rk-76A6.tmp.txt

Document joint : FCis4iIjXej_rk-76A6.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.0.1.0 (x64) [Mar 7 2016] (Gratuit) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Ali Chekir [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/08/2016 19:51:52

¤¤¤ Processus : 9 ¤¤¤
[Suspicious.Path|Proc.Injected|VT.Unknown] ibsvc.exe(668) -- C:\ProgramData\IBUpdaterService\ibsvc.exe[x] -> Trouvé(e)
[Suspicious.Path|VT.not-a-virus:Downloader.Win32.Somato.h] update_checker.exe(3796) -- C:\Users\Ali Chekir\AppData\Local\FilesFrog Update Checker\update_checker.exe[x] -> Trouvé(e)
[VT.W32.Application.Gen!c] SPMSmartScan.exe(4324) -- C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe[x] -> Trouvé(e)
[VT.PUP.Optional.MyPCBackup] MyPC Backup.exe(4336) -- C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe[x] -> Trouvé(e)
[VT.PUP.Optional.SweetIM] SweetIM.exe(4656) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[x] -> Trouvé(e)
[VT.PUP.Optional.SweetIM] SweetPacksUpdateManager.exe(4752) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[x] -> Trouvé(e)
[VT.PUP.Optional.MyPCBackup] BackupStack.exe(7012) -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe[x] -> Trouvé(e)
[PUP|VT.PUP.Optional.MyPCBackup] (SVC) BackupStack -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe[x] -> Trouvé(e)
[PUP|VT.TrojanDownloader:Win32/Brantall!rfn] (SVC) IBUpdaterService -- "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE[x] -> Trouvé(e)

¤¤¤ Registre : 53 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\ShopperPro -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\YTDownloader -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AnySend -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Babylon -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\ChatZum Toolbar -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\DataMngr -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\InstalledBrowserExtensions -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Object Browser -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SafetyNut -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\ShopperPro -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SimilarSites -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Softonic -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SweetIM -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Vittalia -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7} -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {5018CFD2-804D-4C99-9F81-25EAEA2769DE} : Softonic Toolbar -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {EEE6C35B-6118-11DC-9C72-001320C79847} : -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {FE69C007-C452-4d3e-86D2-1730DF8BC871} : SimilarSites Toolbar -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {82E1477C-B154-48D3-9891-33D83C26BCD3} : Delta Toolbar -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {FE69C007-C452-4d3e-86D2-1730DF8BC871} : -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {FE69C007-C452-4d3e-86D2-1730DF8BC871} : -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {FE69C007-C452-4d3e-86D2-1730DF8BC871} : -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SweetIM : C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [7] -> Trouvé(e)
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Sweetpacks Communicator : C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [7] -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Windows\CurrentVersion\Run | PC Speed Maximizer : C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [7] -> Trouvé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb : "C:\Users\Ali Chekir\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [7][x] -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Windows\CurrentVersion\Run | PC Speed Maximizer : C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [7] -> Trouvé(e)
[PUP] (X86) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb : "C:\Users\Ali Chekir\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [7][x] -> Trouvé(e)
[PUP|VT.PUP.Optional.MyPCBackup] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackupStack (C:\Program Files (x86)\MyPC Backup\BackupStack.exe) -> Trouvé(e)
[PUP|Suspicious.Path|VT.TrojanDownloader:Win32/Brantall!rfn] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> Trouvé(e)
[PUP|VT.PUP.Optional.MyPCBackup] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BackupStack (C:\Program Files (x86)\MyPC Backup\BackupStack.exe) -> Trouvé(e)
[PUP|Suspicious.Path|VT.TrojanDownloader:Win32/Brantall!rfn] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> Trouvé(e)
[PUP|VT.PUP.Optional.MyPCBackup] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack (C:\Program Files (x86)\MyPC Backup\BackupStack.exe) -> Trouvé(e)
[PUP|Suspicious.Path|VT.TrojanDownloader:Win32/Brantall!rfn] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 193.95.59.20 193.95.57.20 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 193.95.59.20 193.95.57.20 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 193.95.59.20 193.95.57.20 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA3EDE55-C15D-44F3-98D4-29A8603A2603} | DhcpNameServer : 193.95.59.20 193.95.57.20 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AA3EDE55-C15D-44F3-98D4-29A8603A2603} | DhcpNameServer : 193.95.59.20 193.95.57.20 ([-][X]) -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AA3EDE55-C15D-44F3-98D4-29A8603A2603} | DhcpNameServer : 193.95.59.20 193.95.57.20 ([-][X]) -> Trouvé(e)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trouvé(e)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3857400047-4172536677-2676010285-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trouvé(e)

¤¤¤ Tâches : 4 ¤¤¤
[Suspicious.Path|VT.W32.Application.Agent!c] \EPUpdater -- C:\Users\ALICHE~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe -> Trouvé(e)
[Suspicious.Path|VT.not-a-virus:WebToolbar.Win32.Agent.bzk] \ShdUpdate -- "C:\Users\Ali Chekir\AppData\Local\ShdUpdate\shupd.exe" (/shtsk) -> Trouvé(e)
[Suspicious.Path] \Shop-wit -- C:\Users\Ali (Chekir\AppData\Local\shopwit\shopwit\1.3.6.10\shopwit.exe MyCmd) -> Trouvé(e)
[Suspicious.Path|VT.not-a-virus:Downloader.Win32.Somato.h] \SomotoUpdateCheckerAutoStart -- C:\Users\Ali Chekir\AppData\Local\FilesFrog Update Checker\update_checker.exe (/auto) -> Trouvé(e)

¤¤¤ Fichiers : 5 ¤¤¤
[PUP][Fichier] C:\Users\Ali Chekir\AppData\Roaming\cacaoweb\cacaoweb.exe -> Trouvé(e)
[PUP][Fichier] C:\Users\Ali Chekir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard\Uninstall BitGuard.lnk [LNK@] C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe /Uninstall /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} /um -> Trouvé(e)
[PUP][Répertoire] C:\Users\Ali Chekir\AppData\Roaming\OpenCandy -> Trouvé(e)
[Hj.Name][Fichier] C:\Users\Ali Chekir\AppData\Roaming\winlogon.exe -> Trouvé(e)
[PUP][Répertoire] C:\Users\Ali Chekir\AppData\Local\Flvto Youtube Downloader -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0x0]) ¤¤¤

¤¤¤ Navigateurs web : 6 ¤¤¤
[PUP][FIREFX:Addon] iyspi79j.default : Similar Sites - Find The Best Related Websites [{E71B541F-5E72-5555-A47C-E47863195841}] -> Trouvé(e)
[PUP][FIREFX:Addon] iyspi79j.default : cacaoweb [cacaoweb@cacaoweb.org] -> Trouvé(e)
[PUP][FIREFX:Addon] iyspi79j.default : Delta Toolbar [ffxtlbr@delta.com] -> Trouvé(e)
[PUP][FIREFX:Addon] iyspi79j.default : GoPhotoIt [gophoto@gophoto.it] -> Trouvé(e)
[PUP][FIREFX:Addon] iyspi79j.default : Speed Analysis 2 [speedanalysis02@SpeedAnalysis.com] -> Trouvé(e)
[PUP][FIREFX:Addon] iyspi79j.default : Shopper-Pro [{746505DC-0E21-4667-97F8-72EA6BCF5EEF}] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++
--- User ---
[MBR] 608ef6465f544683cca7cef13d4afd25
[BSP] 344146624988f43bf2a272162535e156 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 276711 MB
3 - [MAN-MOUNT] Basic data partition | Offset (sectors): 567173120 | Size: 200000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: USB 2.0 USB Flash Drive USB Device +++++
--- User ---
[MBR] a24cabc9c3c002535f0c609414aac205
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 56 | Size: 3894 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Signaler le contenu de ce document