rk-AB41.txt

Document joint : GFkwQufeOHp_rk-AB41.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.11.1.0 (x64) [Jun 4 2017] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : brahim [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 06/10/2017 20:08:03 (Durée : 00:59:54)
Commutateurs : -refid

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 37 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{222f31fb-a14e-4af2-bb14-997f28294370} (C:\Users\brahim\AppData\Roaming\VshareComplete\64\VshareComplete64.dll) -> Supprimé(e)
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Supprimé(e)
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370} (C:\Users\brahim\AppData\Roaming\VshareComplete\64\VshareComplete64.dll) -> Supprimé(e)
[] (X64) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #4 : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567 [x][x][x] -> Supprimé(e)
[] (X86) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #4 : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567 [x][x][x] -> ERROR [2]
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=hp&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567 -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.avast.com/AV772/ -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.avast.com/AV772/ -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://search.avast.com/AV772/ -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=hp&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567 -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567&type=default&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.avast.com/AV772/search/web?q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.avast.com/AV772/search/web?q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.avast.com/AV772/search/web?q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Bar : https://search.avast.com/AV772/ -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://search.avast.com/AV772/ -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1985333833-407126341-3890686282-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : https://search.avast.com/AV772/ -> Remplacé(e) (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://search.dosearches.com/web/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=ds&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567&type=default&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{EE40F0A4-9F7D-40F4-94C4-283D6CA2D0E3}C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe|Name=hl.exe|Desc=hl.exe|Defer=User| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{B4976B92-3F25-40FD-BE1F-F68EA9D8CC2B}C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe|Name=hl.exe|Desc=hl.exe|Defer=User| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6670D1B7-EC26-4D7A-865D-19670D45E5D0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\brahim\AppData\Roaming\crss.exe|Name=crss.exe| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {61A09971-49FB-496C-8517-47D035E631AA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\brahim\AppData\Roaming\crss.exe|Name=crss.exe| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5260117-395E-4D3E-90FA-1A5C59DB3A33} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\SprgFiles\SprgFiles.exe|Name=SprgFiles| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0BF149B6-8AF1-4C64-B5E2-3C9497A6AE78} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\SprgFiles\SprgFiles.exe|Name=SprgFiles| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {104E9A14-8ED7-41DE-9DE2-3C4E48B5433B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\SprgFiles\downloader.exe|Name=SprgFiles| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CE07BBD8-AA41-4040-BB88-E3A3BEB83F21} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\SprgFiles\downloader.exe|Name=SprgFiles| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AAC495EC-ADA1-4367-9857-059EE2198D7B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Popcorn Time\Updater.exe|Name=Updater.exe| [-] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{EE40F0A4-9F7D-40F4-94C4-283D6CA2D0E3}C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe|Name=hl.exe|Desc=hl.exe|Defer=User| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{B4976B92-3F25-40FD-BE1F-F68EA9D8CC2B}C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\brahim\appdata\local\temp\rarsfx0\hl.exe|Name=hl.exe|Desc=hl.exe|Defer=User| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6670D1B7-EC26-4D7A-865D-19670D45E5D0} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\brahim\AppData\Roaming\crss.exe|Name=crss.exe| [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {61A09971-49FB-496C-8517-47D035E631AA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\brahim\AppData\Roaming\crss.exe|Name=crss.exe| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5260117-395E-4D3E-90FA-1A5C59DB3A33} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\SprgFiles\SprgFiles.exe|Name=SprgFiles| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0BF149B6-8AF1-4C64-B5E2-3C9497A6AE78} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\SprgFiles\SprgFiles.exe|Name=SprgFiles| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {104E9A14-8ED7-41DE-9DE2-3C4E48B5433B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\SprgFiles\downloader.exe|Name=SprgFiles| [x] -> Supprimé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CE07BBD8-AA41-4040-BB88-E3A3BEB83F21} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\SprgFiles\downloader.exe|Name=SprgFiles| [x] -> Supprimé(e)
[HJ.Browser] (X64) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | (default) : C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567 -> Remplacé(e) (C:\Program Files\internet explorer\iexplore.exe)
[HJ.Browser] (X86) HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command | (default) : C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=cor&utm_campaign=rg&utm_content=sc&from=cor&uid=ST9500325AS_5VELDERDXXXX5VELDERD&ts=1384035567 -> Remplacé(e) (C:\Program Files\internet explorer\iexplore.exe)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 1 ¤¤¤
[PUP.Gen1][Répertoire] C:\Program Files (x86)\Popcorn Time -> Supprimé(e)
[PUP.Gen1][Fichier] C:\Program Files (x86)\Popcorn Time\init.txt -> Supprimé(e)
[PUP.Gen1][Fichier] C:\Program Files (x86)\Popcorn Time\Updater.exe -> Supprimé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 5 ¤¤¤
[PUM.HomePage][Firefox:Config] 2781qabx.default : user_pref("browser.startup.homepage", "https://search.avast.com/AV772/"); -> Remplacé(e) (about:home)
[PUM.SearchEngine][Firefox:Config] 2781qabx.default : user_pref("browser.search.selectedEngine", "Avast Search"); -> Supprimé(e)
[PUM.SearchEngine][Firefox:Config] 2781qabx.default : user_pref("browser.search.defaultenginename", "Avast Search"); -> Supprimé(e)
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [ask.com_] -> Supprimé(e)
[PUP.Gen1][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [http://dts.search.ask.com/sr?src=crb&gct=ds&appid=210&systemid=488&v=a13277-349&apn_uid=0110105904504208&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}] -> Supprimé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 2ae5a45b5fd84c5fe0c46a8c89104a75
[BSP] 450302a65fd4cdb459f4d755be376b69 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14226 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 29138944 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 29343744 | Size: 312612 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 669575168 | Size: 149998 MB
User = LL1 ... OK
User = LL2 ... OK

Signaler le contenu de ce document