Format du document : text/plain
Prévisualisation
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 17/12/2015
Scan Time: 18:00:25
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.12.17.04
Rootkit Database: v2014.11.18.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: mourad
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343225
Time Elapsed: 12 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 10
Trojan.Agent.MSIL, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\entdtwojozuuaate, , [37f12b7bdeada88e0325ef3ade234db3],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, , [df4962448a014ee86d2df2dc05fe0ef2],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_NimZap, , [5fc9a2045d2e1125d843976540c331cf],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [ae7aeeb8f3985fd778718448ad56827e],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtSaophase, , [e444d0d63b50f0465eea1e8d35cd6f91],
PUP.Optional.WikiSearchMe, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fcgnigmofekcllgbiejhmigggmgehkip, , [c3658c1a2d5e40f62575498553b0817f],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [2ff9574fec9fbd799257a428d3302cd4],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, , [98904d59107b34025878961460a20cf4],
PUP.Optional.Linkury, HKU\S-1-5-21-212472963-4267902375-3941050132-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mtAirron, , [9c8cb3f3474477bf5b07f41356ae53ad],
PUP.Optional.Linkury, HKU\S-1-5-21-212472963-4267902375-3941050132-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mtSaophase, , [8f99aef84e3d0e280c362b80946e52ae],
Registry Values: 2
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduVOkusfpweRWxl0E7aA_aREbxOAdewijyOCnIK6GAlYN8k8m6GI7J48wOZAPfFkQt336irTJVWX25kuZrk16TFqaeYje8Ihv3RKwj6zD1dTCO9JIWjL8M6DRaW2fg8RZ9Q,,&q={searchTerms}, , [a088a501513ac76f74fcb6c907fce41c]
PUP.Optional.Linkury, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=defaultap&co=DZ&userid=ef8332bb-b482-3754-9a68-2a74c9bec455&searchtype=sc&installDate=&barcodeid=50014999&channelid=999, , [ac7c7432a0eb0d29da5e9f04c73c926e]
Registry Data: 3
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),,[5dcbc0e6ec9f79bd8f43fe866d9702fe]
Hijack.Shell, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, explorer.exe, "C:\Users\mourad\AppData\Roaming\Microsoft\Windows\Templates\O41414Z\TuxO41414Z.exe", Good: (Explorer.exe), Bad: (explorer.exe, "C:\Users\mourad\AppData\Roaming\Microsoft\Windows\Templates\O41414Z\TuxO41414Z.exe"),,[ad7b04a27f0ce74f9a927d01c83c8c74]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-212472963-4267902375-3941050132-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduVOkusfpweRWxl0E7aA_aREbxOAdewijyOCnIK6GAlYN8k8m6GI7J48wOZAPfFkQt336irTJVWX25kuZrk16TFqaeYje8Ihv3RKwj6zD1dTCO9JIWjL8M6DRaW2fg8RZ9Q,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyub11ECQdQoyJIduVOkusfpweRWxl0E7aA_aREbxOAdewijyOCnIK6GAlYN8k8m6GI7J48wOZAPfFkQt336irTJVWX25kuZrk16TFqaeYje8Ihv3RKwj6zD1dTCO9JIWjL8M6DRaW2fg8RZ9Q,,&q={searchTerms}),,[a97fd4d28902e74fa7278afa37cdbb45]
Folders: 1
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons, , [4bdd4b5b731875c10d933e673bc7c43c],
Files: 10
Trojan.Agent.MSIL, C:\Users\mourad\AppData\Local\Vilafase.exe, , [37f12b7bdeada88e0325ef3ade234db3],
PUP.Optional.Linkury, C:\Windows\temp\tmp63FF.tmp, , [8a9e4066eba039fd4f3b45e3c839db25],
PUP.Optional.Linkury, C:\Windows\temp\tmpA16D.tmp, , [56d2bde95635b383fd8dca5e5aa7b947],
Trojan.Agent.MSIL, C:\Windows\System32\config\systemprofile\AppData\Local\Zoneron, , [be6aeeb8c0cbc3730325ff2a09f813ed],
PUP.Optional.Linkury.ShrtCln, C:\Windows\System32\Tasks\psv_NimZap, , [da4e24823853ec4a51c7c5370201867a],
PUP.Optional.LSHAREit.Trace, C:\awhABC8.tmp, , [4ddbbde97615191de8389176ee165da3],
PUP.Optional.LSHAREit.Trace, C:\awhB70E.tmp, , [9b8d515577147bbb66ba947311f30ff1],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\ff.HP, , [4bdd4b5b731875c10d933e673bc7c43c],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\ff.NT, , [4bdd4b5b731875c10d933e673bc7c43c],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\snp.sc, , [4bdd4b5b731875c10d933e673bc7c43c],
Physical Sectors: 0
(No malicious items detected)
(end)