Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 02/07/2017
Heure de l'analyse: 16:01
Fichier journal: malwarebytes.txt
Administrateur: Oui

-Informations du logiciel-
Version: 3.1.2.1733
Version de composants: 1.0.141
Version de pack de mise à jour: 1.0.2276
Licence: Gratuit

-Informations système-
Système d'exploitation: Windows 10
Processeur: x64
Système de fichiers: NTFS
Utilisateur: BENJAMIN\benja_000

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 474990
Menaces détectées: 83
Menaces mises en quarantaine: 82
Temps écoulé: 9 min, 35 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Activé
PUM: Activé

-Détails de l'analyse-
Processus: 4
Trojan.BitCoinMiner, C:\PROGRAMDATA\WINDOWSSQL\COM SURROGATE.EXE, En quarantaine, [98], [411217],1.0.2276
RiskWare.BitCoinMiner, C:\PROGRAMDATA\DIRECTX11B\SYSTEM.EXE, En quarantaine, [112], [410558],1.0.2276
RiskWare.Agent.E, C:\ProgramData\WindowsSQL\System.exe, En quarantaine, [1071], [409613],1.0.2276
RiskWare.BitCoinMiner, C:\PROGRAMDATA\FRAMEWORK\SYSTEM.EXE, En quarantaine, [112], [410560],1.0.2276

Module: 4
Trojan.BitCoinMiner, C:\PROGRAMDATA\WINDOWSSQL\COM SURROGATE.EXE, En quarantaine, [98], [411217],1.0.2276
RiskWare.BitCoinMiner, C:\PROGRAMDATA\DIRECTX11B\SYSTEM.EXE, En quarantaine, [112], [410558],1.0.2276
RiskWare.Agent.E, C:\ProgramData\WindowsSQL\System.exe, En quarantaine, [1071], [409613],1.0.2276
RiskWare.BitCoinMiner, C:\PROGRAMDATA\FRAMEWORK\SYSTEM.EXE, En quarantaine, [112], [410560],1.0.2276

Clé du registre: 16
RiskWare.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DirectX11b, En quarantaine, [112], [410558],1.0.2276
PUP.Optional.Sense, HKU\S-1-5-18\SOFTWARE\Sense-nv, En quarantaine, [1595], [242913],1.0.2276
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update Edu App, En quarantaine, [53], [254083],1.0.2276
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, En quarantaine, [53], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, En quarantaine, [53], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, En quarantaine, [287], [-1],0.0.0
RiskWare.Agent.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Framework, En quarantaine, [1071], [409613],1.0.2276
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, En quarantaine, [14631], [235414],1.0.2276
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, En quarantaine, [14631], [235414],1.0.2276
PUP.Optional.Gameo, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\53a6c179_0, En quarantaine, [7087], [185308],1.0.2276
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{23cb3056}, En quarantaine, [279], [240969],1.0.2276
RiskWare.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MinerGate, En quarantaine, [112], [410560],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0e785c76-51ce-4438-9819-0798879a988f}, En quarantaine, [249], [237486],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3e50ccab-cb1c-42f2-90d8-c4531f1338e8}, En quarantaine, [249], [237488],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b4a78158-1c31-4b1c-a82f-dd5d39b7e720}, En quarantaine, [249], [237487],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC80D2AD-5E19-4473-A6A5-69FAA23AFA29}, En quarantaine, [249], [237487],1.0.2276

Valeur du registre: 14
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{0A565B7D-877E-4FA8-9088-A910058FF13E}|AUTOCONFIGURL, En quarantaine, [287], [320554],1.0.2276
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [287], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [287], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-947915296-3583002873-1704246444-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [287], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, En quarantaine, [287], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, En quarantaine, [287], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{1BF6D047-734F-4E30-918F-09378ED832AF}|AUTOCONFIGURL, En quarantaine, [287], [320554],1.0.2276
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{C3A3F0EC-85D1-47B8-B61A-39EE8D9FA0D0}|AUTOCONFIGURL, En quarantaine, [287], [320554],1.0.2276
PUP.Optional.Gameo, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\53a6c179_0|, En quarantaine, [7087], [185308],1.0.2276
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SENSE-BG.EXE, En quarantaine, [1022], [260099],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0e785c76-51ce-4438-9819-0798879a988f}|APPNAME, En quarantaine, [249], [237486],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3e50ccab-cb1c-42f2-90d8-c4531f1338e8}|APPNAME, En quarantaine, [249], [237488],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b4a78158-1c31-4b1c-a82f-dd5d39b7e720}|APPNAME, En quarantaine, [249], [237487],1.0.2276
PUP.Optional.CrossRider, HKU\S-1-5-21-947915296-3583002873-1704246444-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FC80D2AD-5E19-4473-A6A5-69FAA23AFA29}|APPNAME, En quarantaine, [249], [237487],1.0.2276

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 3
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\USERS\BENJA_000\APPDATA\LOCAL\{7A894CD5-5E21-206D-33B9-058517D1F91D}, En quarantaine, [91], [302717],1.0.2276
RiskWare.Agent.E, C:\PROGRAMDATA\WINDOWSSQL, En quarantaine, [1071], [409613],1.0.2276

Fichier: 42
Trojan.BitCoinMiner, C:\PROGRAMDATA\WINDOWSSQL\COM SURROGATE.EXE, En quarantaine, [98], [411217],1.0.2276
Trojan.MultiDropper, C:\PROGRAMDATA\DIRECTX11B\DIRECTX11B.EXE, En quarantaine, [218], [411201],1.0.2276
RiskWare.BitCoinMiner, C:\PROGRAMDATA\WINDOWSSQL\WINDOWS DRIVER SERVICE.EXE, En quarantaine, [112], [411031],1.0.2276
Trojan.BitCoinMiner, C:\PROGRAMDATA\WINDOWSSQL\MDNS2.EXE, En quarantaine, [98], [411251],1.0.2276
PUP.Optional.BrowseFox, C:\USERS\BENJA_000\APPDATA\ROAMING\ZHP\QUARANTINE, En quarantaine, [1800], [299543],1.0.2276
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\AGEIA TECHNOLOGIES\3C4972FD-5601-41ED-89C4-BC6E3C36014E.DLL, En quarantaine, [3], [301067],1.0.2276
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\ASUS\920FB8FB-0003-49F3-8541-FFF21BB54879.DLL, En quarantaine, [3], [301068],1.0.2276
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\AGEIA TECHNOLOGIES\0EE6ADA1-AFF9-47F1-AD76-EB8A5B90022D.DLL, En quarantaine, [3], [301067],1.0.2276
PUP.Optional.InstallCore, C:\PROGRAM FILES (X86)\ASUS\5C0545C4-AFEE-4CC4-9C6B-012F3CEBF2EA.DLL, En quarantaine, [3], [301068],1.0.2276
PUP.Optional.InstallCore, C:\USERS\BENJA_000\DOWNLOADS\CYBERGHOST_6.0.5.2405.EXE, En quarantaine, [3], [395467],1.0.2276
PUP.Optional.InstallCore, C:\USERS\BENJA_000\DOWNLOADS\CYBERGHOST_6.0.5.2405 (1).EXE, En quarantaine, [3], [395467],1.0.2276
Spyware.PasswordStealer, C:\USERS\BENJA_000\DOWNLOADS\PEAN'S PUBLIC MULTIHACK V1.4.3_MPGH.NET.ZIP, En quarantaine, [306], [154400],1.0.2276
PUP.Optional.InstallCore, C:\USERS\BENJA_000\DOWNLOADS\RIGHT CLICK TO NECROMANCE-1.0.EXE, En quarantaine, [3], [300948],1.0.2276
PUP.Optional.WinYahoo, C:\USERS\BENJA_000\APPDATA\LOCAL\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HOWTOREMOVE\HOWTOREMOVE.HTML, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\chromium-min.jpg, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\control panel-min-min.JPG, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\down.png, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\ff menu.JPG, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\ff search engine-min.png, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\hp-min ff.png, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\hp-min ie.png, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\search engine.gif, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\setup pages.gif, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\sp-min.png, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\start-min.jpg, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\HowToRemove\up.png, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\bapi_ff.dat, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\bapi_ie.dat, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\deta.exe, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\install.log, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\nina, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\rola, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\Sqlite3.dll, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\tete, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\uninst.dat, En quarantaine, [91], [302717],1.0.2276
PUP.Optional.WinYahoo, C:\Users\benja_000\AppData\Local\{7A894CD5-5E21-206D-33B9-058517D1F91D}\uninst.exe, En quarantaine, [91], [302717],1.0.2276
RiskWare.BitCoinMiner, C:\PROGRAMDATA\DIRECTX11B\SYSTEM.EXE, En quarantaine, [112], [410558],1.0.2276
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Échec de la suppression, [53], [-1],0.0.0
PUP.Optional.Yontoo, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, En quarantaine, [53], [-1],0.0.0
RiskWare.Agent.E, C:\ProgramData\WindowsSQL\mDNS1.exe, En quarantaine, [1071], [409613],1.0.2276
RiskWare.Agent.E, C:\ProgramData\WindowsSQL\System.exe, En quarantaine, [1071], [409613],1.0.2276
RiskWare.BitCoinMiner, C:\PROGRAMDATA\FRAMEWORK\SYSTEM.EXE, En quarantaine, [112], [410560],1.0.2276

Secteur physique: 0
(Aucun élément malveillant détecté)


(end)