Laboratoire antivirus Avira

PUA/SecurityReviver.EL.2

  • Nom
    PUA/SecurityReviver.EL.2
  • La date de la découverte
    11 sept. 2017
  • Type
    Potential Unwanted Application
  • Impact
    Faible 
  • Infections signalées
    Élevé 
  • Système d'exploitation
    Windows
  • Version VDF
    7.14.27.34 (2017-09-11 13:08)

Cette classe d'indicateurs de détection, applications potentiellement indésirables (PUA), peut nuire à la vie privée de l'utilisateur et à la sécurité du système local. Il s'agit d'applications légitimes qui tentent souvent d'utiliser l'ingénierie sociale pour inciter l'utilisateur à installer des offres supplémentaires au cours de l'installation du logiciel voulu initialement par l'utilisateur. Les logiciels, publicités ou sites Internet affichant l'un ou l'autre comportement et/ou propriétés répréhensibles sont classés en tant que PUA. Une liste complète des PUA est disponible sous http://www.avira.com/en/potentially-unwanted-applications. Cette détection ne signifie pas que le fichier est malveillant. Toutefois, si le fichier a été installé sur le système sans que l'utilisateur en soit informé, la vie privée de ce dernier ou la sécurité du système peuvent être en danger. Il n'est recommandé de désactiver cette détection qu'aux seuls utilisateurs avancés connaissant les risques et la façon d'utiliser ces applications.

  • VDF
    7.14.27.34 (2017-09-11 13:08)
  • Captures d'écran
  • Activité réseau
    • s2.s****.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D
    • sv.s****.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEEPKAhTPicpg8HWaxIzI43E%3D
  • Processus
    • %executed_sample_name%.exe
  • Fichiers
    Les fichiers suivants sont créés:
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %TEMPDIR%\Cab9CC7.tmp
    • %TEMPDIR%\Tar9CC8.tmp
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    Les fichiers suivants sont modifiés:
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    Les fichiers suivants sont supprimés:
    • %TEMPDIR%\Cab9CC7.tmp
    • %TEMPDIR%\Tar9CC8.tmp
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2336.27628968
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2336.27628968
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2336.27628968
    Les pilotes suivants sont chargés:
    • \Device\KsecDD
    • %APPDATA%\LocalLow
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll
    • %TEMPDIR%\%executed_sample%.config
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
    • %WINDIR%\assembly\NativeImages_v2.0.50727_32\index18f.dat
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
    • %SYSDIR%\en-US\WINHTTP.dll.mui
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_CC22B1AB635D142AB5956AF90DD3E252
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %SYSDIR%\l_intl.nls
    • %WINDIR%\assembly\pubpol17.dat
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    • %WINDIR%\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
    Les fichiers suivants sont exécutés:
    • \Device\KsecDD
    • %APPDATA%\LocalLow
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\clr.dll
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
    • %WINDIR%\Microsoft.NET\Framework\v4.0.30319\clr.dll
    • %TEMPDIR%\%executed_sample%.config
    • %TEMPDIR%\%executed_sample%
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
    • %APPDATA%\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
    • %WINDIR%\assembly\NativeImages_v2.0.50727_32\index18f.dat
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
    • %SYSDIR%\en-US\WINHTTP.dll.mui
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_38998BEE68CAF8DF5533DF24A6ADB2B2
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_CC22B1AB635D142AB5956AF90DD3E252
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ECF3006D44DA211141391220EE5049F4
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    • %APPDATA%\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    • %TEMPDIR%\Cab9C4F.tmp
    • %TEMPDIR%\Tar9C50.tmp
    • %SYSDIR%\l_intl.nls
    • %WINDIR%\assembly\pubpol17.dat
    • %WINDIR%\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
    • %WINDIR%\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
    • %WINDIR%\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
  • Registre
    Les entrées de registre suivantes sont ajoutées:
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\8c\52C64B7E
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\8C\52C64B7E ("LanguageList": "en-USen") ("@%SystemRoot%\system32\p2pcollab.dll,-8042": "Peer to Peer Trust") ("@%SystemRoot%\system32\qagentrt.dll,-10": "System Health Authentication") ("@%SystemRoot%\system32\dnsapi.dll,-103": "Domain Name System (DNS) Server Trust") ("@%SystemRoot%\System32\fveui.dll,-843": "BitLocker Drive Encryption") ("@%SystemRoot%\System32\fveui.dll,-844": "BitLocker Data Recovery Agent") ("@%SystemRoot%\System32\wuaueng.dll,-400": "Windows Update")
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
    • HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application ("AutoBackupLogFiles": "0x00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("mscorlib,2.0.0.0,,b77a5c561934e089,x86": "D½?+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "´ê°Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System,2.0.0.0,,b77a5c561934e089,MSIL": "t>…+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Xml,2.0.0.0,,b77a5c561934e089,MSIL": "!.ƒ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "àÒ;+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Data,2.0.0.0,,b77a5c561934e089,x86": "w¸ÈŽ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Design,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¬G/˜+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "]B+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,x86": "êû_Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86": "€îõ™+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL": "ûȃ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "DÁ™“+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "ܼ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "<,Þ¬êÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "זêÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¯U¡+‰Ë")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application ("AutoBackupLogFiles": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\29\52C64B7E ("LanguageList": "en-USen")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing ("State": "146432")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": "")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": " 'œÖRÄâR¿¾R¬r"×r›¤ Œúžmž[¹N¯ñ TMicrosoft Root Certificate Authority 2011b „}ö§„—”?'ürë“ù¦72 µaЩ èzxí|ar-:1C¹Náê§Ç1Ñ#‰4î¶(Ö¥™HيMÝhaÀi0  +‚7<C(ŠÒró;o±B„…ê0À¼þ ñ0‚í0‚Õ ?‹ÈµüŸ²–CµiÖlBáD0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110 110322220528Z 360322221304Z0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110‚"0  *†H†÷ ‚0‚ ‚²€Aª58Mr2h"M¸²ñÿÕR¼lÇõÒJŒ6îÑÂ\~ŒŠ®¯(oÀsã:ÎÐ%¨Z:m器Y«#hÍ )‡Ño€\D]RX¬QÅ_*‡ÜÜØ Á¹{°Vè£Þdažøó|¹ì µTþL¶eOˆðœH™ B |1Yyx(‰:L%¾qj\ ç„`¤™"ãÒ¯„¤§ûÑ˜í ©Þ”‰á ÜÀΙ=êR»Vy䄺¸´ÄI\O1K‡ÝÝg&™€àq£¸¥Aâ¤S¹÷2)ƒ ¿6^³KCG/kâ‘ӘOÝBÈèü™©k>’~ÈÖi:üd½¶ Êý ¢›w`K”¤0iÖB-ÁALÊܪý[ƒFšÙü±Ñã³ÉHzÍ$ðA\tЬ° I·Ç-!ÈWãІóhûÐÎqÁ‰™Jdlýì0‘ÏA<’Ç庆a„Ç_ƒ9b®´’/Gó øUë Yлt›Ðvæòé×èúdÞiÆ5–ˆðF¸?'™oËq‰)5÷H5Õy|MÏ_늃OEqˆù© NréœÏINcQŒ^ØÁU,¶ÆàÂeNÉ49õœ³Ä~èan_Ä_Ù~íÎîDìË.†±ì8öpí«\ÁÙ ǀ²Uí4÷¬›äÃÚçG<¦µ1ßÅK¯ëñ£Q0O0 U†0Uÿ0ÿ0Ur-:1C¹Náê§Ç1Ñ#‰40 +‚70  *†H†÷  ‚rÏ·ÅۛÀIÊ&[þžæÓðÒۗ_òK?M³®®íח ¬ï©:£ÂA°å¸‘ž$æ ý?W@9!$VÑ/K@©6†K´SWšûñ~‰þlQªèí •µåqÉ¡é‡u¦É~7T^t“ÅÃgÌ Ok¨ m’~‹Ýª-p!Ã=»¿$^§„×?!"½KۗØ^ÔÅ \‡nP¤èÃ8¤ûË,Œf›…^Ëzl“|€)X[Wµ@iºy¦db‡–Eµf# ‹s Ó¢y3àPY†Û/å%ês*ŸÈ6ǒ;éNìØV ¹3IÒT «¬G¶‘)}L´u€RèʂöŸÌ¬œê/&°«r¬ þžQÇCUgOQ³WÖ¶ìîR·:éNáׁˆ¼OŽu»K¨ð5ª&ÔggI²pL;“Üßx†r²8¤ÑܒMÉXë+\Ô;®Œk°ƒå?ø 2ö“54"¯Ý7 w €+ÍHñŒ™GéÑ¿ÑNÐæ(C7™¤ JٚqsÒªÍ1cv¡7o’8}<f2çËmáüR‰ÝÊÖfš–a¾¢(Ç£§6P<:¤ßJnæ‡;Îëðà7<RŽ½¹4ÆÕ j=˜)pŒ‰*Ñ«‚HÜôï¥Å»U8c„N·l­•Tìe"I¸ÀǬTG")
    Les entrées de registre suivantes sont modifiées:
    • HKEY_CLASSES_ROOT\Local Settings\MuiCache\8C\52C64B7E ("LanguageList": "en-USen") ("@%SystemRoot%\system32\p2pcollab.dll,-8042": "Peer to Peer Trust") ("@%SystemRoot%\system32\qagentrt.dll,-10": "System Health Authentication") ("@%SystemRoot%\system32\dnsapi.dll,-103": "Domain Name System (DNS) Server Trust") ("@%SystemRoot%\System32\fveui.dll,-843": "BitLocker Drive Encryption") ("@%SystemRoot%\System32\fveui.dll,-844": "BitLocker Data Recovery Agent") ("@%SystemRoot%\System32\wuaueng.dll,-400": "Windows Update")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application ("AutoBackupLogFiles": "0x00000000")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("mscorlib,2.0.0.0,,b77a5c561934e089,x86": "D½?+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web.Services,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "´ê°Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System,2.0.0.0,,b77a5c561934e089,MSIL": "t>…+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Xml,2.0.0.0,,b77a5c561934e089,MSIL": "!.ƒ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "àÒ;+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Data,2.0.0.0,,b77a5c561934e089,x86": "w¸ÈŽ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Design,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¬G/˜+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.DirectoryServices,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "]B+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.EnterpriseServices,2.0.0.0,,b03f5f7f11d50a3a,x86": "êû_Ž+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86": "€îõ™+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL": "ûȃ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "DÁ™“+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "ܼ+‰Ë")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "<,Þ¬êÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "זêÉ")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default ("System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL": "¯U¡+‰Ë")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application ("AutoBackupLogFiles": "0")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver ("EventMessageFile": "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll")
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Security Reviver
    • HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\29\52C64B7E ("LanguageList": "en-USen")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing ("State": "146432")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": "")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE ("Blob": " 'œÖRÄâR¿¾R¬r"×r›¤ Œúžmž[¹N¯ñ TMicrosoft Root Certificate Authority 2011b „}ö§„—”?'ürë“ù¦72 µaЩ èzxí|ar-:1C¹Náê§Ç1Ñ#‰4î¶(Ö¥™HيMÝhaÀi0  +‚7<C(ŠÒró;o±B„…ê0À¼þ ñ0‚í0‚Õ ?‹ÈµüŸ²–CµiÖlBáD0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110 110322220528Z 360322221304Z0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20110‚"0  *†H†÷ ‚0‚ ‚²€Aª58Mr2h"M¸²ñÿÕR¼lÇõÒJŒ6îÑÂ\~ŒŠ®¯(oÀsã:ÎÐ%¨Z:m器Y«#hÍ )‡Ño€\D]RX¬QÅ_*‡ÜÜØ Á¹{°Vè£Þdažøó|¹ì µTþL¶eOˆðœH™ B |1Yyx(‰:L%¾qj\ ç„`¤™"ãÒ¯„¤§ûÑ˜í ©Þ”‰á ÜÀΙ=êR»Vy䄺¸´ÄI\O1K‡ÝÝg&™€àq£¸¥Aâ¤S¹÷2)ƒ ¿6^³KCG/kâ‘ӘOÝBÈèü™©k>’~ÈÖi:üd½¶ Êý ¢›w`K”¤0iÖB-ÁALÊܪý[ƒFšÙü±Ñã³ÉHzÍ$ðA\tЬ° I·Ç-!ÈWãІóhûÐÎqÁ‰™Jdlýì0‘ÏA<’Ç庆a„Ç_ƒ9b®´’/Gó øUë Yлt›Ðvæòé×èúdÞiÆ5–ˆðF¸?'™oËq‰)5÷H5Õy|MÏ_늃OEqˆù© NréœÏINcQŒ^ØÁU,¶ÆàÂeNÉ49õœ³Ä~èan_Ä_Ù~íÎîDìË.†±ì8öpí«\ÁÙ ǀ²Uí4÷¬›äÃÚçG<¦µ1ßÅK¯ëñ£Q0O0 U†0Uÿ0ÿ0Ur-:1C¹Náê§Ç1Ñ#‰40 +‚70  *†H†÷  ‚rÏ·ÅۛÀIÊ&[þžæÓðÒۗ_òK?M³®®íח ¬ï©:£ÂA°å¸‘ž$æ ý?W@9!$VÑ/K@©6†K´SWšûñ~‰þlQªèí •µåqÉ¡é‡u¦É~7T^t“ÅÃgÌ Ok¨ m’~‹Ýª-p!Ã=»¿$^§„×?!"½KۗØ^ÔÅ \‡nP¤èÃ8¤ûË,Œf›…^Ëzl“|€)X[Wµ@iºy¦db‡–Eµf# ‹s Ó¢y3àPY†Û/å%ês*ŸÈ6ǒ;éNìØV ¹3IÒT «¬G¶‘)}L´u€RèʂöŸÌ¬œê/&°«r¬ þžQÇCUgOQ³WÖ¶ìîR·:éNáׁˆ¼OŽu»K¨ð5ª&ÔggI²pL;“Üßx†r²8¤ÑܒMÉXë+\Ô;®Œk°ƒå?ø 2ö“54"¯Ý7 w €+ÍHñŒ™GéÑ¿ÑNÐæ(C7™¤ JٚqsÒªÍ1cv¡7o’8}<f2çËmáüR‰ÝÊÖfš–a¾¢(Ç£§6P<:¤ßJnæ‡;Îëðà7<RŽ½¹4ÆÕ j=˜)pŒ‰*Ñ«‚HÜôï¥Å»U8c„N·l­•Tìe"I¸ÀǬTG")
    Les valeurs des clés de registre suivantes sont supprimées:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
  • Alias
    Avast: Win32:SecurityReviver-A
    ESET: MSIL/UwS.SecurityReviver.A application
    G Data: Adware.GenericKD.5523396

Aidez-nous à rendre le Web plus sûr en nous envoyant les fichiers/URL suspect(e)s pour analyse.

Envoyer votre fichier/URL ou Aller à Avira Answers

Pourquoi nous envoyer un fichier suspect ?

Si vous avez trouvé un fichier ou un site Internet suspect qui ne figure pas dans notre base de données, nous l'analyserons pour déterminer s'il est nuisible. Les résultats de nos recherches seront partagés avec nos millions d'utilisateurs lors de la prochaine mise à jour de la base de données de virus. Si vous utilisez Avira, vous obtiendrez également cette mise à jour. Vous n'avez pas Avira ? Téléchargez-le sur notre page d'accueil.

Qu'est-ce qu'Avira Answers ?

Il s'agit de notre communauté grandissante d'experts techniques et de spécialistes à temps partiel qui s'entraident pour résoudre les problèmes techniques. C'est l'endroit idéal pour poser vos questions aux autres utilisateurs de la communauté Avira.