cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.7.0.0 [May 25 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Démarré en : Mode normal
Utilisateur : Mazi [Administrateur]
Démarré depuis : C:\Users\Mazi\AppData\Local\Opera\Opera\temporary_downloads\RogueKiller (2).exe
Mode : Suppression -- Date : 05/28/2015 13:20:53

¤¤¤ Processus : 7 ¤¤¤
[PUP] ProtectService.exe(1888) -- C:\Program Files\XTab\ProtectService.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path] nse4AA1.tmp(1944) -- C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp[-] -> Tué(e) [TermProc]
[Suspicious.Path] jnsdEC71.tmp(2004) -- C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp[-] -> Tué(e) [TermProc]
[Suspicious.Path] ajeevale.exe(1316) -- C:\ProgramData\Ruussiafkabar\1.0.1.0\ajeevale.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] ajeevale.exe(2824) -- C:\ProgramData\Ruussiafkabar\1.0.1.0\ajeevale.exe[-] -> Tué(e) [TermProc]
[PUP] CmdShell.exe(3900) -- C:\Program Files\XTab\cmdshell.exe[7] -> Tué(e) [TermThr]
[PUP] HPNotify.exe(3912) -- C:\Program Files\XTab\HPNotify.exe[7] -> Tué(e) [TermThr]

¤¤¤ Registre : 73 ¤¤¤
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_F_1B33\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Supprimé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_G_8869\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Supprimé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Supprimé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_F_1B33\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} -> Supprimé(e)
[PUM.Orphan] HKEY_LOCAL_MACHINE\RK_Software_ON_G_8869\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47B614AF-B4CC-485B-B331-BE26F02ED4CC} -> Supprimé(e)
[Suspicious.Path] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C4E8F8D-08D7-41C1-A172-E44D66813EE3} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CF15BC1-148A-5A93-BE98-86AB82C567FD} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0924543-15FD-4F3D-889C-0B4562A9CB45} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E634117B-33A8-4C70-8210-198010F03834} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023} -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {ECDEE021-0D17-467F-A1FF-C7A115230949} : -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EF79F67A-6AD7-4715-A0F8-932FCA442023} : -> Supprimé(e)
[PUP] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} : -> Supprimé(e)
[PUP] HKEY_USERS\RK_mazi_ON_F_2B38\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Supprimé(e)
[PUM.Orphan] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {ECDEE021-0D17-467F-A1FF-C7A115230949} : -> ERROR [2]
[PUM.Orphan] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EF79F67A-6AD7-4715-A0F8-932FCA442023} : -> ERROR [2]
[PUP] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} : -> ERROR [2]
[PUP] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {CA3EB689-8F09-4026-AA10-B9534C691CE0} : -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {CA3EB689-8F09-4026-AA10-B9534C691CE0} : -> ERROR [2]
[PUP] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Run | WindApp : "C:\Users\Mazi\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup [x][x] -> Supprimé(e)
[Suspicious.Path] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Run | Selection Tools : "C:\Users\Mazi\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup [x][x] -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IHProtect Service (C:\Program Files\XTab\ProtectService.exe) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nibiwigi (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nugilevu (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IHProtect Service (C:\Program Files\XTab\ProtectService.exe) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nibiwigi (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nugilevu (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdate (C:\Program Files\globalUpdate\Update\globalupdate.exe /svc) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\globalupdate.exe /medsvc) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IHProtect Service (C:\Program Files\XTab\ProtectService.exe) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nibiwigi (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\nse4AA1.tmp) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nugilevu (C:\Users\Mazi\AppData\Roaming\00000000-1431361858-0000-0000-6C626D9EA8C0\jnsdEC71.tmp) -> Supprimé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mystartsearch.com/?type=hp&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2 -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.mystartsearch.com/?type=hp&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2 -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.mystartsearch.com/?type=hp&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2 -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.mystartsearch.com/?type=hp&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2 -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.mystartsearch.com/web/?type=ds&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.oursurfing.com/web/?type=ds&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.mystartsearch.com/web/?type=ds&ts=1432809482&z=7b0d583b1215bea3b4808abgbzbc9oeb3ebt7zbbdw&from=slb2&uid=395049983_266162_427DA0E2&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.oursurfing.com/web/?type=ds&ts=1432751195&z=c486fedd248ea81fbe4c691gczfcao0mew3g1gbt0m&from=cmi&uid=395049983_266162_427DA0E2&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_F_1B33\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_F_1B33\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_G_8869\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_G_8869\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-941474947-1101879431-2883593184-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : c:\programdata\lolliscan\lolliscan32.dll [x] -> Remplacé(e) ()

¤¤¤ Tâches : 32 ¤¤¤
[Suspicious.Path] uOuYabFkSVHO5H6nthtPMK.job -- C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK.exe (--c=vJKsVpkREj+1bCmz/aVjGZSmwvnGCis5WV+vz7ifs32LkemQW5TEvkwrPh2keOYsB85j9Z1Rrv5POf5VG7zePrVbuMcSTXKrKxRk8bp49UPlZXvPOoNm8VCys3WPkaH5bzWjgXrgFk73IUHNBuac60CPfB9DTW/4eJL5Rez7duVnOXSgA8ApzqQXbW8QGl45KTASA5+Ku/ud5pAyxTwy++59zHVazuU+bhAb2OGsNXvKIp1o44FEs0UTezcAKTvVRpddZ17JgL3sRG7kBFdhrwHIFA3HgdQUX3VLaMlFkW7DJktc7BEsUX9DIYQj2t4HEWZbb7q55w4oIUpObFEmhQ==) -> Supprimé(e)
[Suspicious.Path] \\At25 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At26 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At27 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At28 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At29 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At30 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At31 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At32 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At33 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At34 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At35 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At36 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At37 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At38 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At39 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At40 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At41 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At42 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At43 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At44 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At45 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At46 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At47 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\At48 -- C:\ProgramData\gl0ruxOC.exe_ -> Supprimé(e)
[Suspicious.Path] \\GlobalUpdate-ngyyy2vxm2tibwf -- C:\Users\Mazi\AppData\Roaming\ngyyy2vxm2tibwf\ngyyy2vxm2tibwf.exe -> Supprimé(e)
[Suspicious.Path] \\OMHVKGNRG -- "C:\ProgramData\99ddd194860b49de9c3d4fa67f327de5\99ddd194860b49de9c3d4fa67f327de5.exe" -> Supprimé(e)
[PUP] \\Run_Bobby_Browser -- "C:\Users\Mazi\AppData\Local\BoBrowser\Application\bobrowser.exe" (--no-startup-window) -> Supprimé(e)
[Suspicious.Path] \\Ruussiafkabar -- "C:\ProgramData\Ruussiafkabar\1.0.1.0\ajeevale.exe" ("/e=L3A9MjI4MjAxXi91PTUzMTFiNGZlYTY5ZjRlNThhMDQ1ZWU0OWQyOGY4MDE2Xi9kPXRyYWNrYnJlYWtpbmduZXdzLmNvbV4vbj1ORVdTXi9hPUJyZWFraW5nTmV3c0FsZXJ0Xi90") -> Supprimé(e)
[Suspicious.Path] \\SmartWeb Upgrade Trigger Task -- C:\Users\Mazi\AppData\Local\SmartWeb\SmartWebHelper.exe -> Supprimé(e)
[Suspicious.Path] \\TIVCWINL -- "C:\ProgramData\10311bf341d64c51bba171380dae5e03\10311bf341d64c51bba171380dae5e03.exe" -> Supprimé(e)
[Suspicious.Path] \\uOuYabFkSVHO5H6nthtPMK -- C:\Users\Mazi\AppData\Roaming\uOuYabFkSVHO5H6nthtPMK.exe (--c=vJKsVpkREj+1bCmz/aVjGZSmwvnGCis5WV+vz7ifs32LkemQW5TEvkwrPh2keOYsB85j9Z1Rrv5POf5VG7zePrVbuMcSTXKrKxRk8bp49UPlZXvPOoNm8VCys3WPkaH5bzWjgXrgFk73IUHNBuac60CPfB9DTW/4eJL5Rez7duVnOXSgA8ApzqQXbW8QGl45KTASA5+Ku/ud5pAyxTwy++59zHVazuU+bhAb2OGsNXvKIp1o44FEs0UTezcAKTvVRpddZ17JgL3sRG7kBFdhrwHIFA3HgdQUX3VLaMlFkW7DJktc7BEsUX9DIYQj2t4HEWZbb7q55w4oIUpObFEmhQ==) -> ERROR [0]

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 7 (Driver: Chargé) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8556b1e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x8556b1e8

¤¤¤ Navigateurs web : 2 ¤¤¤
[PUP][FIREFX:Addon] xmtcd1sr.default : shortcut [shortcutff@gmail.com] -> Supprimé(e)
[PUP][FIREFX:Addon] xmtcd1sr.default : Fast Start [faststartff@gmail.com] -> Supprimé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00AAKX-001CA SCSI Disk Device +++++
--- User ---
[MBR] 8dc5a514e4c9ac924a254cd6732b126b
[BSP] c987466b14923a73dba98b80241cd117 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 180000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive1: ST316081 1AS SCSI Disk Device +++++
--- User ---
[MBR] 8af1c760e1e9a6036a96f6bcad6420d0
[BSP] 4991f0d0dac20920fb558084596a1d7f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 59999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive2: USB Flash Disk USB Device +++++
--- User ---
[MBR] fe30b75521b354ed739af5809fbcd76b
[BSP] f6eca64e135a202b1ced04c632f522e1 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 128 | Size: 7647 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


============================================
RKreport_SCN_05272015_213554.log - RKreport_DEL_05272015_213714.log - RKreport_DEL_05272015_213719.log - RKreport_SCN_05282015_124643.log
RKreport_SCN_05282015_131750.log

Publicité


Signaler le contenu de ce document

Publicité