cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.5.1.0 [Mar 5 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7600 ) 64 bits version
Démarré en : Mode normal
Utilisateur : HELLTRITTON [Administrateur]
Démarré depuis : C:\Users\HELLTRITTON\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/08/2015 20:50:42

¤¤¤ Processus : 4 ¤¤¤
[Suspicious.Path] ProtectWindowsManager.exe(1600) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] jnsoF18F.tmp(2364) -- C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\jnsoF18F.tmp[-] -> Tué(e) [TermProc]
[Suspicious.Path] LolliScan.exe(2748) -- C:\ProgramData\LolliScan\LolliScan.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] nsoB9C7.tmpfs(4064) -- C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\nsoB9C7.tmpfs[-] -> Tué(e) [TermProc]

¤¤¤ Registre : 21 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hebeceku (C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\jnsoF18F.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LolliScan (C:\ProgramData\LolliScan\LolliScan.exe) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wyrigeqi (C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\nsoB9C7.tmpfs) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hebeceku (C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\jnsoF18F.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LolliScan (C:\ProgramData\LolliScan\LolliScan.exe) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wyrigeqi (C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\nsoB9C7.tmpfs) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hebeceku (C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\jnsoF18F.tmp) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LolliScan (C:\ProgramData\LolliScan\LolliScan.exe) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wyrigeqi (C:\Users\HELLTRITTON\AppData\Roaming\39464E43-1425035739-4B34-4D42-00238B9617DC\nsoB9C7.tmpfs) -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.sweet-page.com/web/?type=ds&ts=1425301620&from=cor&uid=ST9250827AS_5RG81V6C&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.sweet-page.com/web/?type=ds&ts=1425301620&from=cor&uid=ST9250827AS_5RG81V6C&q={searchTerms} -> Trouvé(e)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)

¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] \\BFLSZZTG -- "C:\ProgramData\caffa587bbb14852bedfcfa1bdbb8d19\caffa587bbb14852bedfcfa1bdbb8d19.exe" -> Trouvé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000036b]) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST9250827AS ATA Device +++++
--- User ---
[MBR] 3031222273df575673b5368673bc1a01
[BSP] c6d8b0dad9eddfc1ee09925eafbeedee : HP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST9250827AS ATA Device +++++
--- User ---
[MBR] 9239fda8aa21661a4e16304bfe03115f
[BSP] 5f0ca26c9debed7f0686789ae74c1843 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité