cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.3.8.0 [Jul 11 2016] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 10 (10.0.10586) 64 bits version
Démarré en : Mode normal
Utilisateur : Tech [Administrateur]
Démarré depuis : C:\Users\Tech\Downloads\RogueKiller.exe
Mode : Scan -- Date : 07/14/2016 10:56:52

¤¤¤ Processus : 3 ¤¤¤
[Proc.RunPE] IntelCpHeciSvc.exe(1904) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe[7] -> Trouvé(e)
[Suspicious.Path] service90132.exe(4952) -- C:\Users\Tech\AppData\Roaming\UPUpdata\service90132.exe[x] -> Trouvé(e)
[Suspicious.Path|VT.Gen:Variant.Strictor.109733] THREADAPP.exe(3032) -- C:\Users\Tech\AppData\Roaming\THREADAPP.exe[-] -> Trouvé(e)

¤¤¤ Registre : 17 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\FastCompress-Zip -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | USB Gamepad : C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot [x][x][x][x] -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | apphide : C:\Program Files (x86)\badu\uc.exe [-] -> Trouvé(e)
[Suspicious.Path|VT.Gen:Variant.Strictor.109733] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | EYAN : C:\Users\Tech\AppData\Roaming\THREADAPP.exe [-] -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-1365463291-4261448590-1313989290-1001\Software\Microsoft\Windows\CurrentVersion\Run | apphide : C:\Program Files (x86)\badu\uc.exe [-] -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1365463291-4261448590-1313989290-1001\Software\Microsoft\Windows\CurrentVersion\Run | QGuan10in12 : C:\Users\Tech\AppData\Roaming\UPUpdata\service90132.exe /autorun [x][x] -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-1365463291-4261448590-1313989290-1001\Software\Microsoft\Windows\CurrentVersion\Run | apphide : C:\Program Files (x86)\badu\uc.exe [-] -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1365463291-4261448590-1313989290-1001\Software\Microsoft\Windows\CurrentVersion\Run | QGuan10in12 : C:\Users\Tech\AppData\Roaming\UPUpdata\service90132.exe /autorun [x][x] -> Trouvé(e)
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UCGuard (system32\DRIVERS\ucguard.sys) -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a4-b1-e9-bd-b4-a8 -> Trouvé(e)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-11-73-a2-b1-33 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a4-b1-e9-bd-b4-a8 -> Trouvé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-11-73-a2-b1-33 -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Generic.15325278] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Generic.15325278] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Generic.15325278] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)
[Suspicious.Path|VT.Trojan.Generic.15325278] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)

¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] \tasklist -- C:\Users\Tech\AppData\Roaming\UPUpdata\service90132.exe (/autorun) -> Trouvé(e)

¤¤¤ Fichiers : 3 ¤¤¤
[PUP][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastCompress-Zip\FastCompress-Zip File Manager.lnk [LNK@] C:\PROGRA~2\FASTCO~1\FM.exe -> Trouvé(e)
[PUP][Répertoire] C:\Program Files (x86)\FastCompress-Zip -> Trouvé(e)
[PUP][Répertoire] C:\Program Files (x86)\WeatherChickn -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000036b]) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM021-1KJ152 +++++
--- User ---
[MBR] 1655fdd86f0e37658d5f3278b8bbc341
[BSP] 76d52ea5f9342268834326f89bb13fd9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 256438 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 526211072 | Size: 220000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité