cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 19/01/2016
Heure de l'analyse: 22:55
Fichier journal:
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.01.19.05
Base de données de rootkits: v2016.01.09.01
Licence: Premium
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7 Service Pack 1
Processeur: x86
Système de fichiers: NTFS
Utilisateur: Unknown_2015

Type d'analyse: Analyse personnalisée
Résultat: Terminé
Objets analysés: 616323
Temps écoulé: 18 h, 31 min, 15 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 2
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 1412, Supprimer au redémarrage, [2c55e15af2a795a1874d9637f30ed22e]
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 3500, Supprimer au redémarrage, [2c55e15af2a795a1874d9637f30ed22e]

Modules: 0
(Aucun élément malveillant détecté)

Clés du Registre: 3
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, En quarantaine, [2c55e15af2a795a1874d9637f30ed22e],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, En quarantaine, [4839c576455432042807aa4a9b68e51b],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, En quarantaine, [eb961229fe9bbd7995e32ba736cc9b65],

Valeurs du Registre: 3
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}, En quarantaine, [621f8dae4f4aa2941fd3e1c55da6ff01]
PUP.Optional.Linkury, HKU\S-1-5-18\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=DZ&userid=54c4b12a-28a0-f8cf-ed16-e15d2ecd4a7a&searchtype=sc&installDate=19/01/2016&barcodeid=50045888&channelid=888&av=eset, En quarantaine, [2f521229fe9beb4b119019b11ae97d83]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2866674283-3230663183-555734474-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}, En quarantaine, [5e231b202574270ff1feebbb8d769c64]

Données du Registre: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({ielnksrch}),Remplacé,[f190ac8f8712241252bec7f12dd714ec]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2866674283-3230663183-555734474-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}),Remplacé,[c9b8e7540495ef4749c113a561a3c739]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2866674283-3230663183-555734474-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}),Remplacé,[463be259673249ed5dade7d156ae35cb]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2866674283-3230663183-555734474-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pboVG60-ix7Cnn9KhJJUO4nLqhxZJzLcll5N7pMtivWblgIE_StXN15PZByiGj68VrGR09R5wOCOeMe6AtabmgpN08,, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pboVG60-ix7Cnn9KhJJUO4nLqhxZJzLcll5N7pMtivWblgIE_StXN15PZByiGj68VrGR09R5wOCOeMe6AtabmgpN08,),Remplacé,[ef9266d5cecb7abc38d34f69bd479070]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2866674283-3230663183-555734474-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}),Remplacé,[354c102bc6d3b680759515a35ba93bc5]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2866674283-3230663183-555734474-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5vf8KeeGAI8dUI9ZP9bz81aa5If0vcjrXdheryeAOiIyvIc5nqHpm1fopIa7wsf-pp7-MXUIVVXcQdrfFbWS_UVDp-efqXmD1ytLD5udwPrDYky9j4Z9gWnCdRFbDJA1b1obaYDIaroqhDAq0v2QqumQp4,&q={searchTerms}),Remplacé,[6b1668d3fd9c4aecde2e04b4c63ed828]

Dossiers: 1
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs, En quarantaine, [fe837cbfd0c9999dbeb60dc221e122de],

Fichiers: 29
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, Supprimer au redémarrage, [2c55e15af2a795a1874d9637f30ed22e],
PUP.Optional.OpenCandy, C:\Program Files\Freemake\Freemake Video Converter\SetupUpdate.exe, En quarantaine, [09783ffc6d2cda5ca41b415b38c8738d],
VirTool.Obfuscator, C:\Program Files\KONAMI\Pro Evolution Soccer 2013\rld.dll, En quarantaine, [abd648f3b3e63afcb397f1bcdb252dd3],
VirTool.Obfuscator, C:\Program Files\KONAMI\Pro Evolution Soccer 2013\PES2013 Selector Version\1.0.4\rld.dll, En quarantaine, [cab702396435be7885c56449fb05768a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Singflex.exe, En quarantaine, [730e3cffeeab8fa73b3ec21102ffbc44],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\SumIt.exe, En quarantaine, [dda4cc6fc9d02c0a24534c87aa578a76],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Toplex.dll, En quarantaine, [0d7493a84554e551ac8ccf0599683cc4],
HackTool.WpaKill, C:\Users\Public\Desktop\Extra\Activateurs Supplémentaires\RemoveWAT\RemoveWAT.exe, En quarantaine, [dfa274c74f4a10262b580b22f809eb15],
Trojan.Agent.W, C:\Users\Public\Desktop\Extra\Activateurs Supplémentaires\Windows 7 Loader (Daz 1.7.2)\Windows 7 Loader.exe, En quarantaine, [810076c56f2a46f0d6c7490fd92bad53],
Trojan.Agent.MSIL, C:\Users\Unknown_2015\AppData\Local\Temp\vhitN.tmp, En quarantaine, [671a3cff841547ef151018b756ab19e7],
PUP.Optional.Linkury, C:\Users\Unknown_2015\AppData\Local\Temp\VivaJoytough.exe, En quarantaine, [a6db4deef7a283b343d38452aa5710f0],
PUP.Optional.Linkury.ShrtCln, C:\Users\Unknown_2015\AppData\Local\Temp\nsy8838.exe, En quarantaine, [f28f3a01afea0630755fece135ccb050],
PUP.Optional.Amonetize, C:\Users\Unknown_2015\AppData\Local\Temp\U-ron.exe, En quarantaine, [09784dee4a4fa492ea4c27adc63beb15],
PUP.Optional.Linkury.ShrtCln, C:\Users\Unknown_2015\AppData\Local\Temp\Inch-Ron.exe, En quarantaine, [f38e172457421e18b222527bf20f0000],
PUP.Optional.Linkury, C:\Users\Unknown_2015\AppData\Local\Temp\linker.exe, En quarantaine, [bbc6c7747c1d0d292ee84e88e31eca36],
PUP.Optional.Amonetize, C:\Users\Unknown_2015\AppData\Local\Temp\World Racing 2 Volkswagen Golf Downloader__3687_i1816142514_il2453428.exe, En quarantaine, [fa879e9d6237bd7994777b5824ddbf41],
Trojan.Agent.MSIL, C:\Users\Unknown_2015\AppData\Local\Temp\vhitN\tlc.exe, En quarantaine, [7908d26999008caaec39b31c88797d83],
PUP.Optional.InstallCore, C:\Users\Unknown_2015\Documents\Games\Test Drive\[R.G. Mechanics] Test Drive Unlimited Gold\setup.exe, En quarantaine, [661b45f6d3c636005ed9e27560a158a8],
VirTool.Obfuscator, C:\Users\Unknown_2015\Documents\Pes Mix\PES 2013 PATCH 8.1 Dartah 3la gal Tous Les equipes ta3 Champions league\PESMOD PESEDIT 8.1 FINAL\PESMOD PESEDIT 8.1 FINAL\PES2013 Selector Version\1.0.4\rld.dll, En quarantaine, [4a37ca717128a591d67403aae61ad828],
HackTool.WpaKill, C:\Windows.old\Users\Public\Desktop\Extra\Activateurs Supplémentaires\RemoveWAT\RemoveWAT.exe, En quarantaine, [e8999f9c772282b4077cf736b849c43c],
Trojan.Agent.W, C:\Windows.old\Users\Public\Desktop\Extra\Activateurs Supplémentaires\Windows 7 Loader (Daz 1.7.2)\Windows 7 Loader.exe, En quarantaine, [98e929127722290d0c91be9acc381ee2],
PUP.Optional.SafeFinder, C:\Users\Unknown_2015\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage, En quarantaine, [82ffad8e94050d2983c9c60e738fd12f],
PUP.Optional.SafeFinder, C:\Users\Unknown_2015\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal, En quarantaine, [7908ff3c8f0af046d07c389c3fc3aa56],
PUP.Optional.Zoobam, C:\Users\Unknown_2015\AppData\Local\Zoobam.exe.config, En quarantaine, [31502d0e6831a4924bf49f7a7f85dc24],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.HP, En quarantaine, [fe837cbfd0c9999dbeb60dc221e122de],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.NT, En quarantaine, [fe837cbfd0c9999dbeb60dc221e122de],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\snp.sc, En quarantaine, [fe837cbfd0c9999dbeb60dc221e122de],
PUP.Optional.Linkury.ShrtCln, C:\Users\Unknown_2015\AppData\Roaming\Mozilla\Firefox\Profiles\tzc0bktm.default\prefs.js, Bon : (), Mauvais : (user_pref("browser.newtab.url", "C:\ProgramData\Airtostrongs\ff.NT");), Remplacé,[522ffd3e8f0abf771dd0dd010103aa56]
PUP.Optional.Linkury.ShrtCln, C:\Users\Unknown_2015\AppData\Roaming\Mozilla\Firefox\Profiles\tzc0bktm.default\prefs.js, Bon : (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Mauvais : (user_pref("browser.startup.homepage", "C:\ProgramData\Airtostrongs\ff.HP), Remplacé,[e1a0a39894054bebe7263aadd034b050]

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité