cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.7.0.0 [May 25 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Démarré en : Mode normal
Utilisateur : Mazi [Administrateur]
Démarré depuis : C:\Users\Mazi\AppData\Local\Opera\Opera\temporary_downloads\RogueKiller.exe
Mode : Scan -- Date : 05/27/2015 21:35:54

¤¤¤ Processus : 19 ¤¤¤
[Suspicious.Path] nse4AA1.tmp(1836) -- C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp[-] -> Tué(e) [TermProc]
[Suspicious.Path] jnsdEC71.tmp(1880) -- C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp[-] -> Tué(e) [TermProc]
[Suspicious.Path] ajeevale.exe(2752) -- C:\ProgramData\Ruussiafkabar\1.0.1.0\ajeevale.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] ajeevale.exe(2980) -- C:\ProgramData\Ruussiafkabar\1.0.1.0\ajeevale.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] nsg346B.tmp(2804) -- C:\Users\Mazi\AppData\Local\Temp\nsg346B.tmp[-] -> Tué(e) [TermProc]
[Suspicious.Path] upgmsd_fr_579.exe(3220) -- C:\Users\Mazi\AppData\Local\gmsd_fr_579\upgmsd_fr_579.exe[7] -> Tué(e) [TermProc]
[PUP] ProtectWindowsManager.exe(3588) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[7] -> Tué(e) [TermProc]
[PUP] ProtectService.exe(3896) -- C:\Program Files\XTab\ProtectService.exe[7] -> Tué(e) [TermProc]
[PUP] CmdShell.exe(904) -- C:\Program Files\XTab\cmdshell.exe[7] -> Tué(e) [TermProc]
[PUP] HPNotify.exe(3976) -- C:\Program Files\XTab\HPNotify.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] Selection Tools.exe(4796) -- C:\Users\Mazi\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] nsqE7BD.tmp(420) -- C:\Users\Mazi\AppData\Local\Temp\nsqE7BD.tmp[-] -> Tué(e) [TermProc]
[PUP] bobrowser.exe(2620) -- C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe[7] -> Tué(e) [TermProc]
[PUP] bobrowser.exe(4772) -- C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe[7] -> Tué(e) [TermThr]
[PUP] bobrowser.exe(4812) -- C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe[7] -> Tué(e) [TermThr]
[PUP] bobrowser.exe(3960) -- C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe[7] -> Tué(e) [TermThr]
[PUP] bobrowser.exe(4388) -- C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe[7] -> Tué(e) [TermThr]
[PUP] bobrowser.exe(4764) -- C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe[7] -> Tué(e) [TermThr]
[PUP] explorer.exe(2488) -- C:\Program Files\XTab\SupTab.dll[7] -> Déchargé(e)

¤¤¤ Registre : 76 ¤¤¤
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_F_9BDE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_G_2AF7\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_F_9BDE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} -> Trouvé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_G_2AF7\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC} -> Trouvé(e)
[Suspicious.Path] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C4E8F8D-08D7-41C1-A172-E44D66813EE3} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CF15BC1-148A-5A93-BE98-86AB82C567FD} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E634117B-33A8-4C70-8210-198010F03834} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949} -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023} -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {ECDEE021-0D17-467F-A1FF-C7A115230949} : -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EF79F67A-6AD7-4715-A0F8-932FCA442023} : -> Trouvé(e)
[PUP] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} : -> Trouvé(e)
[PUP] HKEY_USERS\RK_mazi_ON_F_5F93\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {ECDEE021-0D17-467F-A1FF-C7A115230949} : -> Trouvé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EF79F67A-6AD7-4715-A0F8-932FCA442023} : -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} : -> Trouvé(e)
[PUP] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {CA3EB689-8F09-4026-AA10-B9534C691CE0} : -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {CA3EB689-8F09-4026-AA10-B9534C691CE0} : -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Run | WindApp : "C:\Users\Mazi\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup [x][x] -> Trouvé(e)
[Suspicious.Path] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Run | Selection Tools : "C:\Users\Mazi\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup [7][x] -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Run | BoBrowser : "C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-server [7][x] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | upgmsd_fr_579.exe : C:\Users\Mazi\AppData\Local\gmsd_fr_579\upgmsd_fr_579.exe -runonce [7][x] -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IHProtect Service (C:\Program Files\XTab\ProtectService.exe) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nibiwigi (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nugilevu (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp) -> Trouvé(e)
[PUP|Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IHProtect Service (C:\Program Files\XTab\ProtectService.exe) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nibiwigi (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nugilevu (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp) -> Trouvé(e)
[PUP|Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nibiwigi (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nugilevu (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp) -> Trouvé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Trouvé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50125;https=127.0.0.1:50125 -> Trouvé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.oursurfing.com/?type=hp&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.oursurfing.com/?type=hp&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2 -> Trouvé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.oursurfing.com/?type=hp&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2 -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.oursurfing.com/?type=hp&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2 -> Trouvé(e)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.oursurfing.com/web/?type=ds&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.oursurfing.com/web/?type=ds&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : -> Trouvé(e)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.oursurfing.com/web/?type=ds&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.oursurfing.com/web/?type=ds&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2&q={searchTerms} -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_F_9BDE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_F_9BDE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_G_2AF7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_G_2AF7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : c:\programdata\lolliscan\lolliscan32.dll [x] -> Trouvé(e)

¤¤¤ Tâches : 37 ¤¤¤
[Suspicious.Path] AmiUpdXp.job -- C:\Users\Mazi\AppData\Local\29883\Updater.exe -> Trouvé(e)
[Suspicious.Path] uOuYabFkSVHO5H6nthtPMK.job -- C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK.exe (--c=vJKsVpkREj+1bCmz/aVjGZSmwvnGCis5WV+vz7ifs32LkemQW5TEvkwrPh2keOYsB85j9Z1Rrv5POf5VG7zePrVbuMcSTXKrKxRk8bp49UPlZXvPOoNm8VCys3WPkaH5bzWjgXrgFk73IUHNBuac60CPfB9DTW/4eJL5Rez7duVnOXSgA8ApzqQXbW8QGl45KTASA5+Ku/ud5pAyxTwy++59zHVazuU+bhAb2OGsNXvKIp1o44FEs0UTezcAKTvVRpddZ17JgL3sRG7kBFdhrwHIFA3HgdQUX3VLaMlFkW7DJktc7BEsUX9DIYQj2t4HEWZbb7q55w4oIUpObFEmhQ==) -> Trouvé(e)
[Suspicious.Path] \\AmiUpdXp -- C:\Users\Mazi\AppData\Local\29883\Updater.exe -> Trouvé(e)
[Suspicious.Path] \\At25 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At26 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At27 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At28 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At29 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At30 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At31 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At32 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At33 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At34 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At35 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At36 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At37 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At38 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At39 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At40 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At41 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At42 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At43 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At44 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At45 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At46 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At47 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\At48 -- C:\ProgramData\gl0ruxOC.exe_ -> Trouvé(e)
[Suspicious.Path] \\GlobalUpdate-ngyyy2vxm2tibwf -- C:\Users\Mazi\AppData\Roaming\ngyyy2vxm2tibwf\ngyyy2vxm2tibwf.exe -> Trouvé(e)
[Suspicious.Path] \\OMHVKGNRG -- "C:\ProgramData\99ddd194860b49de9c3d4fa67f327de5\99ddd194860b49de9c3d4fa67f327de5.exe" -> Trouvé(e)
[Suspicious.Path] \\PostPoneInstall -- C:\Users\Mazi\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe (C:\Users\Mazi\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe /INSTALL /dwlurl=http://dl.newstatsdemosrv.com/appsi/icinem/setup.exe /zdata=appinstanceuid%3d2805e9c8-96b6-4dfd-838c-70b3b153bc3e%26appkey%3d3c91fcc2-ce59-42b3-b901-f68079520898 /bagkey=6IoMfEXP --make-default-browser=true /configurationfields=117 /configid=7 -AppInstanceUid=2805E9C8-96B6-4DFD-838C-70B3B153BC3E) -> Trouvé(e)
[PUP] \\Run_Bobby_Browser -- "C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe" (--no-startup-window) -> Trouvé(e)
[Suspicious.Path] \\Ruussiafkabar -- "C:\ProgramData\Ruussiafkabar\1.0.1.0\ajeevale.exe" ("/e=L3A9MjI4MjAxXi91PTUzMTFiNGZlYTY5ZjRlNThhMDQ1ZWU0OWQyOGY4MDE2Xi9kPXRyYWNrYnJlYWtpbmduZXdzLmNvbV4vbj1ORVdTXi9hPUJyZWFraW5nTmV3c0FsZXJ0Xi90") -> Trouvé(e)
[Suspicious.Path] \\Selection Tools Update -- C:\Users\Mazi\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe (/T=86400) -> Trouvé(e)
[Suspicious.Path] \\SmartWeb Upgrade Trigger Task -- C:\Users\Mazi\AppData\Local\SmartWeb\SmartWebHelper.exe -> Trouvé(e)
[Suspicious.Path] \\TIVCWINL -- "C:\ProgramData\10311bf341d64c51bba171380dae5e03\10311bf341d64c51bba171380dae5e03.exe" -> Trouvé(e)
[Suspicious.Path] \\uOuYabFkSVHO5H6nthtPMK -- C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK.exe (--c=vJKsVpkREj+1bCmz/aVjGZSmwvnGCis5WV+vz7ifs32LkemQW5TEvkwrPh2keOYsB85j9Z1Rrv5POf5VG7zePrVbuMcSTXKrKxRk8bp49UPlZXvPOoNm8VCys3WPkaH5bzWjgXrgFk73IUHNBuac60CPfB9DTW/4eJL5Rez7duVnOXSgA8ApzqQXbW8QGl45KTASA5+Ku/ud5pAyxTwy++59zHVazuU+bhAb2OGsNXvKIp1o44FEs0UTezcAKTvVRpddZ17JgL3sRG7kBFdhrwHIFA3HgdQUX3VLaMlFkW7DJktc7BEsUX9DIYQj2t4HEWZbb7q55w4oIUpObFEmhQ==) -> Trouvé(e)
[Suspicious.Path] \\WindApp Update -- C:\Users\Mazi\AppData\Roaming\Store\WindApp\WindApp Update.exe (/T=86400) -> Trouvé(e)

¤¤¤ Fichiers : 3 ¤¤¤
[Suspicious.Path][Fichier] hqghumeaylnlf.lnk -- C:\Users\Mazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [LNK@] C:\ProgramData\{94994a58-7c70-8323-9499-94a587c72961}\hqghumeaylnlf.exe /startup -> Trouvé(e)
[Suspicious.Path][Fichier] Setup_product_18129.lnk -- C:\Users\Mazi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup_product_18129.lnk [LNK@] C:\ProgramData\{2b792cd5-4f55-e622-2b79-92cd54f5b355}\Setup_product_18129.exe --startup=1 -> Trouvé(e)
[ZeroAccess][Jonction] $NtUninstallKB41159$ -- C:\Windows\$NtUninstallKB41159$ [JUNCTION@ 0] >> ERROR 5 -> Trouvé(e)

¤¤¤ Fichier Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 7 (Driver: Chargé) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x8556b1e8

¤¤¤ Navigateurs web : 2 ¤¤¤
[PUP][FIREFX:Addon] xmtcd1sr.default : shortcut [shortcutff@gmail.com] -> Trouvé(e)
[PUP][FIREFX:Addon] xmtcd1sr.default : Fast Start [faststartff@gmail.com] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00AAKX-001CA SCSI Disk Device +++++
--- User ---
[MBR] 8dc5a514e4c9ac924a254cd6732b126b
[BSP] c987466b14923a73dba98b80241cd117 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 180000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive1: ST316081 1AS SCSI Disk Device +++++
--- User ---
[MBR] 8af1c760e1e9a6036a96f6bcad6420d0
[BSP] 4991f0d0dac20920fb558084596a1d7f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 59999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive2: USB Flash Disk USB Device +++++
--- User ---
[MBR] fe30b75521b354ed739af5809fbcd76b
[BSP] f6eca64e135a202b1ced04c632f522e1 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 128 | Size: 7647 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


Publicité


Signaler le contenu de ce document

Publicité