cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V11.0.12.0 [Feb 15 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : admin [Administrateur]
Démarré depuis : C:\Users\la famille\Downloads\RogueKiller.exe
Mode : Scan -- Date : 02/15/2016 15:11:27

¤¤¤ Processus : 5 ¤¤¤
[VT.PUP.Optional.Amonetize] BitTorrent.exe(2268) -- C:\Program Files\BitTorrent\BitTorrent.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|Proc.Injected|VT.Gen:Variant.Mikey.31713] Airtostrong.exe(1860) -- C:\ProgramData\Airtostrong\Airtostrong.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path|Proc.Injected|VT.Gen:Variant.Mikey.31713] Airtostrong.exe(2920) -- C:\ProgramData\Airtostrong\Airtostrong.exe[-] -> Tué(e) [TermProc]
[Proc.Injected] chrome.exe(3116) -- C:\Program Files\Google\Chrome\Application\chrome.exe[7] -> Tué(e) [TermProc]
[Proc.RunPE] SearchFilterHost.exe(1140) -- C:\Windows\System32\SearchFilterHost.exe[x] -> [NoKill]

¤¤¤ Registre : 2 ¤¤¤
[Suspicious.Path|VT.Gen:Variant.Mikey.31713] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\caMyciloP (C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a) -> Trouvé(e)
[Suspicious.Path|VT.Gen:Variant.Mikey.31713] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\caMyciloP (C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a) -> Trouvé(e)

¤¤¤ Tâches : 18 ¤¤¤
[Suspicious.Path] \psv_AirStrong -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\TrippleTom.reg" & del "C:\ProgramData\dlohn\TrippleTom.reg" & SCHTASKS /Delete /TN "psv_AirStrong" /F) -> Trouvé(e)
[Suspicious.Path] \psv_AnTam -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Vivacom.reg" & del "C:\ProgramData\Medlight\Vivacom.reg" & SCHTASKS /Delete /TN "psv_AnTam" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Dalt-Soft -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\S-zap.reg" & del "C:\ProgramData\dlohn\S-zap.reg" & SCHTASKS /Delete /TN "psv_Dalt-Soft" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Daltity -- cmd.exe (/c regedit.exe /s "C:\ProgramData\caMyciloP\Superjoykix.reg" & del "C:\ProgramData\caMyciloP\Superjoykix.reg" & SCHTASKS /Delete /TN "psv_Daltity" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Homecof -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Vivazensoft.reg" & del "C:\ProgramData\dlohn\Vivazensoft.reg" & SCHTASKS /Delete /TN "psv_Homecof" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Matgofix -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Airtostrong\Quad-Cof.reg" & del "C:\ProgramData\Airtostrong\Quad-Cof.reg" & SCHTASKS /Delete /TN "psv_Matgofix" /F) -> Trouvé(e)
[Suspicious.Path] \psv_New-It -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Openlam.reg" & del "C:\ProgramData\dlohn\Openlam.reg" & SCHTASKS /Delete /TN "psv_New-It" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Openbam -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Quotequadlax.reg" & del "C:\ProgramData\dlohn\Quotequadlax.reg" & SCHTASKS /Delete /TN "psv_Openbam" /F) -> Trouvé(e)
[Suspicious.Path] \psv_SanKaylux -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Groovesoft.reg" & del "C:\ProgramData\Medlight\Groovesoft.reg" & SCHTASKS /Delete /TN "psv_SanKaylux" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Scot-Fax -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Groovelam.reg" & del "C:\ProgramData\Medlight\Groovelam.reg" & SCHTASKS /Delete /TN "psv_Scot-Fax" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Softlux -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Year-Dax.reg" & del "C:\ProgramData\dlohn\Year-Dax.reg" & SCHTASKS /Delete /TN "psv_Softlux" /F) -> Trouvé(e)
[Suspicious.Path] \psv_StrongBam -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Zaam-Lax.reg" & del "C:\ProgramData\dlohn\Zaam-Lax.reg" & SCHTASKS /Delete /TN "psv_StrongBam" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Tech-Is -- cmd.exe (/c regedit.exe /s "C:\ProgramData\caMyciloP\Golddax.reg" & del "C:\ProgramData\caMyciloP\Golddax.reg" & SCHTASKS /Delete /TN "psv_Tech-Is" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Tonair -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Doubleron.reg" & del "C:\ProgramData\dlohn\Doubleron.reg" & SCHTASKS /Delete /TN "psv_Tonair" /F) -> Trouvé(e)
[Suspicious.Path] \psv_ToughHold -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Unitam.reg" & del "C:\ProgramData\dlohn\Unitam.reg" & SCHTASKS /Delete /TN "psv_ToughHold" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Via-Light -- cmd.exe (/c regedit.exe /s "C:\ProgramData\Medlight\Zenhome.reg" & del "C:\ProgramData\Medlight\Zenhome.reg" & SCHTASKS /Delete /TN "psv_Via-Light" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Zot-Sing -- cmd.exe (/c regedit.exe /s "C:\ProgramData\dlohn\Faseair.reg" & del "C:\ProgramData\dlohn\Faseair.reg" & SCHTASKS /Delete /TN "psv_Zot-Sing" /F) -> Trouvé(e)
[Suspicious.Path] \psv_Zotair -- cmd.exe (/c regedit.exe /s "C:\ProgramData\caMyciloP\Dongsoft.reg" & del "C:\ProgramData\caMyciloP\Dongsoft.reg" & SCHTASKS /Delete /TN "psv_Zotair" /F) -> Trouvé(e)

¤¤¤ Fichiers : 1 ¤¤¤
[PUP][Répertoire] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 7 ¤¤¤
[PUP][FIREFX:Addon] 60ts14y3.default : Yahoo! Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Trouvé(e)
[PUP][FIREFX:Addon] 60ts14y3.default : Advanced SystemCare Surfing Protection [ascsurfingprotection@iobit.com] -> Trouvé(e)
[PUP][FIREFX:Addon] 60ts14y3.default : FirefixTab [deskCutv2@gmail.com] -> Trouvé(e)
[PUP][FIREFX:Addon] CCACCBF1-7AB4-4CF5-B32D-668C686A539F : Yahoo! Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Trouvé(e)
[PUP][FIREFX:Addon] CCACCBF1-7AB4-4CF5-B32D-668C686A539F : Advanced SystemCare Surfing Protection [ascsurfingprotection@iobit.com] -> Trouvé(e)
[PUP][FIREFX:Addon] CCACCBF1-7AB4-4CF5-B32D-668C686A539F : FirefixTab [deskCutv2@gmail.com] -> Trouvé(e)
[PUM.HomePage][FIREFX:Config] 60ts14y3.default : user_pref("browser.startup.homepage", "C:\ProgramData\Airtostrongs\ff.HP"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++
--- User ---
[MBR] 98696d1b4235b38286fbad92d366f17a
[BSP] e6e3578f832847cbb33312607d27d352 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 150702 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 308844649 | Size: 1824 MB
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité