cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.3.8.0 (x64) [Jul 11 2016] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 10 (10.0.10240) 64 bits version
Démarré en : Mode normal
Utilisateur : pompido [Administrateur]
Démarré depuis : C:\Users\ayoub\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 07/12/2016 19:52:57

¤¤¤ Processus : 1 ¤¤¤
[VT.Patched3_c.BWLA] KMS Server Service.exe(7624) -- C:\WINDOWS\KMSServerService\KMS Server Service.exe[-] -> Trouvé(e)

¤¤¤ Registre : 19 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SmdmF -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} [x] -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} [x] -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} [x] -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} [x] -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} [x] -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} [x] -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gkernel (\??\C:\Users\ayoub\AppData\Local\Temp\gkernel.sys) -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkernel (\??\C:\Users\ayoub\AppData\Local\Temp\gkernel.sys) -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0c-b3-19-34-48-63 -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\50-a4-c8-c1-b3-b1 -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-b1-0a-34-68-9b -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a4-b1-e9-98-90-b1 -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a4-b1-e9-cf-5f-41 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0c-b3-19-34-48-63 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\50-a4-c8-c1-b3-b1 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-b1-0a-34-68-9b -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a4-b1-e9-98-90-b1 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a4-b1-e9-cf-5f-41 -> Trouvé(e)

¤¤¤ Tâches : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\Chromium.job -- C:\Users\ayoub\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Trouvé(e)
[Suspicious.Path] \Chromium -- C:\Users\ayoub\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Trouvé(e)

¤¤¤ Fichiers : 1 ¤¤¤
[PUP][Répertoire] C:\Program Files (x86)\GreenTree Applications -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 2 ¤¤¤
[PUP][FIREFX:Addon] e3v3i08p.default : Invite All (for Facebook) [jid0-zs24wecdcQo0Lp18D7QOV4WSZFo@jetpack] -> Trouvé(e)
[PUP][CHROME:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-60V0TT0 +++++
--- User ---
[MBR] d9644f0a4f367e9c351dd22796edba4d
[BSP] bc88146668d0a571e3c04b5048688c5c : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 461305 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 946370560 | Size: 861 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 948133888 | Size: 13979 MB
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité