cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V12.0.3.0 [Mar 21 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : Hocine [Administrateur]
Démarré depuis : C:\Users\Hocine\Desktop\bh\RogueKiller.exe
Mode : Suppression -- Date : 03/28/2016 15:09:09

¤¤¤ Processus : 2 ¤¤¤
[Suspicious.Path] utorrentie.exe(3968) -- C:\Users\Hocine\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] utorrentie.exe(3660) -- C:\Users\Hocine\AppData\Roaming\uTorrent\updates\3.4.6_42042\utorrentie.exe[-] -> Tué(e) [TermProc]

¤¤¤ Registre : 14 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Babylon -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\BabylonToolbar -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\SafetyNut -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Trymedia Systems -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-898322170-2674512194-256254765-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {1E796980-9CC5-11D1-A83F-00C04FC99D61} : -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-898322170-2674512194-256254765-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Supprimé(e)
[Hj.Name|Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | HKLM : C:\Windows\Temp\System\svchost.exe [-] -> Supprimé(e)
[Hj.Name|Suspicious.Path] HKEY_USERS\S-1-5-21-898322170-2674512194-256254765-1000\Software\Microsoft\Windows\CurrentVersion\Run | HKCU : C:\Windows\Temp\System\svchost.exe [-] -> Supprimé(e)
[Hj.Name|Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Policies : C:\Windows\Temp\System\svchost.exe [-] -> Supprimé(e)
[Hj.Name|Suspicious.Path] HKEY_USERS\S-1-5-21-898322170-2674512194-256254765-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Policies : C:\Windows\Temp\System\svchost.exe [-] -> Supprimé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-898322170-2674512194-256254765-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.windowsxlive.net -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-898322170-2674512194-256254765-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Non sélectionné
[Hj.Name|Suspicious.Path] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0U20NO26-PJRP-W0QH-6A1I-O0354H537C3K} | StubPath : C:\Windows\Temp\System\svchost.exe Restart [-][x] -> Supprimé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 2 ¤¤¤
[PUP][Répertoire] C:\Users\Hocine\AppData\Roaming\OpenCandy -> Supprimé(e)
[PUP][Fichier] C:\Users\Hocine\AppData\Roaming\OpenCandy\743A084C1CF14D69B62A8E8103EF4B0A\setup.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\Hocine\AppData\Roaming\OpenCandy\743A084C1CF14D69B62A8E8103EF4B0A -> Supprimé(e)
[PUP][Fichier] C:\Users\Hocine\AppData\Roaming\OpenCandy\7D9862C40CDA486B84D43CABAFAE37F0\Opera_NI_stable.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\Hocine\AppData\Roaming\OpenCandy\7D9862C40CDA486B84D43CABAFAE37F0 -> Supprimé(e)
[PUP][Fichier] C:\Users\Hocine\AppData\Roaming\OpenCandy\A2358DA67EA34EFB8BA024EAE58A5C94\dyesubd1_p3v0.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\Hocine\AppData\Roaming\OpenCandy\A2358DA67EA34EFB8BA024EAE58A5C94 -> Supprimé(e)
[PUP][Fichier] C:\Users\Hocine\AppData\Roaming\OpenCandy\B9E9BF7478E84522933832041BA77788\TuneUpUtilities2014WORLDW1D_en-US.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\Hocine\AppData\Roaming\OpenCandy\B9E9BF7478E84522933832041BA77788 -> Supprimé(e)
[PUP][Fichier] C:\Users\Hocine\AppData\Roaming\OpenCandy\C147B4945D56450FBC13707C8D193E45\TuneUpUtilities2014WORLDW15D_en-US.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\Hocine\AppData\Roaming\OpenCandy\C147B4945D56450FBC13707C8D193E45 -> Supprimé(e)
[PUP][Répertoire] C:\Users\Hocine\AppData\Roaming\OpenCandy\OpenCandy_B9E9BF7478E84522933832041BA77788 -> Supprimé(e)
[PUP][Répertoire] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} -> Supprimé(e)
[PUP][Fichier] C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Supprimé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: Chargé) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff845f7f46 (call dword [0x8837bd14])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff88226468 (call dword [0x882520b4])

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] cshcuj9o.default : user_pref("browser.startup.homepage", "http://www.windowsxlive.net"); -> Remplacé(e) (about:home)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST3750640NS ATA Device +++++
--- User ---
[MBR] a8e3bdd62a123af1b189380a1cefc9fb
[BSP] ad5abd286d936e2b9464a0b19af2c0ec : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 463994 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 950260815 | Size: 251407 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3750640NS ATA Device +++++
--- User ---
[MBR] dba0d162c85c036ca4bb04bd59b1a07b
[BSP] 92e5e9a66a1eb1a1511df0a76b22b639 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 400001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 819202545 | Size: 315393 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: ST3750640NS ATA Device +++++
--- User ---
[MBR] 4a1cce9e8d4e5129b0be0019bc254a63
[BSP] 50406289ec766f52e8467987143fc11f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 250003 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 512007615 | Size: 465390 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] 3f89feaf0f081b6442b92c5e1186ef57
[BSP] dcc50333c37bd4839f612ea0b67b7a38 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 3820 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] UNKNOWN (0x21) [VISIBLE] Offset (sectors): 7823655 | Size: 0 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


Publicité


Signaler le contenu de ce document

Publicité