cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.3.0.0 (x64) [May 22 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version
Démarré en : Mode normal
Utilisateur : ayoub-pc [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 05/27/2016 16:34:44

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 22 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Supprimé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Tarma Installer -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\GlobalUpdate -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\InstallCore -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\PIP -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SmdmF -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Super Radio -> Supprimé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SweetIM -> Supprimé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2989162816-207459483-2485748632-1001\Software\Microsoft\Windows\CurrentVersion\Run | FrappsyPlayer : "C:\Users\ayoub-pc\AppData\Local\Frappsy\FrappsyPlayer\FrappsyPlayer.exe" /hide [-][x] -> Supprimé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2989162816-207459483-2485748632-1001\Software\Microsoft\Windows\CurrentVersion\Run | FrappsyPlayer : "C:\Users\ayoub-pc\AppData\Local\Frappsy\FrappsyPlayer\FrappsyPlayer.exe" /hide [-][x] -> ERROR [2]
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Supprimé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Supprimé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Supprimé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Supprimé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2989162816-207459483-2485748632-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10195_swoc_campaign_151119__yaie -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2989162816-207459483-2485748632-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10195_swoc_campaign_151119__yaie -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2989162816-207459483-2485748632-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2989162816-207459483-2485748632-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2989162816-207459483-2485748632-1001\Control Panel\Desktop | SCRNSAVE.EXE : C:\WINDOWS\Screen_Samsung.scr [-] -> Remplacé(e) (C:\WINDOWS\system32\logon.scr)

¤¤¤ Tâches : 2 ¤¤¤
[Suspicious.Path] \Funmoods -- C:\Users\ayoub-pc\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (/Check) -> Supprimé(e)
[Suspicious.Path] \SUPatchForW10Up -- "%programdata%\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe" -> Supprimé(e)

¤¤¤ Fichiers : 2 ¤¤¤
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy -> Supprimé(e)
[PUP][Fichier] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\4CE2CBC30E2446879875BC4B4490CC5C\pokkiInstaller.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\4CE2CBC30E2446879875BC4B4490CC5C -> Supprimé(e)
[PUP][Fichier] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\8881C3A742D14704A02D4F8F48EE4310\version51030bc4470a0.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\8881C3A742D14704A02D4F8F48EE4310 -> Supprimé(e)
[PUP][Fichier] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\EAA1945701DF4CE6A34A03BE2FC70B15\RegistryReviverSetup_AFF.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\EAA1945701DF4CE6A34A03BE2FC70B15 -> Supprimé(e)
[PUP][Fichier] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\F89F09B2D1C14A4DAF5DB361A2773D5A\setup.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\F89F09B2D1C14A4DAF5DB361A2773D5A -> Supprimé(e)
[PUP][Fichier] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\F9162DA4E39A43A7BCA295D765CDF6A4\WcInstaller.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\F9162DA4E39A43A7BCA295D765CDF6A4 -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\OpenCandy_8881C3A742D14704A02D4F8F48EE4310 -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Roaming\OpenCandy\OpenCandy_EAA1945701DF4CE6A34A03BE2FC70B15 -> Supprimé(e)
[PUP][Répertoire] C:\Users\ayoub-pc\AppData\Local\Pokki -> Supprimé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 3 ¤¤¤
[PUP][CHROME:Addon] Default : Funmoods Chat [bbjciahceamgodcoidkjpchnokgfpphh] -> Supprimé(e)
[PUP][CHROME:Addon] Default : Funmoods [cjpglkicenollcignonpgiafdgfeehoj] -> ERROR [2]
[PUP][CHROME:Addon] Default : Web Navigation [lkemddiljapcmhicklfpcbpfffahfbja] -> ERROR [2]

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++
--- User ---
[MBR] dff2154c075a50bd3d891a2067205f1b
[BSP] 237f1459112b0d8ced71c5a12380c2ed : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 500 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1026048 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1640448 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1902592 | Size: 451484 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 926543872 | Size: 349 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 927258625 | Size: 23153 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 974675969 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité