Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 20/07/2022
Durée d'analyse: 18:33
Fichier journal: 69b3858e-085a-11ed-90f6-5cb901439731.json

-Informations du logiciel-
Version: 4.5.11.202
Version de composants: 1.0.1716
Version de pack de mise à jour: 1.0.57502
Licence: Essai

-Informations système-
Système d'exploitation: Windows 10 (Build 19043.1806)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: DESKTOP-LHO3RNL\Wilfried ASSOUA

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 306288
Menaces détectées: 56
Menaces mises en quarantaine: 56
Temps écoulé: 12 min, 51 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 5
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En quarantaine, 3638, -1, 0.0.0, , action, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-1217866536-1794727317-1073357494-1001\SOFTWARE\MICROSOFT\9f0d66f0, En quarantaine, 489, 821174, 1.0.57502, , ame, , ,
PUP.Optional.ForcedExtension, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\EDGE\EXTENSIONS\odbmjgikedenicicookngdckhkjbebpd, En quarantaine, 274, 1011305, , , , , ,
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, En quarantaine, 385, -1, 0.0.0, , action, , ,
Adware.Neoreklami.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, En quarantaine, 385, -1, 0.0.0, , action, , ,

Valeur du registre: 10
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES|, En quarantaine, 3638, 1069645, 1.0.57502, , ame, , ,
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1217866536-1794727317-1073357494-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, En quarantaine, 3638, -1, 0.0.0, , action, , ,
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, 3638, -1, 0.0.0, , action, , ,
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-1217866536-1794727317-1073357494-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, 3638, -1, 0.0.0, , action, , ,
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, 3638, -1, 0.0.0, , action, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, En quarantaine, 6532, 676880, 1.0.57502, , ame, , ,
Trojan.Glupteba.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{B5D9E97B-46F3-49CF-9AB8-DAF5B5A09651}, En quarantaine, 489, 795081, 1.0.57502, , ame, , ,
Trojan.Glupteba.E, HKU\S-1-5-21-1217866536-1794727317-1073357494-1001\SOFTWARE\MICROSOFT\9f0d66f0|CAMPAIGNID, En quarantaine, 489, 821174, 1.0.57502, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, En quarantaine, 6532, 676880, 1.0.57502, , ame, , ,
PUP.Optional.ForcedExtension, HKU\S-1-5-21-1217866536-1794727317-1073357494-1001\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|odbmjgikedenicicookngdckhkjbebpd, En quarantaine, 274, 1011305, , , , , ,

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 4
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor, En quarantaine, 3491, 995472, , , , , ,
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor, En quarantaine, 3491, 995472, , , , , ,
Trojan.Ranumbot, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\TEMP\CSRSS, En quarantaine, 3491, 995472, 1.0.57502, , ame, , ,
PUP.Optional.ForcedExtension, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Extensions\odbmjgikedenicicookngdckhkjbebpd, En quarantaine, 274, 1011305, , , , , ,

Fichier: 37
Ransom.Stop.Trace, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\BOWSAKKDESTX.TXT, En quarantaine, 4565, 1046255, 1.0.57502, , ame, , CC032340748D8513F03143384C32FC37, AD3F12361F506F2A730A8D584C33652B40B9A465288D4F6710BA2099F181BE63
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\cached-certs, En quarantaine, 3491, 995472, , , , , C06F5519392F40DE53E475C04D753535, F5223A4D85C0DD40717F0A1BDF5DBE5FE66481EDFAAB7E13641DFE4845316150
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\cached-descriptors.new, En quarantaine, 3491, 995472, , , , , 66A5D39D54B1F9297FFB6BD429D01D3F, B597D2422A5FBB5D19417708ECAAB8B01291868C2AF2B29F653A0258634A3E92
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\cached-microdesc-consensus, En quarantaine, 3491, 995472, , , , , AF3FCDBBC6017A9328D457F7252D0D39, D9487B5A543D404A3EE55CEBD5877B43CBF577C0C138491AFDFDD47E46171DC9
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\cached-microdescs, En quarantaine, 3491, 995472, , , , , 81E1A3B88460D4B6F88A2E9BF018A051, DFBED4B9FA9A56BB9ACF90971482C2950AC7D71A033BE15E63CCE45600B8D82F
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\cached-microdescs.new, En quarantaine, 3491, 995472, , , , , ,
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\geoip, En quarantaine, 3491, 995472, , , , , 188580237E98E4E42FB31F71D8696ACD, E0E54836058309521D64BF23420109A79B30D26DB7806301D47E384E3261D5D6
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\geoip6, En quarantaine, 3491, 995472, , , , , 1421DD7F52D7DE22F4BA4F71C055E554, 2B996BF4219F5D2E135646F9E7EE52744881BF0A86CB6B3C5716BAB0CA777243
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\lock, En quarantaine, 3491, 995472, , , , , ,
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\state, En quarantaine, 3491, 995472, , , , , 3D677AF4148357C266833F2CBB005991, 4F8704EE01125412D2F3C793C007C662BDDF8F867EEBC46F68F2E244081EC3FC
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\Tor\unverified-microdesc-consensus, En quarantaine, 3491, 995472, , , , , AF3FCDBBC6017A9328D457F7252D0D39, D9487B5A543D404A3EE55CEBD5877B43CBF577C0C138491AFDFDD47E46171DC9
Trojan.Ranumbot, C:\Users\Wilfried ASSOUA\AppData\Local\Temp\csrss\tor\torrc, En quarantaine, 3491, 995472, , , , , 44467FD5478A96157C9F6F607CCFC39B, 0D223D036B9F8A234B93EAB0A1F6B4122C826EC10324CBA7B135555C9DFF260A
PUP.Optional.ForcedExtension, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Remplacé, 274, 1011305, , , , , 72A445D1C2B1B77F8ECF8DC3CC5CCECD, CF4C0228EFD6C8A1E1B6CE2D1E1DF71CC11180A94182F3F3B7916AD2CD45EF5A
PUP.Optional.ForcedExtension, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Preferences, Remplacé, 274, 1011305, , , , , 2CFE84F056D34C2DD0D762CDB9AB4A26, 64BC685F4F1CBE0064AF0C933C248C72B0F7079DFB44833ABB92D966B19EC273
PUP.Optional.ForcedExtension, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\ODBMJGIKEDENICICOOKNGDCKHKJBEBPD\1.0.0.0_0\SCRIPTS\BG.JS, En quarantaine, 274, 1011305, 1.0.57502, , ame, , 749C8196CC02DC7A137BEC736F4D39DB, 77EE400DC0DF37638A7AECD6B5D070384145956895D8D304F3754DE37A99D309
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\FREEBL3.DLL, En quarantaine, 3703, 820418, 1.0.57502, , ame, , EF2834AC4EE7D6724F255BEAF527E635, A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\VCRUNTIME140.DLL, En quarantaine, 3703, 820419, 1.0.57502, , ame, , 7587BF9CB4147022CD5681B015183046, C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\SOFTOKN3.DLL, En quarantaine, 3703, 820420, 1.0.57502, , ame, , A2EE53DE9167BF0D6C019303B7CA84E5, 43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MSVCP140.DLL, En quarantaine, 3703, 820423, 1.0.57502, , ame, , 109F0F02FD37C84BFC7508D4227D7ED5, 334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\NSS3.DLL, En quarantaine, 3703, 820421, 1.0.57502, , ame, , BFAC4E3C5908856BA17D41EDCD455A51, E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MOZGLUE.DLL, En quarantaine, 3703, 820422, 1.0.57502, , ame, , 8F73C08A9660691143661BF7332C3C27, 3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
Malware.AI.1582090124, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\TEMP\KUXAYMDKMXSDHBCEOG\VWGSLX, En quarantaine, 1000000, 1582090124, 1.0.57502, 5726A305B9CA20E15E4CC78C, dds, 01867103, E3E751BBF63C2B49EA730380609FCD2C, 921235B1580C55355FBFCD8C1B9E95A0AE649B05C6FB2A0D48FC288E59168F68
RiskWare.ShortcutHijack, C:\USERS\WILFRIED ASSOUA\DESKTOP\GOOGLE CHROME.LNK, En quarantaine, 14861, 1005493, 1.0.57502, , ame, , 7A1E51CD7AFB25B5ABC96B34C04EE1BD, 541FE7F61CBDAB3332A68B0557AD0A12F8EBE764E89F06066B31423126E985A4
RiskWare.ShortcutHijack, C:\USERS\PUBLIC\DESKTOP\GOOGLEᅠCHROME.LNK, En quarantaine, 14861, 1005493, 1.0.57502, , ame, , 0EB78E6E64C6C8BE5886E915F840D7ED, 6A1A43BF669CB0DEC5E6615ED2D8279843E3980529DD0F124DBF44930FACE4AA
RiskWare.GameHack, C:\PROGRAM FILES (X86)\2K SPORTS\NBA 2K14\RLD.DLL, En quarantaine, 6870, 352892, 1.0.57502, , ame, , C21C2C8532C84EDA08284A929FB0A149, C8207A78EF2BB104F78DAA159FC5AC1986CA812621596CA7C67C0F9773EFA1E0
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005184, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005183, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005186, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2
Adware.Neoreklami.ChrPRST, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Remplacé, 385, 878860, 1.0.57502, , ame, , 4B7E615ED0C634F05C86212F204772AB, D08C457457D6AD95256113A04BF912F4EA2AF8816EA01DA8A80BA0FE3369B511
Adware.Neoreklami.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, En quarantaine, 385, -1, 0.0.0, , action, , A74E75E5FD645DB409DCE6296AD8C8BE, C1D5CA6580ACF87AC6EF762BC86E2D4E506165B13806583F1D07E14110619416
Adware.Neoreklami.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, En quarantaine, 385, -1, 0.0.0, , action, , 9D99A73B05ED596C72FBAD261F8246C3, 071AC06794A34C8A87A7123F2F9C2DFA541456D66B704DDEE7838B7D5E250CA4
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005181, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005179, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005180, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2
Adware.Neoreklami.ChrPRST, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Remplacé, 385, 878860, 1.0.57502, , ame, , 4B7E615ED0C634F05C86212F204772AB, D08C457457D6AD95256113A04BF912F4EA2AF8816EA01DA8A80BA0FE3369B511
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005182, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2
PUP.Optional.ForcedNotifications, C:\USERS\WILFRIED ASSOUA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Remplacé, 287, 1005185, 1.0.57502, , ame, , DE6BD9F8990828355626A133C7BE7EE8, B9010C686183169D931EC7DBA86671F95CE82F491985E8A88B593F2592A75DD2

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)