cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V12.4.2.0 [Aug 1 2016] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7600) 32 bits version
Démarré en : Mode normal
Utilisateur : GI [Administrateur]
Démarré depuis : C:\Users\GI\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/02/2016 23:51:50

¤¤¤ Processus : 1 ¤¤¤
[Suspicious.Path|Proc.RunPE] HPReyosSrv.exe(2280) -- C:\Users\GI\AppData\Roaming\HPReyos\HPReyosSrv.exe[-] -> Trouvé(e)

¤¤¤ Registre : 43 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} (C:\Program Files\¿ìѹ\X86\KZipShell.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (C:\Program Files\Conduit\Community Alerts\Alert.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} (C:\Program Files\¿ìѹ\X86\KZipShell.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} (C:\Program Files\¿ìѹ\X86\KZipShell.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{7B286609-DA97-47E1-AC6B-33B8B4732C95} (C:\Program Files\ZipTool\JZipExt.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} (C:\Program Files\¿ìѹ\X86\KZipShell.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} (C:\Program Files\¿ìѹ\X86\KZipShell.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\ByteFence -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Conduit -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\FastCompress-Zip -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\ZipTool -> Trouvé(e)
[PUP] HKEY_USERS\.DEFAULT\Software\KuaiZip -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\AutoTime -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\ByteFence -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\csastats -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\FastCompress-Zip -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\Installer -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\KuaiZip -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\KuaiZipSFX -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\ProductSetup -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\SNDA -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\UCBrowserPID -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\ZipTool -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-18\Software\KuaiZip -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\AppDataLow\Toolbar -> Trouvé(e)
[PUP] HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\AppDataLow\Software\Conduit -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-1613260624-1593918707-2081404711-1000\Software\AppDataLow\Software\PriceGong -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZipTool -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\JzShlobj | (default) : {7B286609-DA97-47E1-AC6B-33B8B4732C95} (C:\Program Files\ZipTool\JZipExt.dll) -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj | (default) : {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} (C:\Program Files\¿ìѹ\X86\KZipShell.dll) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 198.153.192.50 198.153.194.50 ([-][United States]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 198.153.192.50 198.153.194.50 ([-][United States]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 198.153.192.50 198.153.194.50 ([-][United States]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6471B508-09D9-45AC-A461-EC3E9CB99472} | DhcpNameServer : 198.153.192.50 198.153.194.50 ([-][United States]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3DBC9B4-C32A-431E-AA0F-874DFA5BDECF} | DhcpNameServer : 172.20.10.1 ([]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6471B508-09D9-45AC-A461-EC3E9CB99472} | DhcpNameServer : 198.153.192.50 198.153.194.50 ([-][United States]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F3DBC9B4-C32A-431E-AA0F-874DFA5BDECF} | DhcpNameServer : 172.20.10.1 ([]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6471B508-09D9-45AC-A461-EC3E9CB99472} | DhcpNameServer : 198.153.192.50 198.153.194.50 ([-][United States]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F3DBC9B4-C32A-431E-AA0F-874DFA5BDECF} | DhcpNameServer : 172.20.10.1 ([]) -> Trouvé(e)

¤¤¤ Tâches : 2 ¤¤¤
[Suspicious.Path] \svchost -- C:\Users\GI\AppData\Local\Temp\AutoTime51495.exe (/autorun) -> Trouvé(e)
[Suspicious.Path] \tasklist -- C:\Users\GI\AppData\Roaming\service51495.exe (/autorun) -> Trouvé(e)

¤¤¤ Fichiers : 12 ¤¤¤
[PUP][Fichier] C:\Users\GI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [LNK@] C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe --load-extension="C:\Users\GI\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://yeabests.cc -> Trouvé(e)
[PUP][Fichier] C:\Users\GI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://yeabests.cc -> Trouvé(e)
[PUP][Répertoire] C:\Users\GI\AppData\Roaming\Kuaizip -> Trouvé(e)
[PUP][Fichier] C:\Users\GI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [LNK@] C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe --load-extension="C:\Users\GI\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://yeabests.cc -> Trouvé(e)
[PUP][Fichier] C:\Users\GI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://yeabests.cc -> Trouvé(e)
[PUP][Répertoire] C:\Users\GI\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk -> Trouvé(e)
[PUP][Répertoire] C:\ProgramData\ByteFence -> Trouvé(e)
[PUP][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware -> Trouvé(e)
[PUP][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress -> Trouvé(e)
[PUP][Répertoire] C:\Program Files\ByteFence -> Trouvé(e)
[PUP][Répertoire] C:\Program Files\ZipTool -> Trouvé(e)
[PUP][Fichier] C:\Users\GI\AppData\Roaming\Mozilla\Firefox\Profiles\afmp2hdh.default\searchplugins\bingp.xml -> Trouvé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 3 ¤¤¤
[PUP][FIREFX:Addon] afmp2hdh.default : Fast search v 0.25 [{d720d64d-c71a-4316-b59e-8a41b860178f}] -> Trouvé(e)
[PUP][CHROME:Addon] Default : MSN Homepage & Bing Search Engine [fcfenmboojpjinhpgggodefccipikbpd] -> Trouvé(e)
[PUP][CHROME:Addon] Default : [leenkjhmbcgekojlkimcbodmniopgfnp] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD800BB-00JHC0 ATA Device +++++
--- User ---
[MBR] 7afebc1461d2e0ad75c5c803640772c0
[BSP] 73e5143fa7c79432dc441e27890f6c27 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76316 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3250318AS ATA Device +++++
--- User ---
[MBR] 8769136d3e7b6cf239161d5f1a0c1c38
[BSP] cf1f8d03822f6aea2b5712cd6f3f518f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 205770752 | Size: 70999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 351176704 | Size: 67000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Publicité

Signaler le contenu de ce document

Publicité