cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V11.0.12.0 [Feb 15 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : admin [Administrateur]
Démarré depuis : C:\Users\la famille\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/15/2016 14:38:34

¤¤¤ Processus : 13 ¤¤¤
[Suspicious.Path|Proc.Injected|VT.Unknown] Airtostrong.exe(1564) -- C:\ProgramData\Airtostrong\Airtostrong.exe[-] -> Tué(e) [TermProc]
[VT.PUP.Optional.Amonetize] BitTorrent.exe(1744) -- C:\Program Files\BitTorrent\BitTorrent.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|Proc.Injected|VT.PUP.Optional.Linkury.ShrtCln] dlohn.exe(1864) -- C:\ProgramData\dlohn\dlohn.exe[-] -> Tué(e) [TermProc]
[Proc.RunPE] hasplms.exe(2008) -- C:\Windows\System32\hasplms.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path|VT.Trojan.Agent.MSIL] Ranelectronics.exe(344) -- C:\Users\admin\AppData\Local\Ranelectronics.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.Trojan.Agent.MSIL] Newfinhigh.exe(948) -- C:\Users\admin\AppData\Local\Newfinhigh.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|VT.PUP.Optional.Linkury] tmp9FC7.tmp(2672) -- C:\Windows\Temp\tmp9FC7.tmp[-] -> Tué(e) [TermProc]
[Suspicious.Path|Proc.Injected] Airtostrong.exe(2348) -- C:\ProgramData\Airtostrong\Airtostrong.exe[-] -> Tué(e) [TermProc]
[Proc.Injected] chrome.exe(3008) -- C:\Program Files\Google\Chrome\Application\chrome.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] chrome.exe(3980) -- C:\Program Files\Google\Chrome\Application\chrome.exe[7] -> Tué(e) [TermProc]
[Suspicious.Path|VT.Trojan.Agent.MSIL] (SVC) pmmduet -- C:\Users\admin\AppData\Local\Ranelectronics.exe webdpwneob pmmduet[-] -> Arrêté(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] (SVC) proiuctprodwwnioad -- C:\Users\admin\AppData\Local\Newfinhigh.exe downioadwi proiuctprodwwnioad[-] -> Arrêté(e)
[Suspicious.Path|VT.Unknown] (SVC) caMyciloP -- C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a[-] -> Arrêté(e)

¤¤¤ Registre : 24 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\BaseFlash -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Systweak -> Trouvé(e)
[VT.Unknown] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Report : \AdwCleaner\AdwCleaner[C1].txt [-] -> Trouvé(e)
[Suspicious.Path|VT.Gen:Variant.Mikey.31713] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Airtostrong (C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a) -> Trouvé(e)
[Suspicious.Path|VT.PUP.Optional.Linkury.ShrtCln] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dlohn (C:\ProgramData\\dlohn\\dlohn.exe -f "C:\ProgramData\\dlohn\\dlohn.dat" -l -a) -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pmmduet (C:\Users\admin\AppData\Local\Ranelectronics.exe webdpwneob pmmduet) -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\proiuctprodwwnioad (C:\Users\admin\AppData\Local\Newfinhigh.exe downioadwi proiuctprodwwnioad) -> Trouvé(e)
[Suspicious.Path|VT.Gen:Variant.Mikey.31713] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Airtostrong (C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a) -> Trouvé(e)
[Suspicious.Path|VT.PUP.Optional.Linkury.ShrtCln] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dlohn (C:\ProgramData\\dlohn\\dlohn.exe -f "C:\ProgramData\\dlohn\\dlohn.dat" -l -a) -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmmduet (C:\Users\admin\AppData\Local\Ranelectronics.exe webdpwneob pmmduet) -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\proiuctprodwwnioad (C:\Users\admin\AppData\Local\Newfinhigh.exe downioadwi proiuctprodwwnioad) -> Trouvé(e)
[Suspicious.Path|VT.Gen:Variant.Mikey.31713] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Airtostrong (C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a) -> Trouvé(e)
[Suspicious.Path|VT.PUP.Optional.Linkury.ShrtCln] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dlohn (C:\ProgramData\\dlohn\\dlohn.exe -f "C:\ProgramData\\dlohn\\dlohn.dat" -l -a) -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pmmduet (C:\Users\admin\AppData\Local\Ranelectronics.exe webdpwneob pmmduet) -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\proiuctprodwwnioad (C:\Users\admin\AppData\Local\Newfinhigh.exe downioadwi proiuctprodwwnioad) -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNZ4IeknwsEdyUfUBn-3Oit-smW0DGEE6zmvd9ldqBbWNSm5wJDyNsEVsj-AWvzO9T0SNVsoVxzBtlJaXlH8sukX4GhLav8YmVWbBwCQFOQjKCTpoGhA51MY7U13Lmpp__mYLhKDp7_y6Q2rTijFApnJCFN81uv-34zl2dWzFDBXk, -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNZ4IeknwsEdyUfUBn-3Oit-smW0DGEE6zmvd9ldqBbWNSm5wJDyNsEVsj-AWvzO9T0SNVsoVxzBtlJaXlH8sukX4GhLav8YmVWbBwCQFOQjKCTpoGhA51MY7U13Lmpp__mYLhKDp7_y6Q2rTijFApnJCFN81uv-34zl2dWzFDBXk, -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNZ4IeknwsEdyUfUBn-3Oit-smW0DGEE6zmvd9ldqBbWNSm5wJDyNsEVsj-AWvzO9T0SNVsoVxzBtlJanabwhs0RzUzCCdWaC26PhpETPwj-WA8CgETcQvSagAe0pirifJxmnlxYYTrOEioCgAOdwpVmDghuEVrYzEjOGwvk1REqI,&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNZ4IeknwsEdyUfUBn-3Oit-smW0DGEE6zmvd9ldqBbWNSm5wJDyNsEVsj-AWvzO9T0SNVsoVxzBtlJanabwhs0RzUzCCdWaC26PhpETPwj-WA8CgETcQvSagAe0pirifJxmnlxYYTrOEioCgAOdwpVmDghuEVrYzEjOGwvk1REqI,&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNZ4IeknwsEdyUfUBn-3Oit-smW0DGEE6zmvd9ldqBbWNSm5wJDyNsEVsj-AWvzO9T0SNVsoVxzBtlJanabwhs0RzUzCCdWaC26PhpETPwj-WA8CgETcQvSagAe0pirifJxmnlxYYTrOEioCgAOdwpVmDghuEVrYzEjOGwvk1REqI,&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1003\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNZ4IeknwsEdyUfUBn-3Oit-smW0DGEE6zmvd9ldqBbWNSm5wJDyNsEVsj-AWvzO9T0SNVsoVxzBtlJanabwhs0RzUzCCdWaC26PhpETPwj-WA8CgETcQvSagAe0pirifJxmnlxYYTrOEioCgAOdwpVmDghuEVrYzEjOGwvk1REqI,&q={searchTerms} -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2705892818-740822966-2425394708-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[Suspicious.Path|VT.PUP.Optional.Linkury] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\caMyciloP\StrongTone.dll [-] -> Trouvé(e)

¤¤¤ Tâches : 21 ¤¤¤
[Suspicious.Path|VT.Trojan.Agent.MSIL] \downioadwi -- C:\Windows\system32\config\systemprofile\AppData\Local\Tamtam (/t 8562 6332) -> Trouvé(e)
[Suspicious.Path] \psv_AirStrong -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\TrippleTom.reg" & del "C:\ProgramData\dlohn\TrippleTom.reg" & SCHTASKS /Delete /TN "psv_AirStrong" /F) -> Trouvé(e)
[Suspicious.Path] \psv_AnTam -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Vivacom.reg" & del "C:\ProgramData\Medlight\Vivacom.reg" & SCHTASKS /Delete /TN "psv_AnTam" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Dalt-Soft -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\S-zap.reg" & del "C:\ProgramData\dlohn\S-zap.reg" & SCHTASKS /Delete /TN "psv_Dalt-Soft" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Daltity -- cmd.exe (/c regedit.exe /s "C:\ProgramData\caMyciloP\Superjoykix.reg" & del "C:\ProgramData\caMyciloP\Superjoykix.reg" & SCHTASKS /Delete /TN "psv_Daltity" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Homecof -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Vivazensoft.reg" & del "C:\ProgramData\dlohn\Vivazensoft.reg" & SCHTASKS /Delete /TN "psv_Homecof" /F) -> Trouvé(e)
[Suspicious.Path|VT.Unknown] \psv_Matgofix -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Airtostrong\Quad-Cof.reg" & del "C:\ProgramData\Airtostrong\Quad-Cof.reg" & SCHTASKS /Delete /TN "psv_Matgofix" /F) -> Trouvé(e)
[Suspicious.Path] \psv_New-It -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Openlam.reg" & del "C:\ProgramData\dlohn\Openlam.reg" & SCHTASKS /Delete /TN "psv_New-It" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Openbam -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Quotequadlax.reg" & del "C:\ProgramData\dlohn\Quotequadlax.reg" & SCHTASKS /Delete /TN "psv_Openbam" /F) -> Trouvé(e)
[Suspicious.Path] \psv_SanKaylux -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Groovesoft.reg" & del "C:\ProgramData\Medlight\Groovesoft.reg" & SCHTASKS /Delete /TN "psv_SanKaylux" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Scot-Fax -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Groovelam.reg" & del "C:\ProgramData\Medlight\Groovelam.reg" & SCHTASKS /Delete /TN "psv_Scot-Fax" /F) -> Trouvé(e)
[Suspicious.Path|VT.Unknown] \psv_Singlela -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Strongtax.reg" & del "C:\ProgramData\dlohn\Strongtax.reg" & SCHTASKS /Delete /TN "psv_Singlela" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Softlux -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Year-Dax.reg" & del "C:\ProgramData\dlohn\Year-Dax.reg" & SCHTASKS /Delete /TN "psv_Softlux" /F) -> Trouvé(e)
[Suspicious.Path] \psv_StrongBam -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Zaam-Lax.reg" & del "C:\ProgramData\dlohn\Zaam-Lax.reg" & SCHTASKS /Delete /TN "psv_StrongBam" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Tech-Is -- cmd.exe (/c regedit.exe /s "C:\ProgramData\caMyciloP\Golddax.reg" & del "C:\ProgramData\caMyciloP\Golddax.reg" & SCHTASKS /Delete /TN "psv_Tech-Is" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Tonair -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Doubleron.reg" & del "C:\ProgramData\dlohn\Doubleron.reg" & SCHTASKS /Delete /TN "psv_Tonair" /F) -> Trouvé(e)
[Suspicious.Path] \psv_ToughHold -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Unitam.reg" & del "C:\ProgramData\dlohn\Unitam.reg" & SCHTASKS /Delete /TN "psv_ToughHold" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Via-Light -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Zenhome.reg" & del "C:\ProgramData\Medlight\Zenhome.reg" & SCHTASKS /Delete /TN "psv_Via-Light" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Zot-Sing -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Faseair.reg" & del "C:\ProgramData\dlohn\Faseair.reg" & SCHTASKS /Delete /TN "psv_Zot-Sing" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Zotair -- cmd.exe (/c regedit.exe /s "C:\ProgramData\caMyciloP\Dongsoft.reg" & del "C:\ProgramData\caMyciloP\Dongsoft.reg" & SCHTASKS /Delete /TN "psv_Zotair" /F) -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Agent.MSIL] \webdpwneob -- C:\Windows\system32\config\systemprofile\AppData\Local\Home-Fax (/t 6836 9548) -> Trouvé(e)

¤¤¤ Fichiers : 3 ¤¤¤
[PUP][Répertoire] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Trouvé(e)
[PUP][Répertoire] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Trouvé(e)
[PUP][Répertoire] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 7 ¤¤¤
[PUP][FIREFX:Addon] 60ts14y3.default : Yahoo! Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Trouvé(e)
[PUP][FIREFX:Addon] 60ts14y3.default : Advanced SystemCare Surfing Protection [ascsurfingprotection@iobit.com] -> Trouvé(e)
[PUP][FIREFX:Addon] 60ts14y3.default : FirefixTab [deskCutv2@gmail.com] -> Trouvé(e)
[PUP][FIREFX:Addon] CCACCBF1-7AB4-4CF5-B32D-668C686A539F : Yahoo! Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Trouvé(e)
[PUP][FIREFX:Addon] CCACCBF1-7AB4-4CF5-B32D-668C686A539F : Advanced SystemCare Surfing Protection [ascsurfingprotection@iobit.com] -> Trouvé(e)
[PUP][FIREFX:Addon] CCACCBF1-7AB4-4CF5-B32D-668C686A539F : FirefixTab [deskCutv2@gmail.com] -> Trouvé(e)
[PUM.HomePage][FIREFX:Config] 60ts14y3.default : user_pref("browser.startup.homepage", "C:\ProgramData\Airtostrongs\ff.HP"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++
--- User ---
[MBR] 98696d1b4235b38286fbad92d366f17a
[BSP] e6e3578f832847cbb33312607d27d352 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 150702 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 308844649 | Size: 1824 MB
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité