Publicité
Publicité
Format du document : application/octet-stream
Prévisualisation
RogueKiller V10.8.6.0 [Jun 22 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : pc-smart-tech 2012 [Administrateur]
Démarré depuis : C:\Users\pc-smart-tech 2012\Downloads\Programs\RogueKiller.exe
Mode : Suppression -- Date : 06/24/2015 16:26:29
¤¤¤ Processus : 8 ¤¤¤
[VT.PUP.Optional.LuckyTab.A] LuckyTab.exe(1972) -- C:\Program Files\LuckyTab\LuckyTab.exe[7] VT(28) -> Tué(e) [TermProc]
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win32.Dsearch.f] YontooDesktop.exe(2436) -- C:\Users\pc-smart-tech 2012\AppData\Roaming\Yontoo\YontooDesktop.exe[-] VT(19) -> Tué(e) [TermProc]
[VT.PUP.Optional.MyPCBackup.A] MyPC Backup.exe(2692) -- C:\Program Files\MyPC Backup\MyPC Backup.exe[7] VT(19) -> Tué(e) [TermProc]
[VT.PUP.Optional.ClientConnect] ToolbarService.exe(3548) -- C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe[7] VT(17) -> Tué(e) [TermProc]
[VT.MyBackup.940] BackupStack.exe(6096) -- C:\Program Files\MyPC Backup\BackupStack.exe[7] VT(7) -> Tué(e) [TermProc]
[Suspicious.Path|VT.Unknown] rundll32.exe(1876) -- c:\progra~2\browse~3\BrowserEnhancerSvc.dll[-] -> Déchargé(e)
[Suspicious.Path|VT.Unknown] rundll32.exe(1876) -- c:\progra~2\browse~3\browse~1.dll[-] -> Déchargé(e)
[PUP|VT.PUP.Optional.ClientConnect] (SVC) TBSrv -- C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe[7] -> Arrêté(e)
¤¤¤ Registre : 32 ¤¤¤
[PUP] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {BA14329E-9550-4989-B3F2-9732E92D17CC} : C:\Users\pc-smart-tech 2012\AppData\LocalLow\Vuze_Remote\prxtbVuze.dll -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {ba14329e-9550-4989-b3f2-9732e92d17cc} : C:\Users\pc-smart-tech 2012\AppData\LocalLow\Vuze_Remote\prxtbVuze.dll -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {539F76FD-084E-4858-86D5-62F02F54AE86} : C:\Program Files\Minibar\Froggy.dll -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {ba14329e-9550-4989-b3f2-9732e92d17cc} : C:\Users\pc-smart-tech 2012\AppData\LocalLow\Vuze_Remote\prxtbVuze.dll -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files\Skillbrains\lightshot\Lightshot.exe -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" -> Supprimé(e)
[Suspicious.Path] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | rundll84 : C:\Windows\rundll84.exe [x] -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "C:\Users\pc-smart-tech 2012\AppData\Roaming\Yontoo\YontooDesktop.exe" -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | iLivid : "C:\Users\pc-smart-tech 2012\AppData\Local\iLivid\iLivid.exe" -autorun -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\pc-smart-tech 2012\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue -> Supprimé(e)
[Hj.Name] HKEY_USERS\RK_Default_ON_D_9895\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe [7] -> Supprimé(e)
[PUP|VT.MyBackup.940] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Supprimé(e)
[PUP|VT.Trojan.Win32.Generic!BT] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ProtectMonitor (C:\Program Files\PCDApp\StartHelp.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Supprimé(e)
[PUP|VT.PUP.Optional.ClientConnect] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TBSrv (C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe) -> Supprimé(e)
[PUP|VT.MyBackup.940] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Supprimé(e)
[PUP|VT.Trojan.Win32.Generic!BT] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectMonitor (C:\Program Files\PCDApp\StartHelp.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Supprimé(e)
[PUP|VT.PUP.Optional.ClientConnect] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TBSrv (C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe) -> Supprimé(e)
[PUP|VT.MyBackup.940] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Supprimé(e)
[PUP|VT.Trojan.Win32.Generic!BT] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectMonitor (C:\Program Files\PCDApp\StartHelp.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Supprimé(e)
[PUP|VT.PUP.Optional.ClientConnect] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TBSrv (C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe) -> Supprimé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.qone8.com/?type=hp&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.qone8.com/?type=hp&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.qone8.com/web/?type=ds&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.qone8.com/web/?type=ds&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
¤¤¤ Tâches : 2 ¤¤¤
[Suspicious.Path] \\4CEFD9B73D6C-1CRMOI2 -- C:\Users\pc-smart-tech (2012\AppData\Roaming\ARHome\Updater.exe) -> Non sélectionné
[Suspicious.Path] \\5FOFD9B73D6C-2CRMOI6 -- C:\Users\pc-smart-tech (2012\AppData\Roaming\ARHome\Updater.exe) -> Non sélectionné
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 149.202.28.12 pes6gate-ec.winning-eleven.net # PESGate Sixserver
[C:\Windows\System32\drivers\etc\hosts] 212.227.67.195 we9stun.winning-eleven.net # Stunserver
¤¤¤ Antirootkit : 1 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffffcb278159 (call 0x54000009)
¤¤¤ Navigateurs web : 5 ¤¤¤
[PUP][FIREFX:Addon] a8493uqy.default-1368526983656 : Vonteera Safe ads [addon@Vonteera.com] -> Non sélectionné
[PUM.Proxy][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("network.proxy.http", "118.97.147.219 "); -> Non sélectionné
[PUM.Proxy][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("network.proxy.http_port", 8080); -> Non sélectionné
[PUM.Proxy][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("network.proxy.type", 1); -> Non sélectionné
[PUM.HomePage][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("browser.startup.homepage", "http://search.gboxapp.com/"); -> Non sélectionné
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721032CLA362 +++++
--- User ---
[MBR] cb4f4345bf5f8d805f6a3851e2eb2da1
[BSP] 30ab0c520f44874048bb766f4eb6f3f1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409602048 | Size: 105243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_06242015_162244.log
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : pc-smart-tech 2012 [Administrateur]
Démarré depuis : C:\Users\pc-smart-tech 2012\Downloads\Programs\RogueKiller.exe
Mode : Suppression -- Date : 06/24/2015 16:26:29
¤¤¤ Processus : 8 ¤¤¤
[VT.PUP.Optional.LuckyTab.A] LuckyTab.exe(1972) -- C:\Program Files\LuckyTab\LuckyTab.exe[7] VT(28) -> Tué(e) [TermProc]
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win32.Dsearch.f] YontooDesktop.exe(2436) -- C:\Users\pc-smart-tech 2012\AppData\Roaming\Yontoo\YontooDesktop.exe[-] VT(19) -> Tué(e) [TermProc]
[VT.PUP.Optional.MyPCBackup.A] MyPC Backup.exe(2692) -- C:\Program Files\MyPC Backup\MyPC Backup.exe[7] VT(19) -> Tué(e) [TermProc]
[VT.PUP.Optional.ClientConnect] ToolbarService.exe(3548) -- C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe[7] VT(17) -> Tué(e) [TermProc]
[VT.MyBackup.940] BackupStack.exe(6096) -- C:\Program Files\MyPC Backup\BackupStack.exe[7] VT(7) -> Tué(e) [TermProc]
[Suspicious.Path|VT.Unknown] rundll32.exe(1876) -- c:\progra~2\browse~3\BrowserEnhancerSvc.dll[-] -> Déchargé(e)
[Suspicious.Path|VT.Unknown] rundll32.exe(1876) -- c:\progra~2\browse~3\browse~1.dll[-] -> Déchargé(e)
[PUP|VT.PUP.Optional.ClientConnect] (SVC) TBSrv -- C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe[7] -> Arrêté(e)
¤¤¤ Registre : 32 ¤¤¤
[PUP] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {BA14329E-9550-4989-B3F2-9732E92D17CC} : C:\Users\pc-smart-tech 2012\AppData\LocalLow\Vuze_Remote\prxtbVuze.dll -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {ba14329e-9550-4989-b3f2-9732e92d17cc} : C:\Users\pc-smart-tech 2012\AppData\LocalLow\Vuze_Remote\prxtbVuze.dll -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {539F76FD-084E-4858-86D5-62F02F54AE86} : C:\Program Files\Minibar\Froggy.dll -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {ba14329e-9550-4989-b3f2-9732e92d17cc} : C:\Users\pc-smart-tech 2012\AppData\LocalLow\Vuze_Remote\prxtbVuze.dll -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files\Skillbrains\lightshot\Lightshot.exe -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" -> Supprimé(e)
[Suspicious.Path] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | rundll84 : C:\Windows\rundll84.exe [x] -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "C:\Users\pc-smart-tech 2012\AppData\Roaming\Yontoo\YontooDesktop.exe" -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | iLivid : "C:\Users\pc-smart-tech 2012\AppData\Local\iLivid\iLivid.exe" -autorun -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Windows\CurrentVersion\Run | LightShot : C:\Users\pc-smart-tech 2012\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue -> Supprimé(e)
[Hj.Name] HKEY_USERS\RK_Default_ON_D_9895\Software\Microsoft\Windows\CurrentVersion\RunOnce | mctadmin : C:\Windows\System32\mctadmin.exe [7] -> Supprimé(e)
[PUP|VT.MyBackup.940] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Supprimé(e)
[PUP|VT.Trojan.Win32.Generic!BT] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ProtectMonitor (C:\Program Files\PCDApp\StartHelp.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Supprimé(e)
[PUP|VT.PUP.Optional.ClientConnect] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TBSrv (C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe) -> Supprimé(e)
[PUP|VT.MyBackup.940] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Supprimé(e)
[PUP|VT.Trojan.Win32.Generic!BT] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectMonitor (C:\Program Files\PCDApp\StartHelp.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Supprimé(e)
[PUP|VT.PUP.Optional.ClientConnect] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TBSrv (C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe) -> Supprimé(e)
[PUP|VT.MyBackup.940] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Supprimé(e)
[PUP|VT.Trojan.Win32.Generic!BT] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectMonitor (C:\Program Files\PCDApp\StartHelp.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Supprimé(e)
[PUP|VT.PUP.Optional.ClientConnect] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TBSrv (C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe) -> Supprimé(e)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.qone8.com/?type=hp&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3502829590-3005840508-1455566683-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.qone8.com/?type=hp&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.qone8.com/web/?type=ds&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.qone8.com/web/?type=ds&ts=1397665326&from=epom2&uid=HitachiXHDS721032CLA362_JPB470HC0AA9HH0AA9HHX&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
¤¤¤ Tâches : 2 ¤¤¤
[Suspicious.Path] \\4CEFD9B73D6C-1CRMOI2 -- C:\Users\pc-smart-tech (2012\AppData\Roaming\ARHome\Updater.exe) -> Non sélectionné
[Suspicious.Path] \\5FOFD9B73D6C-2CRMOI6 -- C:\Users\pc-smart-tech (2012\AppData\Roaming\ARHome\Updater.exe) -> Non sélectionné
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 149.202.28.12 pes6gate-ec.winning-eleven.net # PESGate Sixserver
[C:\Windows\System32\drivers\etc\hosts] 212.227.67.195 we9stun.winning-eleven.net # Stunserver
¤¤¤ Antirootkit : 1 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NlsAnsiCodePage : Unknown @ 0xffffffffcb278159 (call 0x54000009)
¤¤¤ Navigateurs web : 5 ¤¤¤
[PUP][FIREFX:Addon] a8493uqy.default-1368526983656 : Vonteera Safe ads [addon@Vonteera.com] -> Non sélectionné
[PUM.Proxy][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("network.proxy.http", "118.97.147.219 "); -> Non sélectionné
[PUM.Proxy][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("network.proxy.http_port", 8080); -> Non sélectionné
[PUM.Proxy][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("network.proxy.type", 1); -> Non sélectionné
[PUM.HomePage][FIREFX:Config] a8493uqy.default-1368526983656 : user_pref("browser.startup.homepage", "http://search.gboxapp.com/"); -> Non sélectionné
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721032CLA362 +++++
--- User ---
[MBR] cb4f4345bf5f8d805f6a3851e2eb2da1
[BSP] 30ab0c520f44874048bb766f4eb6f3f1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409602048 | Size: 105243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_06242015_162244.log