rk-B80B.tmp.txt

Document joint : FLxxAs5FXvY_rk-B80B.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.8.6.0 [Dec 19 2016] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : adil [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Suppression -- Date : 12/23/2016 22:28:41 (Durée : 00:37:11)

¤¤¤ Processus : 3 ¤¤¤
[Suspicious.Path|PUP.Elex|VT.PUP.Optional.Elex] service.exe(2252) -- C:\ProgramData\service.exe[-] -> Tué(e) [TermProc]
[PUP|VT.PUP.Optional.Elex] (SVC) GoogleChromeUpService -- C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br[-] -> ERROR [6d]
[PUP|VT.Generic.2EE] (SVC) KuaiZipDrive -- \??\C:\Windows\system32\drivers\KuaiZipDrive.sys[7] -> ERROR [41c]

¤¤¤ Registre : 61 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} (C:\Users\adil\AppData\Local\MEGAsync\ShellExtX32.dll) -> Supprimé(e)
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} (C:\Users\adil\AppData\Local\MEGAsync\ShellExtX32.dll) -> Supprimé(e)
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} (C:\Users\adil\AppData\Local\MEGAsync\ShellExtX32.dll) -> Supprimé(e)
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} (C:\Users\adil\AppData\Local\MEGAsync\ShellExtX32.dll) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} (C:\Program Files\???¹\X86\KZipShell.dll) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} (C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\MP4Splitter.ax) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} (C:\Program Files\???¹\X86\KZipShell.dll) -> Supprimé(e)
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\adil\AppData\Local\Temp\HYDA019.tmp.1480459284\HTA\3rdparty\FS.ocx) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} (C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\MP4Splitter.ax) -> Supprimé(e)
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{63D1FFE6-AB7C-11E6-9031-64006A5CFC23} (C:\Users\adil\AppData\Roaming\Coerderingclepaing\Drdopy.dll) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} (C:\Program Files\???¹\X86\KZipShell.dll) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982} ("C:\Users\adil\AppData\Local\Temp\f.exe") -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} (C:\Program Files\???¹\X86\KZipShell.dll) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} (C:\Program Files\???¹\X86\KZipShell.dll) -> Supprimé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} (C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\MP4Splitter.ax) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\jhdbca -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Maoha -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Reimage -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\SecureWeb -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\SecureWebChannel -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\SmdmF -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\trotuxSoftware -> Supprimé(e)
[PUP] HKEY_USERS\.DEFAULT\Software\jhdbca -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\InstallCore -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\Installer -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\KuaiZip -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\KuaiZipSFX -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\Linkey -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\Maoha -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\One System Care -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\SNDA -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\TeleCharger -> Supprimé(e)
[PUP] HKEY_USERS\S-1-5-18\Software\jhdbca -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C} (C:\Users\adil\AppData\Local\MEGAsync\ShellExtX32.dll) [x] -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) | (default) : {05B38830-F4E9-4329-978B-1DD28605D202} (C:\Users\adil\AppData\Local\MEGAsync\ShellExtX32.dll) [x] -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637} (C:\Users\adil\AppData\Local\MEGAsync\ShellExtX32.dll) [x] -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj | (default) : {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} (C:\Program Files\???¹\X86\KZipShell.dll) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {63D1FFE6-AB7C-11E6-9031-64006A5CFC23} : (C:\Users\adil\AppData\Roaming\Coerderingclepaing\Drdopy.dll) [x] -> Supprimé(e)
[Ransom.Hydra] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\Microsoft\Windows\CurrentVersion\Run | {E53C7FA9-4AF0-45AD-9A54-E8D3A732F8E1} : C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\pqEJtQAAoIa').qLkQ))); [x] -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | kuaizipupdatesvc : (C:\Program Files\???¹\X86\kuaizipUpdateChecker.dll) [x] -> Supprimé(e)
[PUP|Suspicious.Path|PUP.Elex|VT.PUP.Optional.Elex] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GoogleChromeUpService (C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br) -> Supprimé(e)
[PUP|VT.Generic.2EE] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KuaiZipDrive (\??\C:\Windows\system32\drivers\KuaiZipDrive.sys) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KuaizipUpdateChecker (C:\Program Files\???¹\X86\kuaizipUpdateChecker.dll) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MaohaWifiNetPro (\??\C:\Program Files\Maoha\MaohaAP\MaoHaWiFiNet.sys) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MaohaWifiSvr (C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PrivoxyService ("C:\Program Files\SmartComp Safe Network\privoxy.exe" --service) -> Supprimé(e)
[PUP|Suspicious.Path|PUP.Elex|VT.PUP.Optional.Elex] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GoogleChromeUpService (C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51495 /local:br) -> Supprimé(e)
[PUP|VT.Generic.2EE] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KuaiZipDrive (\??\C:\Windows\system32\drivers\KuaiZipDrive.sys) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KuaizipUpdateChecker (C:\Program Files\???¹\X86\kuaizipUpdateChecker.dll) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MaohaWifiNetPro (\??\C:\Program Files\Maoha\MaohaAP\MaoHaWiFiNet.sys) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MaohaWifiSvr (C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe) -> Supprimé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PrivoxyService ("C:\Program Files\SmartComp Safe Network\privoxy.exe" --service) -> Supprimé(e)
[PUM.Proxy] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 110.10.21.1:3128 -> Supprimé(e)
[PUM.Proxy] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 110.10.21.1:3128 -> Supprimé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1182869431-2357220533-65512623-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34494862-8DB0-4E2F-A01C-F73E15C8CFCE} | DhcpNameServer : 41.214.140.4 41.214.140.5 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B9588FC1-D94E-44FF-A1DA-88DB370B99F6} | NameServer : 67.150.159.13,67.150.159.15 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D3A46325-89D0-4990-83B6-810E5F89BD0D} | DhcpNameServer : 10.111.0.10 ([X]) -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34494862-8DB0-4E2F-A01C-F73E15C8CFCE} | DhcpNameServer : 41.214.140.4 41.214.140.5 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B9588FC1-D94E-44FF-A1DA-88DB370B99F6} | NameServer : 67.150.159.13,67.150.159.15 ([X][X]) -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D3A46325-89D0-4990-83B6-810E5F89BD0D} | DhcpNameServer : 10.111.0.10 ([X]) -> Remplacé(e) ()

¤¤¤ Tâches : 2 ¤¤¤
[PUP] \LaunchSignup -- C:\Program Files\MyPC Backup\Signup Wizard.exe (frompopup) -> Supprimé(e)
[PUP] \SmartComp Safe Network Viewer -- C:\Program Files\SmartComp Safe Network\msnworker.exe -> Supprimé(e)

¤¤¤ Fichiers : 8 ¤¤¤
[PUP.Elex][Fichier] C:\ProgramData\service.exe -> Supprimé(e)
[PUP][Fichier] C:\Windows\Reimage.ini -> Supprimé(e)
[PUP][Répertoire] C:\Users\adil\AppData\Roaming\FirefoxToolbar -> Supprimé(e)
[PUP][Répertoire] C:\Users\adil\AppData\Roaming\FirefoxToolbar\Settings Manager -> Supprimé(e)
[PUP][Répertoire] C:\Users\adil\AppData\Roaming\KuaiZip -> Supprimé(e)
[PUP][Fichier] C:\Users\adil\AppData\Roaming\KuaiZip\report_config.txt -> Supprimé(e)
[PUP][Répertoire] C:\Users\adil\AppData\Roaming\OpenCandy -> Supprimé(e)
[PUP][Fichier] C:\Users\adil\AppData\Roaming\OpenCandy\3AB46A7175DD4B1BBC5D0B974E71D7F0\SkypeSetupFull-6.18.0.106.exe -> Supprimé(e)
[PUP][Répertoire] C:\Users\adil\AppData\Roaming\OpenCandy\3AB46A7175DD4B1BBC5D0B974E71D7F0 -> Supprimé(e)
[PUP][Répertoire] C:\Users\adil\AppData\Roaming\OpenCandy\OpenCandy_3AB46A7175DD4B1BBC5D0B974E71D7F0 -> Supprimé(e)
[Tr.Generic][Fichier] C:\Users\adil\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Supprimé(e)
[Tr.Generic][Fichier] C:\Users\adil\AppData\Local\Temp\0.txt -> Supprimé(e)
[PUP.Elex][Fichier] C:\ProgramData\service.exe -> Supprimé(e) au redémarrage [2]

¤¤¤ WMI : 1 ¤¤¤
[PUP.Yeahbests] instance (ActiveScriptEventConsumer) \ROOT\subscription:ActiveScriptEventConsumer.Name="ASEC" -> Supprimé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 ATA Device +++++
--- User ---
[MBR] f05d48e163aa36343935766c6c13808c
[BSP] 2f08c833d62ee85cd4f2ecc1bbac31bf : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 311502848 | Size: 324838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: HUAWEI SD Storage USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Signaler le contenu de ce document