cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V12.3.8.0 [Jul 11 2016] (Premium) (H'37) (1F'E, Adlice
'D(1J/ 'D%DC*1HFJ : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
'DEHB9 : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

F8'E 'D*4:JD : Windows 10 (10.0.10586) 64 bits version
J(/# AJ : 'DH69 'D7(J9J
'DE3*./E : mohamed [E3$HD]
Started from : C:\Users\mohamed\Desktop\RogueKiller.exe
'DH69 : A-5 -- 'DJHE : 07/17/2016 22:09:13

¤¤¤ 'D9EDJ) : 0 ¤¤¤

¤¤¤ 'DE3,D : 59 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon | (default) : {B7667919-3765-4815-A66D-98A09BE662D6} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-1c-10-ff-8e-6b -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-66-4b-02-49-25 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\02-08-22-48-14-01 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\58-2a-f7-17-8d-29 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-81-58-fd-e8-a5 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\62-d9-a0-17-f6-55 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\70-9f-2d-81-aa-dc -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\76-04-2b-6a-68-8f -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-e8-b6-89-1d-e9 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-a7-b7-45-84-bc -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-a7-b7-45-84-bc_{WWAN-D00AA0AC-5A6E-4001-B586-E4B72BECDC19} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-ce-f6-cd-32-55 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-09-d8-6a-50-47 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{WWAN-D00AA0AC-5A6E-4001-B586-E4B72BECDC19} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-1c-10-ff-8e-6b -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-66-4b-02-49-25 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\02-08-22-48-14-01 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\58-2a-f7-17-8d-29 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-81-58-fd-e8-a5 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\62-d9-a0-17-f6-55 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\70-9f-2d-81-aa-dc -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\76-04-2b-6a-68-8f -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-e8-b6-89-1d-e9 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-a7-b7-45-84-bc -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-a7-b7-45-84-bc_{WWAN-D00AA0AC-5A6E-4001-B586-E4B72BECDC19} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-ce-f6-cd-32-55 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-09-d8-6a-50-47 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{WWAN-D00AA0AC-5A6E-4001-B586-E4B72BECDC19} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5a-d2-e0-71-c5-21 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-e8-b6-89-1d-e9 -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-e8-b6-89-1d-e9_94-a7-b7-45-84-bc -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-a7-b7-45-84-bc -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{09241B38-4822-456B-8A70-DA5158A8C8C3} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1CF43377-0B81-4EF0-939B-59DBE94D943C} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{266DC668-1D39-4795-BC77-AF4245B6FAE6} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{296079F1-D905-490B-878D-4409A28F9EE6} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E7A2F14B-AB07-45E8-9B23-96AAD0F26A82} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E7A2F14B-AB07-45E8-9B23-96AAD0F26A82}_{FE4856A2-BC5E-4522-9EA5-78A9F4FA0F07} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FE4856A2-BC5E-4522-9EA5-78A9F4FA0F07} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5a-d2-e0-71-c5-21 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-e8-b6-89-1d-e9 -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-e8-b6-89-1d-e9_94-a7-b7-45-84-bc -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-a7-b7-45-84-bc -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{09241B38-4822-456B-8A70-DA5158A8C8C3} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1CF43377-0B81-4EF0-939B-59DBE94D943C} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{266DC668-1D39-4795-BC77-AF4245B6FAE6} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{296079F1-D905-490B-878D-4409A28F9EE6} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E7A2F14B-AB07-45E8-9B23-96AAD0F26A82} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E7A2F14B-AB07-45E8-9B23-96AAD0F26A82}_{FE4856A2-BC5E-4522-9EA5-78A9F4FA0F07} -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FE4856A2-BC5E-4522-9EA5-78A9F4FA0F07} -> H,/
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | WpadLastNetwork : -> H,/
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | WpadLastNetwork : -> H,/
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 163.121.128.134 163.121.128.135 ([Egypt][X]) -> H,/
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 163.121.128.134 163.121.128.135 ([Egypt][Egypt]) -> H,/
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7ec55b19-4fb7-4dae-8852-2fdafd745033} | DhcpNameServer : 163.121.128.134 163.121.128.135 ([Egypt][X]) -> H,/
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7ec55b19-4fb7-4dae-8852-2fdafd745033} | DhcpNameServer : 163.121.128.134 163.121.128.135 ([Egypt][X]) -> H,/
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> H,/
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3544706222-1499703263-3937389962-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> H,/

¤¤¤ 'DEG'E : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\FMlXBFGOvv1tGB.job -- C:\Users\mohamed\AppData\Roaming\FMlXBFGOvv1tGB.exe (--c=rv1vQ2jfKl+ngdXC7MaX6VGWHaAZKjyEgtshZKYPFoOJ6z1BDOk+UpgEvO32fTyyYhg6CcxVnFKkMufBOoTAVNIVkCbXWaN7DFolIbOmdNSwbZZJJHFpwr1XdXsapmyYykphyTIXNel94qmEOAm2dazMXSiGwVymnHeb3DhGQNY2XEydDCPWI2uxwCgquxU2pjtaua7JpJz1pfczrqUk4C/U3lxs4GSxlc3Imtxwn9bvZm9RJg3NWjmiIjy1o2BK7G4zj6BVPM6dbci/C1I3aAgfP0BD23Fi//pSnIDPnXlspTDlxKB1JvEu+TlMmrIH39gYWmp1jLeS6TzBOwLz2Q==) -> H,/
[Suspicious.Path] \FMlXBFGOvv1tGB -- C:\Users\mohamed\AppData\Roaming\FMlXBFGOvv1tGB.exe (--c=rv1vQ2jfKl+ngdXC7MaX6VGWHaAZKjyEgtshZKYPFoOJ6z1BDOk+UpgEvO32fTyyYhg6CcxVnFKkMufBOoTAVNIVkCbXWaN7DFolIbOmdNSwbZZJJHFpwr1XdXsapmyYykphyTIXNel94qmEOAm2dazMXSiGwVymnHeb3DhGQNY2XEydDCPWI2uxwCgquxU2pjtaua7JpJz1pfczrqUk4C/U3lxs4GSxlc3Imtxwn9bvZm9RJg3NWjmiIjy1o2BK7G4zj6BVPM6dbci/C1I3aAgfP0BD23Fi//pSnIDPnXlspTDlxKB1JvEu+TlMmrIH39gYWmp1jLeS6TzBOwLz2Q==) -> H,/

¤¤¤ 'DEDA'* : 1 ¤¤¤
[PUP][EDA] C:\Program Files (x86)\Tencent -> H,/

¤¤¤ EDA 'DGH3* : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: DE J*E 'D*-EJD [0xc000036b]) ¤¤¤

¤¤¤ 'DE*5A- : 0 ¤¤¤

¤¤¤ A-5 'D MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 SCSI Disk Device +++++
--- User ---
[MBR] 668832241c3a074ff574cb322217688d
[BSP] 2aa41e0008778f7e5ab0cf9bd245ef6b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 149649 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307200000 | Size: 400000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1126400000 | Size: 403868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Publicité


Signaler le contenu de ce document

Publicité