Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 17/12/2015 Scan Time: 18:00:25 Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.12.17.04 Rootkit Database: v2014.11.18.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: mourad Scan Type: Threat Scan Result: Completed Objects Scanned: 343225 Time Elapsed: 12 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 10 Trojan.Agent.MSIL, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\entdtwojozuuaate, , [37f12b7bdeada88e0325ef3ade234db3], PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, , [df4962448a014ee86d2df2dc05fe0ef2], PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_NimZap, , [5fc9a2045d2e1125d843976540c331cf], PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [ae7aeeb8f3985fd778718448ad56827e], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtSaophase, , [e444d0d63b50f0465eea1e8d35cd6f91], PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, , [c3658c1a2d5e40f62575498553b0817f], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [2ff9574fec9fbd799257a428d3302cd4], PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, , [98904d59107b34025878961460a20cf4], PUP.Optional.Linkury, HKU\S-1-5-21-212472963-4267902375-3941050132-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mtAirron, , [9c8cb3f3474477bf5b07f41356ae53ad], PUP.Optional.Linkury, HKU\S-1-5-21-212472963-4267902375-3941050132-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mtSaophase, , [8f99aef84e3d0e280c362b80946e52ae], Registry Values: 2 PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduVOkusfpweRWxl0E7aA_aREbxOAdewijyOCnIK6GAlYN8k8m6GI7J48wOZAPfFkQt336irTJVWX25kuZrk16TFqaeYje8Ihv3RKwj6zD1dTCO9JIWjL8M6DRaW2fg8RZ9Q,,&q={searchTerms}, , [a088a501513ac76f74fcb6c907fce41c] PUP.Optional.Linkury, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=defaultap&co=DZ&userid=ef8332bb-b482-3754-9a68-2a74c9bec455&searchtype=sc&installDate=&barcodeid=50014999&channelid=999, , [ac7c7432a0eb0d29da5e9f04c73c926e] Registry Data: 3 PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),,[5dcbc0e6ec9f79bd8f43fe866d9702fe] Hijack.Shell, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, explorer.exe, "C:\Users\mourad\AppData\Roaming\Microsoft\Windows\Templates\O41414Z\TuxO41414Z.exe", Good: (Explorer.exe), Bad: (explorer.exe, "C:\Users\mourad\AppData\Roaming\Microsoft\Windows\Templates\O41414Z\TuxO41414Z.exe"),,[ad7b04a27f0ce74f9a927d01c83c8c74] PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-212472963-4267902375-3941050132-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduVOkusfpweRWxl0E7aA_aREbxOAdewijyOCnIK6GAlYN8k8m6GI7J48wOZAPfFkQt336irTJVWX25kuZrk16TFqaeYje8Ihv3RKwj6zD1dTCO9JIWjL8M6DRaW2fg8RZ9Q,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduVOkusfpweRWxl0E7aA_aREbxOAdewijyOCnIK6GAlYN8k8m6GI7J48wOZAPfFkQt336irTJVWX25kuZrk16TFqaeYje8Ihv3RKwj6zD1dTCO9JIWjL8M6DRaW2fg8RZ9Q,,&q={searchTerms}),,[a97fd4d28902e74fa7278afa37cdbb45] Folders: 1 PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons, , [4bdd4b5b731875c10d933e673bc7c43c], Files: 10 Trojan.Agent.MSIL, C:\Users\mourad\AppData\Local\Vilafase.exe, , [37f12b7bdeada88e0325ef3ade234db3], PUP.Optional.Linkury, C:\Windows\temp\tmp63FF.tmp, , [8a9e4066eba039fd4f3b45e3c839db25], PUP.Optional.Linkury, C:\Windows\temp\tmpA16D.tmp, , [56d2bde95635b383fd8dca5e5aa7b947], Trojan.Agent.MSIL, C:\Windows\System32\config\systemprofile\AppData\Local\Zoneron, , [be6aeeb8c0cbc3730325ff2a09f813ed], PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_NimZap, , [da4e24823853ec4a51c7c5370201867a], PUP.Optional.LSHAREit.Trace, C:\awhABC8.tmp, , [4ddbbde97615191de8389176ee165da3], PUP.Optional.LSHAREit.Trace, C:\awhB70E.tmp, , [9b8d515577147bbb66ba947311f30ff1], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\ff.HP, , [4bdd4b5b731875c10d933e673bc7c43c], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\ff.NT, , [4bdd4b5b731875c10d933e673bc7c43c], PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\snp.sc, , [4bdd4b5b731875c10d933e673bc7c43c], Physical Sectors: 0 (No malicious items detected) (end)