Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 09/04/2019
Heure de l'analyse: 20:23
Fichier journal: 842059ae-5af4-11e9-9d57-d8cb8ac64ad6.json

-Informations du logiciel-
Version: 3.7.1.2839
Version de composants: 1.0.563
Version de pack de mise à jour: 1.0.10072
Licence: Essai

-Informations système-
Système d'exploitation: Windows 10 (Build 17763.379)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: PCDEJEZZ\ADMIN

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Manuel
Résultat: Terminé
Objets analysés: 311059
Menaces détectées: 58
Menaces mises en quarantaine: 58
Temps écoulé: 2 min, 21 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 14
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows Utility Service Checker Tool Background 649139563242594, En quarantaine, [747], [663862],1.0.10072
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2C40ADC-2609-4631-BACF-2F7478F06443}, En quarantaine, [747], [663862],1.0.10072
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\BOOT\{E2C40ADC-2609-4631-BACF-2F7478F06443}, En quarantaine, [747], [663862],1.0.10072
RiskWare.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Windows Driver System Updater, En quarantaine, [747], [597001],1.0.10072
Adware.Ghokswa, HKU\S-1-5-21-3948345469-1245381183-4131720330-1001\SOFTWARE\Antanna, En quarantaine, [833], [447098],1.0.10072
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-3948345469-1245381183-4131720330-1001\CONSOLE\TASKENG.EXE, En quarantaine, [6324], [425125],1.0.10072
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-3948345469-1245381183-4131720330-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, En quarantaine, [6324], [425124],1.0.10072
Adware.Ghokswa, HKLM\SOFTWARE\WOW6432NODE\Antanna, En quarantaine, [833], [447099],1.0.10072
Adware.Ghokswa, HKLM\SOFTWARE\WOW6432NODE\Bookness, En quarantaine, [833], [399926],1.0.10072
Adware.Ghokswa, HKLM\SOFTWARE\WOW6432NODE\Eggper, En quarantaine, [833], [403589],1.0.10072
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971}, En quarantaine, [482], [375406],1.0.10072
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CSHMDR, En quarantaine, [482], [400538],1.0.10072
Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CWASRE, En quarantaine, [482], [399145],1.0.10072
Adware.Elex, HKLM\SOFTWARE\WOW6432NODE\{84416237-6490-494D-9AD6-4994DD978971}, En quarantaine, [482], [371536],1.0.10072

Valeur du registre: 5
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-3948345469-1245381183-4131720330-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, En quarantaine, [6324], [425126],1.0.10072
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-3948345469-1245381183-4131720330-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, En quarantaine, [6324], [425125],1.0.10072
PUP.Optional.PSScriptLoad.ACMB3, HKU\S-1-5-21-3948345469-1245381183-4131720330-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, En quarantaine, [6324], [425124],1.0.10072
RiskWare.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E2C40ADC-2609-4631-BACF-2F7478F06443}|PATH, En quarantaine, [747], [663864],1.0.10072
RiskWare.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWS DRIVER SYSTEM UPDATER|IMAGEPATH, En quarantaine, [747], [597002],1.0.10072

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 13
Adware.Elex, C:\USERS\ADMIN\APPDATA\LOCAL\GLORY, En quarantaine, [482], [404588],1.0.10072
Adware.Elex.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\CSHMDR, En quarantaine, [2108], [396974],1.0.10072
Adware.Elex.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\CWASRE, En quarantaine, [2108], [396974],1.0.10072
RiskWare.BitCoinMiner, C:\Program Files\System Updates\Windows Driver System Update, En quarantaine, [747], [597001],1.0.10072
RiskWare.BitCoinMiner, C:\PROGRAM FILES\SYSTEM UPDATES, En quarantaine, [747], [597001],1.0.10072
Adware.Elex, C:\REIMWARD, En quarantaine, [482], [401114],1.0.10072
Adware.Elex, C:\USERS\ADMIN\APPDATA\LOCAL\ATEBISEACK, En quarantaine, [482], [402909],1.0.10072
Adware.Elex, C:\USERS\DEFAULT\APPDATA\LOCAL\ATEBISEACK, En quarantaine, [482], [402909],1.0.10072
Adware.Elex, C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\ATEBISEACK, En quarantaine, [482], [402909],1.0.10072
Adware.Elex, C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\APPDATA\LOCAL\ATEBISEACK, En quarantaine, [482], [402909],1.0.10072
Adware.OnlineIO, C:\WINDOWS\INSTALLER\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, En quarantaine, [1206], [414815],1.0.10072
RiskWare.BitCoinMiner, C:\ProgramData\System Updates\Windows Driver System Update\updates, En quarantaine, [747], [597399],1.0.10072
RiskWare.BitCoinMiner, C:\PROGRAMDATA\SYSTEM UPDATES\Windows Driver System Update, En quarantaine, [747], [597399],1.0.10072

Fichier: 26
Adware.Elex, C:\USERS\ADMIN\APPDATA\LOCAL\GLORY\GLORY.DLL, En quarantaine, [482], [404588],1.0.10072
RiskWare.BitCoinMiner, C:\WINDOWS\SYSTEM32\TASKS\Windows Utility Service Checker Tool Background 649139563242594, En quarantaine, [747], [663862],1.0.10072
Adware.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, En quarantaine, [1206], [414818],1.0.10072
Adware.Elex.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\CSHMDR\Snare.dll, En quarantaine, [2108], [396974],1.0.10072
Adware.Elex.Generic, C:\USERS\ADMIN\APPDATA\LOCAL\CWASRE\Snare.dll, En quarantaine, [2108], [396974],1.0.10072
RiskWare.BitCoinMiner, C:\PROGRAM FILES\SYSTEM UPDATES\WINDOWS DRIVER SYSTEM UPDATE\ServiceUpdater.xml, En quarantaine, [747], [597001],1.0.10072
RiskWare.BitCoinMiner, C:\Program Files\System Updates\Windows Driver System Update\Windows Driver System Updater.exe, En quarantaine, [747], [597001],1.0.10072
RiskWare.BitCoinMiner, C:\Program Files\System Updates\Windows Driver System Update\Windows Driver System Updater.ini, En quarantaine, [747], [597001],1.0.10072
Adware.OnlineIO, C:\Windows\Installer\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\online.exe, En quarantaine, [1206], [414815],1.0.10072
Adware.OnlineIO, C:\Windows\Installer\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}\SystemFoldermsiexec.exe, En quarantaine, [1206], [414815],1.0.10072
RiskWare.BitCoinMiner, C:\ProgramData\System Updates\Windows Driver System Update\updates\updates.aiu, En quarantaine, [747], [597399],1.0.10072
Trojan.FakeMS.Generic, C:\PROGRAMDATA\PERFORMANCE TOOL\TRZ69ED.TMP, En quarantaine, [10483], [598037],1.0.10072
Adware.Elex.SHHKRST, C:\USERS\ADMIN\APPDATA\ROAMING\STICESY\MUDELEATOWET.DLL, En quarantaine, [815], [396509],1.0.10072
Adware.Elex.SHHKRST, C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\APPDATA\ROAMING\STICESY\MUDELEATOWET.DLL, En quarantaine, [815], [396509],1.0.10072
PUP.Optional.Jawego, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\EVENT MONITOR.DIR\ISXDL.DLL, En quarantaine, [600], [446383],1.0.10072
PUP.Optional.OnlineIO, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\WW-ONLINE.IO-INSTALLER.EXE, En quarantaine, [3676], [407216],1.0.10072
Generic.Malware/Suspicious, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\SMP2.EXE, En quarantaine, [0], [392686],1.0.10072
Adware.Elex.SHHKRST, C:\USERS\DEFAULT\APPDATA\ROAMING\STICESY\MUDELEATOWET.DLL, En quarantaine, [815], [396509],1.0.10072
MachineLearning/Anomalous.100%, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\DLLESCORT2018\DLLESCORT.EXE, En quarantaine, [0], [392687],1.0.10072
Generic.Malware/Suspicious, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\SAN5216.TMP, En quarantaine, [0], [392686],1.0.10072
Generic.Malware/Suspicious, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\TIB51F5.TMP, En quarantaine, [0], [392686],1.0.10072
Adware.Elex, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\~BK1FD.TMP, En quarantaine, [482], [589833],1.0.10072
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.8.2\STANDALONEPHASE1.DAT, En quarantaine, [8017], [393793],1.0.10072
PUP.Optional.Jawego, C:\USERS\ADMIN\APPDATA\ROAMING\ZHP\QUARANTINE\ISXDL.DLL, En quarantaine, [600], [446383],1.0.10072
Adware.Elex.SHHKRST, C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\STICESY\MUDELEATOWET.DLL, En quarantaine, [815], [396509],1.0.10072
Generic.Malware/Suspicious, C:\USERS\ADMIN\DESKTOP\OINSTALL.EXE, En quarantaine, [0], [392686],1.0.10072

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)