Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 20/03/2019
Heure de l'analyse: 20:48
Fichier journal: 341ec46e-4b49-11e9-9855-d050998a0dda.json

-Informations du logiciel-
Version: 3.7.1.2839
Version de composants: 1.0.0
Version de pack de mise à jour: 1.0.9770
Licence: Essai

-Informations système-
Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: ARNAUD\Arnaud

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 235486
Menaces détectées: 51
Menaces mises en quarantaine: 51
Temps écoulé: 3 min, 28 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 10
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En quarantaine, [499], [-1],0.0.0
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{CF5EDDB4-3D8E-52E3-78D5-CA3A4212DB74}, En quarantaine, [14529], [555894],1.0.9770
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C9D4497F-F2C2-4E0C-A870-C4ACACB2D91F}, En quarantaine, [14529], [555894],1.0.9770
Trojan.StartPage.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C9D4497F-F2C2-4E0C-A870-C4ACACB2D91F}, En quarantaine, [14529], [555894],1.0.9770
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{89A4D977-6CAF-4D29-2BF4-B2013EFDC82E}, En quarantaine, [5970], [596760],1.0.9770
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FDC4D2A2-F2C9-4D3C-81F0-1C89713F51E1}, En quarantaine, [5970], [596760],1.0.9770
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{FDC4D2A2-F2C9-4D3C-81F0-1C89713F51E1}, En quarantaine, [5970], [596760],1.0.9770
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{D80BFE89-8505-21A7-E6C5-FC5B2FCC5430}, En quarantaine, [5970], [596760],1.0.9770
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4235BC6C-ED8A-4094-B77D-61EA93451459}, En quarantaine, [5970], [596760],1.0.9770
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4235BC6C-ED8A-4094-B77D-61EA93451459}, En quarantaine, [5970], [596760],1.0.9770

Valeur du registre: 3
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [499], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-3607436091-898408758-3628944739-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [499], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [499], [-1],0.0.0

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 10
Adware.Wajam, C:\PROGRAM FILES\NmNlZWFiZjQ, En quarantaine, [499], [556539],1.0.9770
Trojan.BitCoinMiner, C:\ProgramData\7YFL848IB17LBVPXHNND\files\Wallets\ElectronCash, En quarantaine, [607], [628365],1.0.9770
Trojan.BitCoinMiner, C:\ProgramData\7YFL848IB17LBVPXHNND\files\Wallets\ElectrumLTC, En quarantaine, [607], [628365],1.0.9770
Trojan.BitCoinMiner, C:\ProgramData\7YFL848IB17LBVPXHNND\files\Wallets\MultiDoge, En quarantaine, [607], [628365],1.0.9770
Trojan.BitCoinMiner, C:\ProgramData\7YFL848IB17LBVPXHNND\files\Wallets\Electrum, En quarantaine, [607], [628365],1.0.9770
Trojan.BitCoinMiner, C:\ProgramData\7YFL848IB17LBVPXHNND\files\Wallets\Ethereum, En quarantaine, [607], [628365],1.0.9770
Trojan.BitCoinMiner, C:\ProgramData\7YFL848IB17LBVPXHNND\files\Wallets\Exodus, En quarantaine, [607], [628365],1.0.9770
Trojan.BitCoinMiner, C:\ProgramData\7YFL848IB17LBVPXHNND\files\Wallets\JAXX, En quarantaine, [607], [628365],1.0.9770
Trojan.BitCoinMiner, C:\PROGRAMDATA\7YFL848IB17LBVPXHNND\FILES\Wallets, En quarantaine, [607], [628365],1.0.9770
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\POLYGENS, En quarantaine, [217], [380106],1.0.9770

Fichier: 28
Adware.Linkury.Generic, C:\USERS\ARNAUD\APPDATA\LOCAL\NOAH.DAT, En quarantaine, [3735], [404865],1.0.9770
Adware.Linkury.Generic, C:\USERS\ARNAUD\APPDATA\LOCAL\MD.XML, En quarantaine, [3735], [404866],1.0.9770
Adware.Linkury.Generic, C:\USERS\ARNAUD\APPDATA\LOCAL\MAIN.DAT, En quarantaine, [3735], [442900],1.0.9770
Adware.Wajam, C:\PROGRAM FILES\NmNlZWFiZjQ\WBE_uninstall.dat, En quarantaine, [499], [556539],1.0.9770
Adware.Wajam, C:\Program Files\NmNlZWFiZjQ\MjgzMjU, En quarantaine, [499], [556539],1.0.9770
Adware.Wajam, C:\Program Files\NmNlZWFiZjQ\service.dat, En quarantaine, [499], [556539],1.0.9770
Adware.Wajam, C:\Program Files\NmNlZWFiZjQ\service_64.dat, En quarantaine, [499], [556539],1.0.9770
Adware.Linkury.Generic, C:\USERS\ARNAUD\APPDATA\LOCAL\SHAM.DB, En quarantaine, [3735], [516191],1.0.9770
Adware.Linkury.Generic, C:\USERS\ARNAUD\APPDATA\LOCAL\Y-lex.tst, En quarantaine, [3735], [404871],1.0.9770
Trojan.Agent.Generic, C:\USERS\ARNAUD\APPDATA\ROAMING\VOLID.URL, En quarantaine, [3700], [606817],1.0.9770
Adware.Linkury.Generic, C:\USERS\ARNAUD\APPDATA\LOCAL\AGENT.DAT, En quarantaine, [3735], [404872],1.0.9770
Trojan.Agent.Generic, C:\USERS\ARNAUD\APPDATA\ROAMING\IPLOG.URL, En quarantaine, [3700], [606819],1.0.9770
Adware.Linkury.Generic, C:\USERS\ARNAUD\APPDATA\LOCAL\CONFIG.XML, En quarantaine, [3735], [404859],1.0.9770
Adware.Linkury.TskLnk, C:\USERS\ARNAUD\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, En quarantaine, [14561], [444923],1.0.9770
PUP.Optional.Linkury.Generic, C:\PROGRAMDATA\POLYGENS\FF.HP, En quarantaine, [217], [380106],1.0.9770
PUP.Optional.Linkury.Generic, C:\ProgramData\Polygens\ff.NT, En quarantaine, [217], [380106],1.0.9770
PUP.Optional.Linkury.Generic, C:\ProgramData\Polygens\snp.sc, En quarantaine, [217], [380106],1.0.9770
Trojan.StartPage.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{CF5EDDB4-3D8E-52E3-78D5-CA3A4212DB74}, En quarantaine, [14529], [555894],1.0.9770
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.StartPage.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, En quarantaine, [14529], [-1],0.0.0
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{89A4D977-6CAF-4D29-2BF4-B2013EFDC82E}, En quarantaine, [5970], [596760],1.0.9770
Trojan.BitCoinMiner.BatBitRst, C:\WINDOWS\SYSTEM32\TASKS\{D80BFE89-8505-21A7-E6C5-FC5B2FCC5430}, En quarantaine, [5970], [596760],1.0.9770

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)