Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 2/26/19 Scan Time: 9:03 PM Log File: 9380dff4-3a01-11e9-be0e-000ffec1287c.json -Software Information- Version: 3.7.1.2839 Components Version: 1.0.538 Update Package Version: 1.0.9430 License: Trial -System Information- OS: Windows 7 CPU: x86 File System: NTFS User: WIN-AC3B4J0J3N0\Administrator -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 161695 Threats Detected: 34 Threats Quarantined: 0 Time Elapsed: 1 min, 16 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 8 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, No Action By User, [3184], [431499],1.0.9430 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22DE983A-F17D-4394-B036-7280EBE48D5E}, No Action By User, [3184], [431499],1.0.9430 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{22DE983A-F17D-4394-B036-7280EBE48D5E}, No Action By User, [3184], [431499],1.0.9430 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDefender, No Action By User, [417], [455564],1.0.9430 RiskWare.BitCoinMiner, HKU\S-1-5-21-2994604245-221536124-390059164-500\SOFTWARE\EpicNet Inc., No Action By User, [734], [451809],1.0.9430 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMONPROCESSMONITOR, No Action By User, [417], [482873],1.0.9430 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMONFS, No Action By User, [417], [482871],1.0.9430 Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMON, No Action By User, [99], [431630],1.0.9430 Registry Value: 9 Trojan.Agent.E, HKU\S-1-5-21-2994604245-221536124-390059164-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CrimsonPaper, No Action By User, [3710], [643850],1.0.9430 RiskWare.BitCoinMiner, HKU\S-1-5-21-2994604245-221536124-390059164-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CloudNet, No Action By User, [734], [512160],1.0.9430 Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22DE983A-F17D-4394-B036-7280EBE48D5E}|PATH, No Action By User, [3184], [431497],1.0.9430 Trojan.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{C5C79F5B-F37C-4BE9-9BE4-C001E20C1433}, No Action By User, [604], [446017],1.0.9430 PUP.Optional.CloudNet, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{ABFD95B5-61D3-4965-90CF-9A1A5E75EEE6}, No Action By User, [6116], [446028],1.0.9430 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMONPROCESSMONITOR|IMAGEPATH, No Action By User, [417], [482873],1.0.9430 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEFENDER|IMAGEPATH, No Action By User, [417], [428246],1.0.9430 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMONFS|IMAGEPATH, No Action By User, [417], [482871],1.0.9430 Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINMON|IMAGEPATH, No Action By User, [99], [431630],1.0.9430 Registry Data: 1 PUM.Optional.DisableShowSearch, HKU\S-1-5-21-2994604245-221536124-390059164-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [13234], [293317],1.0.9430 Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.CloudNet, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\CSRSS, No Action By User, [6116], [448845],1.0.9430 RiskWare.BitCoinMiner, C:\Users\Administrator\AppData\Roaming\EpicNet Inc\CloudNet, No Action By User, [734], [512160],1.0.9430 RiskWare.BitCoinMiner, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\EpicNet Inc, No Action By User, [734], [512160],1.0.9430 RiskWare.BitCoinMiner, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\WUP, No Action By User, [734], [512161],1.0.9430 File: 12 Trojan.Agent.E, C:\WINDOWS\RSS\CSRSS.EXE, No Action By User, [3710], [643850],1.0.9430 Trojan.Clicker, C:\WINDOWS\SYSTEM32\TASKS\CSRSS, No Action By User, [3184], [431499],1.0.9430 PUP.Optional.CloudNet, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\CSRSS\CLOUDNET.EXE, No Action By User, [6116], [448845],1.0.9430 PUP.Optional.CloudNet, C:\Users\Administrator\AppData\Local\Temp\csrss\scheduled.exe, No Action By User, [6116], [448845],1.0.9430 PUP.Optional.CloudNet, C:\Users\Administrator\AppData\Local\Temp\csrss\updateprofile-0218.exe, No Action By User, [6116], [448845],1.0.9430 RiskWare.BitCoinMiner, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\EpicNet Inc\CLOUDNET\cloudnet.exe, No Action By User, [734], [512160],1.0.9430 RiskWare.BitCoinMiner, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\WUP\WUP.EXE, No Action By User, [734], [512161],1.0.9430 Trojan.Agent, C:\WINDOWS\WINDEFENDER.EXE, No Action By User, [417], [455564],1.0.9430 Trojan.Agent, C:\WINDOWS\SYSTEM32\DRIVERS\WINMONPROCESSMONITOR.SYS, No Action By User, [417], [482873],1.0.9430 Trojan.Agent, C:\WINDOWS\SYSTEM32\DRIVERS\WINMONFS.SYS, No Action By User, [417], [482871],1.0.9430 Adware.Agent, C:\WINDOWS\SYSTEM32\DRIVERS\WINMON.SYS, No Action By User, [99], [431630],1.0.9430 Trojan.MalPack.GS.Generic, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\390448671\APP.EXE, No Action By User, [9789], [644605],1.0.9430 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)