rk-531A.tmp.txt

Document joint : GAtwfdqChWR_rk-531A.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.9.4.0 (x64) [Jan 16 2017] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 10 (10.0.14393) 64 bits version
Démarré en : Mode normal
Utilisateur : MOHPC [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/19/2017 22:38:58 (Durée : 00:24:53)

¤¤¤ Processus : 2 ¤¤¤
[PUP.Gen0|PUP.Gen1|Suspicious.Path|Proc.Injected|VT.not-a-virus:WebToolbar.Win32.Linkury.aps] CloudPrinter.exe(3000) -- C:\ProgramData\CloudPrinter\CloudPrinter.exe[-] -> Trouvé(e)
[PUP.Gen0|VT.not-a-virus:WebToolbar.Win32.Linkury.aps] (SVC) CloudPrinter -- C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a[-] -> Trouvé(e)

¤¤¤ Registre : 14 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll) -> Trouvé(e)
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE} (C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll) -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Distromatic -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\DriverToolkit -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Distromatic -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\DriverToolkit -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Assistant -> Trouvé(e)
[PUP.Gen0|PUP.Gen1|Suspicious.Path|VT.not-a-virus:WebToolbar.Win32.Linkury.aps] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://forum.kooora.com/f.aspx?f=119 -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://forum.kooora.com/f.aspx?f=119 -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFolvddZyMlFK6K0Hlz6ELDNiCNKYYmQDBRXVc_6_W88Y8irPLTXhMdH85Ic5_1khlBDaDW7KGT7NOPiCilcxlj8Ua7xPQcIy2ZrbIC0SR9Ja2_4g73tLqcPN--2Ktpgjw_UJHha-gC7iJoZmKKYgB5TjFlu1czr3&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFolvddZyMlFK6K0Hlz6ELDNiCNKYYmQDBRXVc_6_W88Y8irPLTXhMdH85Ic5_1khlBDaDW7KGT7NOPiCilcxlj8Ua7xPQcIy2ZrbIC0SR9Ja2_4g73tLqcPN--2Ktpgjw_UJHha-gC7iJoZmKKYgB5TjFlu1czr3&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFolvddZyMlFK6K0Hlz6ELDNiCNKYYmQDBRXVc_6_W88Y8irPLTXhMdH85Ic5_1khlBDaDW7KGT7NOPiCilcxlj8Ua7xPQcIy2ZrbIC0SR9Ja2_4g73tLqcPN--2Ktpgjw_UJHha-gC7iJoZmKKYgB5TjFlu1czr3&q={searchTerms} -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2332951298-1162863722-1781813760-1002\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFolvddZyMlFK6K0Hlz6ELDNiCNKYYmQDBRXVc_6_W88Y8irPLTXhMdH85Ic5_1khlBDaDW7KGT7NOPiCilcxlj8Ua7xPQcIy2ZrbIC0SR9Ja2_4g73tLqcPN--2Ktpgjw_UJHha-gC7iJoZmKKYgB5TjFlu1czr3&q={searchTerms} -> Trouvé(e)

¤¤¤ Tâches : 2 ¤¤¤
[PUP.Gen0|PUP.Gen1] %WINDIR%\Tasks\DriverToolkit Autorun.job -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (--autorun) -> Trouvé(e)
[PUP.Gen1] \DriverToolkit Autorun -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (--autorun) -> Trouvé(e)

¤¤¤ Fichiers : 13 ¤¤¤
[PUP.Gen0|PUP.Gen1][Répertoire] C:\ProgramData\CloudPrinter -> Trouvé(e)
[PUP.HackTool][Répertoire] C:\ProgramData\KMSAutoS -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\Logic Handler -> Trouvé(e)
[Tr.Gen0][Fichier] C:\Users\MOHPC\AppData\Roaming\uTorrent\updates\3.4.8_42445\utorrentie.exe -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\MOHPC\AppData\Local\Amazon Browser Settings -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\MOHPC\AppData\Local\DriverToolkit -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\MOHPC\AppData\Local\PackageAware -> Trouvé(e)
[PUP.Gen0|PUP.Gen1][Répertoire] C:\ProgramData\CloudPrinter -> Trouvé(e)
[PUP.HackTool][Répertoire] C:\ProgramData\KMSAutoS -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\Logic Handler -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files (x86)\Amazon\Amazon1ButtonApp -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files (x86)\Amazon Browser Settings -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files (x86)\DriverToolkit -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 2 ¤¤¤
[PUM.HomePage][Firefox:Config] 9lbim0gg.default : user_pref("browser.startup.homepage", "https://www.facebook.com/"); -> Trouvé(e)
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.yalla-shoot.com/live/] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: CT240BX200SSD1 +++++
--- User ---
[MBR] 4beee101a57029c2079b1935b3e6df2b
[BSP] 03942602e084d1677b7710f4e4a02a50 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 227983 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467935232 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EZRX-00A8LB0 +++++
--- User ---
[MBR] 7b374079b8945bf19024a0cb873f485c
[BSP] 9e1e157ea27a8cb49bb696dce64be4d1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 399650 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1351682048 | Size: 293868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 819204033 | Size: 259996 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG HD502HJ +++++
--- User ---
[MBR] d104548d7bbc771e2036025698e65219
[BSP] 2b61ad0785806f33f2b4b523fe525a55 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 176938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Brother DCP-195C USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Signaler le contenu de ce document