cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.6.0.0 (x64) [Apr 17 2015] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarrage : Mode normal
Utilisateur : olivier [Droits d'admin]
Démarré depuis : D:\Downloads\RogueKillerX64_old.exe
Mode : Suppression -- Date : 04/27/2015 00:53:38

¤¤¤ Processus malicieux : 11 ¤¤¤
[PUP|VT.PUP.Optional.Protect] ProtectWindowsManager.exe(1320) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[7]VT(31) -> TUÉ [TermProc]
[VT.PUP.Optional.XTab.A] ProtectService.exe(1796) -- C:\Program Files (x86)\XTab\ProtectService.exe[7]VT(35) -> TUÉ [TermProc]
[Suspicious.Path|VT.PUP.Optional.Core.A] mmvr.exe(1100) -- c:\windows\mmvr.exe[-]VT(15) -> TUÉ [TermProc]
[Suspicious.Path|VT.PUP.Optional.Core.A] mvr.exe(744) -- c:\windows\mvr.exe[-]VT(23) -> TUÉ [TermProc]
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Eorezo.fkz] upmbot_fr_602.exe(3848) -- C:\Users\olivier\AppData\Local\mbot_fr_602\upmbot_fr_602.exe[7]VT(27) -> TUÉ [TermProc]
[Suspicious.Path|VT.Unknown] Download Happy - Pharrell Williams.mp3 256kbps [Ashu007] Torrent - KickassTorrents.exe(6980) -- C:\ProgramData\{c0bccee2-a190-27e9-c0bc-ccee2a193b8a}\Download Happy - Pharrell Williams.mp3 256kbps [Ashu007] Torrent - KickassTorrents.exe[-] -> TUÉ [TermProc]
[Suspicious.Path|VT.Unknown] Pharrell Williams - Happy.exe(2920) -- C:\ProgramData\{86598a28-82b0-169b-8659-98a2882b28a2}\Pharrell Williams - Happy.exe[-] -> TUÉ [TermProc]
[Suspicious.Path|VT.Unknown] Pharrell Williams.exe(3320) -- C:\ProgramData\{88dc1f38-140d-d9a7-88dc-c1f381407ce0}\Pharrell Williams.exe[-] -> TUÉ [TermProc]
[VT.not-a-virus:AdWare.Win32.Eorezo.fkz] mbot_fr_602.exe(4568) -- C:\Program Files (x86)\mbot_fr_602\mbot_fr_602.exe[7]VT(24) -> TUÉ [TermProc]
[Suspicious.Path|VT.PUP.Optional.Core.A] (SVC) mmvr -- c:\windows\mmvr.exe[-] -> STOPPÉ
[Suspicious.Path|VT.PUP.Optional.Core.A] (SVC) mvr -- c:\windows\mvr.exe[-] -> STOPPÉ

¤¤¤ Entrées de registre : 25 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> SUPPRIMÉ
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Boxore Client : C:\Program Files (x86)\Boxore\Boxore Client\boxore.exe [-] -> SUPPRIMÉ
[Suspicious.Path|VT.not-a-virus:AdWare.Win32.Eorezo.fkz] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | upmbot_fr_602.exe : C:\Users\olivier\AppData\Local\mbot_fr_602\upmbot_fr_602.exe -runonce [7][x] -> SUPPRIMÉ
[Suspicious.Path|VT.PUP.Optional.Core.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mmvr (c:\windows\mmvr.exe) -> SUPPRIMÉ
[Suspicious.Path|VT.PUP.Optional.Core.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mvr (c:\windows\mvr.exe) -> SUPPRIMÉ
[PUP|VT.PUP.Optional.SoftwareUpdate.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /svc) -> SUPPRIMÉ
[PUP|VT.PUP.Optional.SoftwareUpdate.A] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Software_update_m (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /medsvc) -> SUPPRIMÉ
[PUP|Suspicious.Path|VT.PUP.Optional.Protect] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> SUPPRIMÉ
[Suspicious.Path|VT.PUP.Optional.Core.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mmvr (c:\windows\mmvr.exe) -> SUPPRIMÉ
[Suspicious.Path|VT.PUP.Optional.Core.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvr (c:\windows\mvr.exe) -> SUPPRIMÉ
[PUP|VT.PUP.Optional.SoftwareUpdate.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Software_update (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /svc) -> SUPPRIMÉ
[PUP|VT.PUP.Optional.SoftwareUpdate.A] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Software_update_m (C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /medsvc) -> SUPPRIMÉ
[PUP|Suspicious.Path|VT.PUP.Optional.Protect] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> SUPPRIMÉ
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.luckysearches.com/?type=hppp&ts=1429739447&from=45e&uid=HFS128G38MNB-2200A_EI47N01461010733M -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.luckysearches.com/?type=hppp&ts=1429739447&from=45e&uid=HFS128G38MNB-2200A_EI47N01461010733M -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.luckysearches.com/web/?type=dspp&ts=1429739447&from=45e&uid=HFS128G38MNB-2200A_EI47N01461010733M&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.luckysearches.com/web/?type=dspp&ts=1429739447&from=45e&uid=HFS128G38MNB-2200A_EI47N01461010733M&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.luckysearches.com/web/?type=ds&ts=1429739427&from=45e&uid=HFS128G38MNB-2200A_EI47N01461010733M&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.luckysearches.com/web/?type=ds&ts=1429739427&from=45e&uid=HFS128G38MNB-2200A_EI47N01461010733M&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3559894120-976512054-2502237121-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Fichiers : 3 ¤¤¤
[Suspicious.Path|VT.Unknown][Fichier] Download Happy - Pharrell Williams.mp3 256kbps [Ashu007] Torrent - KickassTorrents.lnk -- C:\Users\olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Happy - Pharrell Williams.mp3 256kbps [Ashu007] Torrent - KickassTorrents.lnk [LNK@] C:\PROGRA~3\{C0BCC~1\DOWNLO~1.EXE --startup=1 -> SUPPRIMÉ
[Suspicious.Path|VT.Unknown][Fichier] Pharrell Williams - Happy.lnk -- C:\Users\olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pharrell Williams - Happy.lnk [LNK@] C:\PROGRA~3\{86598~1\PHARRE~1.EXE --startup=1 -> SUPPRIMÉ
[Suspicious.Path|VT.Unknown][Fichier] Pharrell Williams.lnk -- C:\Users\olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pharrell Williams.lnk [LNK@] C:\PROGRA~3\{88DC1~1\PHARRE~1.EXE --startup=1 -> SUPPRIMÉ

¤¤¤ Fichier HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: CHARGE) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[IE:Addon] System : McAfee SiteAdvisor Toolbar [{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}] -> SUPPRIMÉ

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: HFS128G38MNB-2200A +++++
--- User ---
[MBR] 260d98c902f5c81381b2a5108d3853f8
[BSP] 72070104d515e1171d36db6a2399f58a : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1490944 | Size: 1024 MB
4 - Basic data partition | Offset (sectors): 3588096 | Size: 120347 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HGST HTS541010A7E630 +++++
--- User ---
[MBR] 319ea3148c793336f31335eeb6d4020a
[BSP] 26a7e697c72344595d128b574db7f5bc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 892428 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1827694592 | Size: 61440 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SDHC Card +++++
--- User ---
[MBR] 756010b46d37bea15167262a11145a4d
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 15189 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


============================================
RKreport_SCN_04262015_233341.log

Publicité


Signaler le contenu de ce document

Publicité