cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'analyse: 04/02/2016
Heure de l'analyse: 00:09
Fichier journal:
Administrateur: Oui

Version: 2.2.0.1024
Base de données de programmes malveillants: v2016.02.03.06
Base de données de rootkits: v2016.01.20.01
Licence: Essai
Protection contre les programmes malveillants: Activé
Protection contre les sites Web malveillants: Activé
Autoprotection: Désactivé

Système d'exploitation: Windows 7
Processeur: x86
Système de fichiers: NTFS
Utilisateur: chawki

Type d'analyse: Analyse des menaces
Résultat: Terminé
Objets analysés: 284158
Temps écoulé: 8 min, 22 s

Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Activé
Heuristique: Activé
PUP: Activé
PUM: Activé

Processus: 2
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 1604, Supprimer au redémarrage, [d37f69f3059444f2340bc70acc354cb4]
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 3700, Supprimer au redémarrage, [d37f69f3059444f2340bc70acc354cb4]

Modules: 2
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Hotstattrax.dll, Supprimer au redémarrage, [242e74e8b0e9979f31a909cdac55b947],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Hotstattrax.dll, Supprimer au redémarrage, [242e74e8b0e9979f31a909cdac55b947],

Clés du Registre: 12
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, En quarantaine, [d37f69f3059444f2340bc70acc354cb4],
PUP.Optional.Koyote, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Free Easy CD DVD Burner, En quarantaine, [d1810a52a5f454e220e0af89e61bd12f],
PUP.Optional.Linkury, HKLM\SOFTWARE\mtAirtostrong, En quarantaine, [3220f6666435e551528e68e5ec18ae52],
PUP.Optional.Linkury, HKLM\SOFTWARE\mtcaMyciloP, En quarantaine, [57fb213becad86b0a5abca832fd5768a],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\Airtostrong_RASAPI32, En quarantaine, [6ee455077f1a270f14cbda73d232ab55],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\TRACING\Airtostrong_RASMANCS, En quarantaine, [74de5606514862d4a13e3d103ec69b65],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\caMyciloP.exe, En quarantaine, [470b9dbf5544fd39014dae9f41c38977],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, En quarantaine, [7ad8eb71afeac76f5626c04894703ac6],
PUP.Optional.PluginContainer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICE MGR PASSANDPLAY, En quarantaine, [074b36263a5f86b0ef28896110f3e31d],
PUP.Optional.Updater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UPDATE MGR PASSANDPLAY, En quarantaine, [4f037ce01a7f41f56e740cef23e0c040],
PUP.Optional.YahooVNM, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, En quarantaine, [81d1ce8ec3d67cba6053d32d808423dd],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Airtostrong, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],

Valeurs du Registre: 7
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}, En quarantaine, [b49e0656e9b0f442bcb744771de67789]
PUP.Optional.PluginContainer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr PassandPlay|ImagePath, "C:\ProgramData\6cd7b088-ad43-47a9-9f65-96d8797bb92b\plugincontainer.exe", En quarantaine, [074b36263a5f86b0ef28896110f3e31d]
PUP.Optional.Updater, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr PassandPlay|ImagePath, "C:\Program Files\Common Files\6cd7b088-ad43-47a9-9f65-96d8797bb92b\updater.exe", En quarantaine, [4f037ce01a7f41f56e740cef23e0c040]
PUP.Optional.Linkury, HKU\S-1-5-18\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=DZ&userid=7b372463-e6dd-99b0-257b-6404e707efd3&searchtype=sc&installDate=01/02/2016&barcodeid=50045888&channelid=888&av=windows, En quarantaine, [7ad80c506a2fde5813f7f7e833d06997]
PUP.Optional.YahooVNM, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_160203__yaie&p={searchTerms}, En quarantaine, [81d1ce8ec3d67cba6053d32d808423dd]
PUP.Optional.YahooVNM, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|TopResultURL, https://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_160203__yaie&p={searchTerms}, En quarantaine, [3a18b4a87722fa3c5f54da26a75d39c7]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}, En quarantaine, [8dc5e874d0c9310593dd2b9058ab6997]

Données du Registre: 7
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Airtostrong\Hotstattrax.dll, Bon : (), Mauvais : (C:\ProgramData\Airtostrong\Hotstattrax.dll),Remplacé,[242e74e8b0e9979f31a909cdac55b947]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Bon : ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Mauvais : ({ielnksrch}),Remplacé,[074b6fedaeebdd598c04c80aac588e72]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}),Remplacé,[ff5328349207bb7be9a1726012f254ac]
PUP.Optional.YahooVNM, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160203__yaie, Bon : (www.google.com), Mauvais : (https://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160203__yaie),Remplacé,[5bf71646a9f06bcb30668f46828243bd]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}),Remplacé,[1d353e1e6d2cc67078129d35c63ea15f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}),Remplacé,[82d028344257da5c1b6f8a48976d7d83]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1723699868-574529785-3330509754-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}, Bon : (www.google.com), Mauvais : (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByuMcS4zqTgWbU5kjLm08HUjOHOrscECCTMUZdfxh5fQaSFPGz4oQztgDNWtZIA2cbOnBNBnyhO2bu0h_6Zj-gYrdIUeOMSMaidOScdbD2kKiaS1qChtlpv2WXtSe3V7o0_SmabXuqSg-YstxPrKeeE5tcSavaedzuo0ybsKFM1k,&q={searchTerms}),Remplacé,[381a7ae248516ec8a9e38949b94b4bb5]

Dossiers: 3
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs, En quarantaine, [4b074616f2a703337215e7fb50b2a65a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong, Supprimer au redémarrage, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\ondemand, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],

Fichiers: 38
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, Supprimer au redémarrage, [d37f69f3059444f2340bc70acc354cb4],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Hotstattrax.dll, Supprimer au redémarrage, [242e74e8b0e9979f31a909cdac55b947],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Lambam.dll, En quarantaine, [341ea0bc2a6f191de2b854839869738d],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Stocklam.exe, En quarantaine, [a5ad65f7aeeb25118059dafc2ed3c937],
PUP.Optional.Linkury.ShrtCln, C:\Program Files\Common Files\nm055yks.exe, En quarantaine, [034f223ae2b7ff379ea1fcd5de236d93],
PUP.Optional.Koyote, C:\Program Files\Free Easy CD DVD Burner\Uninstall.exe, En quarantaine, [d1810a52a5f454e220e0af89e61bd12f],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{0AD0634E-4A1C-4CDB-9A1E-8A4D36CF3296}.xpi, En quarantaine, [e86a05572277e551a96260c9c23fc739],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{22460A39-7C8A-4DBA-99E7-1FC4DF22BBD3}.xpi, En quarantaine, [71e1332908918aac40cbad7c9d64c13f],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{3E19B3B7-E9B2-42F6-BD42-343D247C081D}.xpi, En quarantaine, [82d04d0f227743f34fbc1c0df9089868],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{54FEA1A6-D5EB-4EC1-86E6-B1F6DA9A810B}.xpi, En quarantaine, [6ce61a424a4f94a2fe0dfc2d4db47c84],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{85672321-C74D-4034-BAFE-A46DEE420349}.xpi, En quarantaine, [f45e124a6a2f3501a566e544f50c42be],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{C0A211FA-BD6B-4CFE-BE98-396EA297C40F}.xpi, En quarantaine, [2d2533295d3ce94dae5d0227ff02847c],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{C40B6A18-E9B3-4D7E-98EF-9835A3D7FF39}.xpi, En quarantaine, [e46e0458bfda2b0bb952f0394cb58080],
PUP.Optional.Yontoo.Gen, C:\Users\chawki\AppData\Local\Temp\{E1274610-888D-4C1F-946B-B8605FCB5B29}.xpi, En quarantaine, [77db2834dabff93d14f78b9ee41d17e9],
PUP.Optional.Linkury, C:\Windows\Temp\tmp5706.tmp, En quarantaine, [ed657ce04a4f58de55cac81e41c03fc1],
PUP.Optional.Linkury, C:\Windows\Temp\tmp5C16.tmp, En quarantaine, [55fdb9a340594aecb26d9d49eb163dc3],
PUP.Optional.Linkury, C:\Windows\Temp\tmp6163.tmp, En quarantaine, [9ab86eee1287d363e13e36b0c73a04fc],
PUP.Optional.Koyote, C:\Users\chawki\Downloads\Setup_FreeBurner.exe, En quarantaine, [1042e07c9bfe0531a65af543d32e8977],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.HP, En quarantaine, [4b074616f2a703337215e7fb50b2a65a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.NT, En quarantaine, [4b074616f2a703337215e7fb50b2a65a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\snp.sc, En quarantaine, [4b074616f2a703337215e7fb50b2a65a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\LabSololam.exe.config, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.d.dat, Supprimer au redémarrage, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Airtostrong.dat, Supprimer au redémarrage, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Betalex.bin, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\conf.config, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\confpro.config, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Donphase.bin, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Homeplus.bin, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\HotIs.exe.config, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Kaytax.bin, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Key-Com.bin, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Stocklam.exe.config, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\SubIty.exe.config, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Sunozefresh.dat, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Tamtax.bin, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Tin-Lam.bin, En quarantaine, [65edadaf7e1be94d533e2fb4ee14f60a],
PUP.Optional.Linkury, C:\ProgramData\Airtostrong\Zamhold.dat, Supprimer au redémarrage, [65edadaf7e1be94d533e2fb4ee14f60a],

Secteurs physiques: 0
(Aucun élément malveillant détecté)


(end)

Publicité


Signaler le contenu de ce document

Publicité