cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.0.2.0 (x64) [Mar 14 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Condor [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 03/18/2016 15:37:04

¤¤¤ Processus : 2 ¤¤¤
[Proc.Injected] iexplore.exe(3968) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] iexplore.exe(3644) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Tué(e) [TermThr]

¤¤¤ Registre : 25 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\mtMedlight -> Non sélectionné
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\mysites123Software -> Non sélectionné
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SimpleFiles -> Non sélectionné
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\TData -> Non sélectionné
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Format Factory : Cmd.exe /c start WScript.exe /e:VBScript.Encode C:\Users\Condor\AppData\Roaming\Video.3gp [x] -> Non sélectionné
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Run | EPSON Stylus D78 Series : C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.EXE /FU "C:\Users\Condor\AppData\Local\Temp\E_SC61C.tmp" /EF "HKCU" [7][x][x][x][x] -> Non sélectionné
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Run | Format Factory : Cmd.exe /c start WScript.exe /e:VBScript.Encode C:\Users\Condor\AppData\Roaming\Video.3gp [x] -> Non sélectionné
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Run | Adobe PhotoShop : "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Startrun.pif" /E:Vbscript.Encode "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Pictur.Png" [7][x][-] -> Non sélectionné
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Run | EPSON Stylus D78 Series : C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.EXE /FU "C:\Users\Condor\AppData\Local\Temp\E_SC61C.tmp" /EF "HKCU" [7][x][x][x][x] -> Non sélectionné
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Run | Format Factory : Cmd.exe /c start WScript.exe /e:VBScript.Encode C:\Users\Condor\AppData\Roaming\Video.3gp [x] -> Non sélectionné
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Run | Adobe PhotoShop : "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Startrun.pif" /E:Vbscript.Encode "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Pictur.Png" [7][x][-] -> Non sélectionné
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Adobe PhotoShop : "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Startrun.pif" /E:Vbscript.Encode "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Pictur.Png" [7][x][-] -> Non sélectionné
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Adobe PhotoShop : "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Startrun.pif" /E:Vbscript.Encode "C:\Users\Condor\AppData\Roaming\Adobe PhotoShop\Pictur.Png" [7][x][-] -> Non sélectionné
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstopp.me/wpad.dat?6532f4d08960c2a3da6293c270fe238c3315552 -> Non sélectionné
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstopp.me/wpad.dat?6532f4d08960c2a3da6293c270fe238c3315552 -> Non sélectionné
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://unstopp.me/wpad.dat?6532f4d08960c2a3da6293c270fe238c3315552 -> Non sélectionné
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://unstopp.me/wpad.dat?6532f4d08960c2a3da6293c270fe238c3315552 -> Non sélectionné
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://unstopp.me/wpad.dat?6532f4d08960c2a3da6293c270fe238c3315552 -> Non sélectionné
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVp_kkL-6ddbkW99gezG9pj_7Hqtr1wX5-yoLn24SHZhZuN539bzmP5HYbrTyJUzHma6F3BJt2VcSvCIoNjJOy1L7liVp-oyWnlgjFf4WI77ouMH7AQQPKhR--URzg6WgdgDYixPVh8c1wMiFSIVx10x6AA,,&q={searchTerms} -> Non sélectionné
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVp_kkL-6ddbkW99gezG9pj_7Hqtr1wX5-yoLn24SHZhZuN539bzmP5HYbrTyJUzHma6F3BJt2VcSvCIoNjJOy1L7liVp-oyWnlgjFf4WI77ouMH7AQQPKhR--URzg6WgdgDYixPVh8c1wMiFSIVx10x6AA,,&q={searchTerms} -> Non sélectionné
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVp_kkL-6ddbkW99gezG9pj_7Hqtr1wX5-yoLn24SHZhZuN539bzmP5HYbrTyJUzHma6F3BJt2VcSvCIoNjJOy1L7liVp-oyWnlgjFf4WI77ouMH7AQQPKhR--URzg6WgdgDYixPVh8c1wMiFSIVx10x6AA,,&q={searchTerms} -> Non sélectionné
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1984864662-4272465452-474522384-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWr8UeuffMWh7dVp_kkL-6ddbkW99gezG9pj_7Hqtr1wX5-yoLn24SHZhZuN539bzmP5HYbrTyJUzHma6F3BJt2VcSvCIoNjJOy1L7liVp-oyWnlgjFf4WI77ouMH7AQQPKhR--URzg6WgdgDYixPVh8c1wMiFSIVx10x6AA,,&q={searchTerms} -> Non sélectionné
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné
[Suspicious.Path|VT.PUP.Optional.Linkury] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Medlight\Stimair.dll [-] -> Remplacé(e) ()

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-00A0R SCSI Disk Device +++++
--- User ---
[MBR] 0f7ade8f366b3b1cfcaa1b375438078f
[BSP] 3d3fb33c56261eda40c2003bab54150a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 5000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 10242048 | Size: 100 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 10446848 | Size: 150000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 317646848 | Size: 150143 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: JMCR SD SCSI Disk Device +++++
--- User ---
[MBR] e9ac24b0712d58a80af2a8075fcf6eb7
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 3720 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )

+++++ PhysicalDrive2: A-DATA USB Flash Drive USB Device +++++
--- User ---
[MBR] 9926324753f25ade54d762d53225fea1
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 7697 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


Publicité


Signaler le contenu de ce document

Publicité