Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 02/12/2018
Heure de l'analyse: 20:53
Fichier journal: fe491240-f66b-11e8-b58d-1c1b0d0464c9.json

-Informations du logiciel-
Version: 3.6.1.2711
Version de composants: 1.0.482
Version de pack de mise à jour: 1.0.8129
Licence: Essai

-Informations système-
Système d'exploitation: Windows 10 (Build 17134.407)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: DESKTOP-9LKCO0D\ahmed

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 293412
Menaces détectées: 65
Menaces mises en quarantaine: 64
Temps écoulé: 2 min, 26 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 25
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows\SPACEMANAGTASK, En quarantaine, [4286], [477229],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA781749-677D-456D-BE68-CBEC2B8C5BBC}, En quarantaine, [4286], [477229],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FA781749-677D-456D-BE68-CBEC2B8C5BBC}, En quarantaine, [4286], [477229],1.0.8129
RiskWare.Agent.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows\SERVICERUN, En quarantaine, [3718], [460068],1.0.8129
RiskWare.Agent.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4A6F6521-1BCC-49AE-B84D-57CB2B861FF8}, En quarantaine, [3718], [460068],1.0.8129
RiskWare.Agent.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4A6F6521-1BCC-49AE-B84D-57CB2B861FF8}, En quarantaine, [3718], [460068],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows\CAMPAIGNMANAGER, En quarantaine, [4286], [477221],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B12BA28D-A65D-4D1F-A77C-26E8A46C6985}, En quarantaine, [4286], [477221],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{B12BA28D-A65D-4D1F-A77C-26E8A46C6985}, En quarantaine, [4286], [477221],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows\FAMILYSAFETYREFRESHERTASK, En quarantaine, [4286], [477225],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{147C1FD4-9F7C-4182-BDF3-577D27D8C4D1}, En quarantaine, [4286], [477225],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{147C1FD4-9F7C-4182-BDF3-577D27D8C4D1}, En quarantaine, [4286], [477225],1.0.8129
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Proxyfilter 5.00, En quarantaine, [403], [584326],1.0.8129
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, En quarantaine, [432], [584322],1.0.8129
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, En quarantaine, [432], [518478],1.0.8129
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MPrForWeathI, En quarantaine, [2774], [572664],1.0.8129
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_B, En quarantaine, [2774], [572665],1.0.8129
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\MTPreC_Qn, En quarantaine, [2774], [572666],1.0.8129
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Polygen.exe, En quarantaine, [739], [568551],1.0.8129
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, En quarantaine, [432], [518476],1.0.8129
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreAm, En quarantaine, [2774], [572667],1.0.8129
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreIc, En quarantaine, [2774], [572668],1.0.8129
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreJ, En quarantaine, [2774], [572669],1.0.8129
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\ShutTPreShM, En quarantaine, [2774], [572670],1.0.8129
Trojan.MalPack, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mpvbsgub, En quarantaine, [560], [605507],1.0.8129

Valeur du registre: 6
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{147C1FD4-9F7C-4182-BDF3-577D27D8C4D1}|PATH, En quarantaine, [4286], [477227],1.0.8129
RiskWare.Agent.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4A6F6521-1BCC-49AE-B84D-57CB2B861FF8}|PATH, En quarantaine, [3718], [460070],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B12BA28D-A65D-4D1F-A77C-26E8A46C6985}|PATH, En quarantaine, [4286], [477223],1.0.8129
RiskWare.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA781749-677D-456D-BE68-CBEC2B8C5BBC}|PATH, En quarantaine, [4286], [477231],1.0.8129
Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En quarantaine, [739], [-1],0.0.0
Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, En quarantaine, [739], [-1],0.0.0

Données du registre: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Remplacé, [12983], [293294],1.0.8129
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Remplacé, [12983], [293295],1.0.8129
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Remplacé, [12983], [293296],1.0.8129

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 5
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\FOLDERSHARE, En quarantaine, [2774], [474043],1.0.8129
Trojan.Agent, C:\PROGRAM FILES (X86)\PROXYFILTER\PROXYFILTER, En quarantaine, [403], [584326],1.0.8129
Trojan.Agent.Generic, C:\USERS\AHMED\APPDATA\LOCAL\985ff0cb-ac2b-4f50-87ba-9edce99314ec, En quarantaine, [3693], [601203],1.0.8129
Adware.Neoreklami, C:\PROGRAMDATA\PUIFUUUTJZRUMTVB, En quarantaine, [908], [602647],1.0.8129
Adware.Neoreklami, C:\USERS\AHMED\APPDATA\LOCALLOW\UVLGKJNZBRGAS, En quarantaine, [908], [605288],1.0.8129

Fichier: 26
RiskWare.BitCoinMiner.E, C:\WINDOWS\SYSTEM32\TASKS\WINDOWS\SPACEMANAGTASK, En quarantaine, [4286], [477229],1.0.8129
RiskWare.Agent.E, C:\WINDOWS\SYSTEM32\TASKS\WINDOWS\SERVICERUN, En quarantaine, [3718], [460068],1.0.8129
Adware.Linkury.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\SHAM.DB, En quarantaine, [3725], [516189],1.0.8129
RiskWare.BitCoinMiner.E, C:\WINDOWS\SYSTEM32\TASKS\WINDOWS\CAMPAIGNMANAGER, En quarantaine, [4286], [477221],1.0.8129
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\FOLDERSHARE\FOLDERSHARE.EXE.CONFIG, En quarantaine, [2774], [474043],1.0.8129
Adware.Tuto4PC, C:\Program Files (x86)\foldershare\foldershare.exe, En quarantaine, [2774], [474043],1.0.8129
RiskWare.BitCoinMiner.E, C:\WINDOWS\SYSTEM32\TASKS\WINDOWS\FAMILYSAFETYREFRESHERTASK, En quarantaine, [4286], [477225],1.0.8129
Trojan.Agent, C:\PROGRAM FILES (X86)\PROXYFILTER\PROXYFILTER\UNINSTALL.INI, En quarantaine, [403], [584326],1.0.8129
Trojan.Agent, C:\Program Files (x86)\Proxyfilter\Proxyfilter\2525252.exe, En quarantaine, [403], [584326],1.0.8129
Trojan.Agent, C:\Program Files (x86)\Proxyfilter\Proxyfilter\Uninstall.exe, En quarantaine, [403], [584326],1.0.8129
Adware.Linkury.Generic, C:\USERS\AHMED\APPDATA\LOCAL\SHAM.DB, En quarantaine, [3725], [516191],1.0.8129
Trojan.Agent.Generic, C:\USERS\AHMED\APPDATA\LOCAL\985ff0cb-ac2b-4f50-87ba-9edce99314ec\FE74.tmp.exe, En quarantaine, [3693], [601203],1.0.8129
PUP.Optional.SpyHunter, C:\PROGRAM FILES\ENIGMASOFT\SPYHUNTER\SPYHUNTER5.EXE, En quarantaine, [3905], [552678],1.0.8129
Adware.Neoreklami, C:\ProgramData\pUIfuUUTjzrUMTVB\!readme.txt, En quarantaine, [908], [602647],1.0.8129
Adware.Neoreklami, C:\ProgramData\pUIfuUUTjzrUMTVB\toUIFNZ.wsf.pumas, En quarantaine, [908], [602647],1.0.8129
Adware.Neoreklami, C:\Users\ahmed\AppData\LocalLow\uVLgKJnzBrgAs\Storage.db.pumas, En quarantaine, [908], [605288],1.0.8129
Adware.Linkury.Generic, C:\USERS\AHMED\APPDATA\LOCAL\CONFIG.XML, En quarantaine, [3725], [404859],1.0.8129
Trojan.MalPack, C:\WINDOWS\SYSWOW64\MPVBSGUB\XAIIGEIR.EXE, En quarantaine, [560], [605507],1.0.8129
Generic.Malware/Suspicious, C:\USERS\AHMED\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\KMS-R@1N.EXE, En quarantaine, [0], [392686],1.0.8129
Adware.OxyPumper, C:\USERS\AHMED\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\39EA.TMP.EXE, En quarantaine, [4222], [604641],1.0.8129
Trojan.MalPack.GS, C:\USERS\AHMED\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\FE74.TMP.EXE, En quarantaine, [7932], [604174],1.0.8129
Adware.Csdimonetize, C:\PROGRAM FILES (X86)\BERZEK\309271491.EXE, En quarantaine, [2860], [603268],1.0.8129
Trojan.MalPack.Gen, C:\VCHGD.EXE, Échec de la suppression, [9616], [78353],1.0.8129
Adware.OxyPumper, C:\USERS\AHMED\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\6225.TMP.EXE, En quarantaine, [4222], [604641],1.0.8129
Trojan.FakeAlert, C:\USERS\AHMED\APPDATA\LOCAL\6524615F-EEAF-437C-AFB6-96A667F98C26\UPDATEWIN.EXE, En quarantaine, [1], [599109],1.0.8129
Trojan.HostsChanger, C:\USERS\AHMED\APPDATA\LOCAL\6524615F-EEAF-437C-AFB6-96A667F98C26\2.EXE, En quarantaine, [8649], [599102],1.0.8129

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)