cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.6.1.0 [Apr 24 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Démarré en : Mode normal
Utilisateur : Soprano [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/27/2015 23:12:44

¤¤¤ Processus : 1 ¤¤¤
[PUP] (SVC) F06DEFF2-5B9C-490D-910F-35D3A91196222 -- \??\C:\Program Files\Music App\Datamngr\setmgrc3.cfg[7] -> ERROR [41c]

¤¤¤ Registre : 53 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (C:\Program Files\Speed Test 127\ScriptHost.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7} (C:\Program Files\Free Games 111\ButtonSite.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{282b0e54-8981-49eb-9193-5910a1f6fd33} (C:\PROGRA~1\Music Toolbar\Datamngr\SRToolBar\IE\searchresultsDx.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{44CBC005-6243-4502-8A02-3A096A282664} ("C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E} ("C:\Program Files\Speed Test 127\BackgroundHost.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1} ("C:\Program Files\AskPartnerNetwork\Toolbar\ToolbarPS.dll") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{9b4cd9e7-9c3f-4092-9da8-4f0dfebb1c9e} (C:\Program Files\sizlsearch\sizlsearchbho.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{9B7B034B-944A-4261-B487-862F642F7615} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8} (C:\Program Files\Free Games 111\ScriptHost.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9} (C:\Program Files\Free Games 111\ScriptHost.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} ("C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF} (C:\Program Files\Speed Test 127\ButtonSite.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B} ("C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8} ("C:\Program Files\Hide My IP\HideMyIpSrv.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5} (C:\Program Files\Speed Test 127\ScriptHost.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} (C:\Program Files\Speed Test 127\ScriptHost.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{282b0e54-8981-49eb-9193-5910a1f6fd33} (C:\PROGRA~1\Music Toolbar\Datamngr\SRToolBar\IE\searchresultsDx.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b4cd9e7-9c3f-4092-9da8-4f0dfebb1c9e} (C:\Program Files\sizlsearch\sizlsearchbho.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45EC9F0-8333-465D-9728-074BD41985C9} (C:\Program Files\Free Games 111\ScriptHost.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DatamngrCoordinator (C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222 (\??\C:\Program Files\Music App\Datamngr\setmgrc3.cfg) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPTools (C:\Users\Soprano\AppData\Local\Temp\Rar$EX00.420\iptools.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DatamngrCoordinator (C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222 (\??\C:\Program Files\Music App\Datamngr\setmgrc3.cfg) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPTools (C:\Users\Soprano\AppData\Local\Temp\Rar$EX00.420\iptools.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DatamngrCoordinator (C:\Program Files\Music App\Datamngr\DatamngrCoordinator.exe) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A91196222 (\??\C:\Program Files\Music App\Datamngr\setmgrc3.cfg) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IPTools (C:\Users\Soprano\AppData\Local\Temp\Rar$EX00.420\iptools.exe) -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3348949016-3033623242-3179686956-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?o=APN10653A&gct=hp&d=1-1157&v=a15946-407&t=4 -> Trouvé(e)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> Trouvé(e)
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.Brenz.pl

¤¤¤ Antirootkit : 12 (Driver: Chargé) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x856e61f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x856e61f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x856e61f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x856e61f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x856e61f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x856e61f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x856e61f8
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryInformationProcess : Unknown @ 0x7ffa65aa (call 0x8cf111a|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtDeviceIoControlFile : Unknown @ 0x7ffa67ed (call 0x8cf1b4d)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenFile : Unknown @ 0x7ffa6552 (call 0x8cf1432|jmp 0xffffffffffffff7b|call 0xffffffffffffff9b)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateFile : Unknown @ 0x7ffa64cd (call 0x8cf1abd|call 0xffffffffffffff9b|call 0x5)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateUserProcess : Unknown @ 0x7ffa6576 (call 0x8cf19b6|call 0x8|call 0x5)

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUP][IE:Addon] System : Music Toolbar (Dist. by iMesh, Inc.) [{282b0e54-8981-49eb-9193-5910a1f6fd33}] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 82291ff3d9b15cee3edf819d06cc454b
[BSP] a8658a1ef9bc462866b20295625fc60b : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 51100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 104861694 | Size: 254040 MB
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité