cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V11.0.4.0 (x64) [Dec 20 2015] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
Démarré en : Mode normal
Utilisateur : pc [Administrateur]
Démarré depuis : C:\Users\pc\Downloads\Programs\RogueKillerX64.exe
Mode : Scan -- Date : 12/23/2015 01:24:43

¤¤¤ Processus : 1 ¤¤¤
[Suspicious.Path] (SVC) gkernel -- \??\C:\Users\pc\AppData\Local\Temp\gkernel.sys[x] -> ERROR [41c]

¤¤¤ Registre : 18 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Reimage -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\LuckyBrowse -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SimpleFiles -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Tencent -> Trouvé(e)
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ApplicationHosting (C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe -f "C:\ProgramData\\ApplicationHosting\\ApplicationHosting.dat" -l -a) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AppthgildeM (C:\ProgramData\\AppthgildeM\\AppthgildeM.exe -f "C:\ProgramData\\AppthgildeM\\AppthgildeM.dat" -l -a) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\caMyciloP (C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gkernel (\??\C:\Users\pc\AppData\Local\Temp\gkernel.sys) -> Trouvé(e)
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ApplicationHosting (C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe -f "C:\ProgramData\\ApplicationHosting\\ApplicationHosting.dat" -l -a) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppthgildeM (C:\ProgramData\\AppthgildeM\\AppthgildeM.exe -f "C:\ProgramData\\AppthgildeM\\AppthgildeM.dat" -l -a) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\caMyciloP (C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkernel (\??\C:\Users\pc\AppData\Local\Temp\gkernel.sys) -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1788190544-2841081292-2523875018-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1788190544-2841081292-2523875018-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1788190544-2841081292-2523875018-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1788190544-2841081292-2523875018-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVsyFvljAR6kTuu7sqsHjynXJUkfZdI5qoTEm7WpI0dis1J1py6lKHVjQ5kuCswMGfOoeSAWZEA4ohsNTyF50F4WFnISogk_PxVcQ_zLU70AypWR-N5oAfeex6916pYrPpO_sgU1V4gwpRW4y&q={searchTerms} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\caMyciloP\Konhold.dll [-] -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\caMyciloP\LamSolodax.dll [-] -> Trouvé(e)

¤¤¤ Tâches : 3 ¤¤¤
[Suspicious.Path] \Cooking Video -- C:\Windows\system32\rundll32.exe ("C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\CookingVideo.dll",#1) -> Trouvé(e)
[Suspicious.Path] \Cooking Video2 -- C:\Windows\system32\rundll32.exe ("C:\Users\pc\AppData\Local\Cooking Video\{E63158DF-E2DC-0D34-1AC4-56A2F8D8A2DD}\evjd.dll",#1) -> Trouvé(e)
[PUP] \LuckyBrowse -- C:\Program Files (x86)\LuckyBrowse\app\luckybrowse.exe -> Trouvé(e)

¤¤¤ Fichiers : 2 ¤¤¤
[PUP][Fichier] C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnk [LNK@] C:\Program Files (x86)\Tencent\QQPlayer\QQPlayer.exe -> Trouvé(e)
[PUP][Répertoire] C:\Program Files (x86)\Tencent -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0x20]) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E680 +++++
--- User ---
[MBR] aef1982da2b2b326d84ab3eca5d135bc
[BSP] 157ee2c6c7b928904612238ab939f2e7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 269650 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 552962048 | Size: 206938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité