9440-1E61-4BDA-8925-9ACF066B8949}, En quarantaine, [394], [511696],1.0.4894

Valeur du registre: 5
Trojan.PasswordStealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Windows Update Service, En quarantaine, [3629], [514873],1.0.4894
Trojan.PasswordStealer, HKU\S-1-5-21-2018237033-3279797823-235397082-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Windows Update Service, En quarantaine, [3629], [514873],1.0.4894
Hijack.ShellA.Gen, HKU\S-1-5-21-2018237033-3279797823-235397082-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, En quarantaine, [6702], [187664],1.0.4894
Trojan.Agent.E.Generic, HKU\S-1-5-21-2018237033-3279797823-235397082-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^22B7C6C05DF43489889415, En quarantaine, [3783], [354437],1.0.4894
Trojan.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C2130560-1238-4BA9-98E9-AEC725F53357}|PATH, En quarantaine, [512], [511639],1.0.4894

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 0
(Aucun élément malveillant détecté)

Fichier: 18
Trojan.PasswordStealer, C:\USERS\3ABIR\APPDATA\ROAMING\MICROSOFT\SECURITY\MCRSTDIO.EXE, En quarantaine, [3629], [514873],1.0.4894
Trojan.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\WINHOSTSTARTFORMACHINE, En quarantaine, [512], [511641],1.0.4894
Trojan.Agent.TskLnk, C:\PROGRAMDATA\WINHOST.EXE, En quarantaine, [3799], [444127],1.0.4894
Trojan.Agent.TskLnk, C:\WINDOWS\SYSTEM32\TASKS\WinHostStartForMachine, En quarantaine, [3799], [-1],0.0.0
Generic.Malware/Suspicious, C:\USERS\3ABIR\APPDATA\ROAMING\22B7C6C05DF43489889415\SVCHOST.EXE, En quarantaine, [0], [392686],1.0.4894
Trojan.Agent.Generic, C:\WINDOWS\SYSTEM32\TASKS\Opera scheduled Autoupdate 4086469641, En quarantaine, [3778], [510920],1.0.4894
Adware.FileTour, C:\WINDOWS\SYSTEM32\TASKS\{343EE2BA-15E9-D8C0-BCED-5E40D6D77A94}, En quarantaine, [394], [511696],1.0.4894
Adware.FileTour, C:\WINDOWS\SYSTEM32\TASKS\{5B946284-FC37-E40E-B89E-5015F5A8661F}, En quarantaine, [394], [511696],1.0.4894
Trojan.MalPack, C:\WINDOWS\SYSTEM32\TASKS\Opera scheduled Autoupdate 4086469641, En quarantaine, [3893], [515931],1.0.4894
Trojan.MalPack, C:\USERS\3ABIR\APPDATA\ROAMING\MICROSOFT\WINDOWS\JTCAIVWW\ERGWTVUD.EXE, En quarantaine, [3893], [515931],1.0.4894
Adware.FileTour, C:\WINDOWS\SYSTEM32\TASKS\{3E1C5874-53EF-866F-40C7-6925D6475865}, En quarantaine, [394], [511696],1.0.4894
Trojan.PasswordStealer, C:\PROGRAMDATA\B24G23JI2\SDNH8AD.EXE, En quarantaine, [3629], [515234],1.0.4894
PUP.Optional.AdvancedSystemCare, C:\PROGRAMDATA\IOBIT\IOBIT MALWARE FIGHTER\DOWNLOADER\IMF5\ADVANCED SYSTEMCARE.EXE, En quarantaine, [4605], [396386],1.0.4894
Generic.Malware/Suspicious, C:\USERS\3ABIR\APPDATA\ROAMING\DE25E01C-A553-C0F0-1FF2-A9F4C346ED68\A7B0F190-DA75-71CB-1CCB-AE35102FC239.EXE, Échec de la suppression, [0], [392686],1.0.4894
Trojan.Dropper, C:\USERS\3ABIR\APPDATA\LOCAL\TEMP\1257.TMP.EXE, En quarantaine, [2895], [516317],1.0.4894
Generic.Malware/Suspicious, C:\USERS\3ABIR\APPDATA\LOCAL\TEMP\AE19.TMP.EXE, En quarantaine, [0], [392686],1.0.4894
Generic.Malware/Suspicious, C:\USERS\3ABIR\APPDATA\LOCAL\TEMP\FBEB.TMP.EXE, En quarantaine, [0], [392686],1.0.4894
Trojan.MalPack, C:\USERS\3ABIR\APPDATA\LOCAL\TEMP\5ED3.TMP.EXE, En quarantaine, [3893], [516200],1.0.4894

Secteur physique: 0
(Aucun élément malveillant détecté)


(end)