rk-E236.tmp.txt

Document joint : GIurOl1CXGF_rk-E236.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.11.16.0 [Sep 18 2017] (Gratuit) par Adlice Software
email : http://www.adlice.com/fr/contact/
Remontées : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com/fr/

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : cyrille.basin [Administrateur]
Démarré depuis : D:\0Data\Documents\Downloads\RogueKiller_portable32.exe
Mode : Scan -- Date : 09/20/2017 18:36:56 (Durée : 00:49:17)

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 13 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} (C:\Users\CYRILL~1.BAS\AppData\Local\Temp\HYD739C.tmp.1447003760\HTA\3rdparty\OCComSDK.dll) -> Trouvé(e)
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} (C:\Users\CYRILL~1.BAS\AppData\Local\Temp\HYD739C.tmp.1447003760\HTA\3rdparty\OCComSDK.dll) -> Trouvé(e)
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027} -> Trouvé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-21-3645348317-1517958546-2996639927-741165\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : http://127.0.0.1:60938/proxy.pac -> Trouvé(e)
[PUM.Proxy] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://127.0.0.1:60938/proxy.pac -> Trouvé(e)
[PUM.Proxy] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://127.0.0.1:60938/proxy.pac -> Trouvé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-3645348317-1517958546-2996639927-741165\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://spienet.spie.com/ -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BF1E675A-8CFF-47EC-AB75-6F227279CC66} | DhcpNameServer : 172.20.10.1 ([]) -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BF1E675A-8CFF-47EC-AB75-6F227279CC66} | DhcpNameServer : 172.20.10.1 ([]) -> Trouvé(e)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3645348317-1517958546-2996639927-741165\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)

¤¤¤ Tâches : 6 ¤¤¤
[Hj.Shortcut] \{0794091A-CC17-4FE3-AD07-EA95A20750D0} -- "c:\program files\internet explorer\iexplore.exe" (http://ui.skype.com/ui/0/7.27.0.101/fr/abandoninstall?page=tsMain) -> Trouvé(e)
[Hj.Shortcut] \{1F270239-3FFA-4B9C-884C-AF69C158F244} -- "c:\program files\internet explorer\iexplore.exe" (http://www.skype.com/go/downloading?source=installer&ver=7.14.0.106&LastError=-9) -> Trouvé(e)
[Hj.Shortcut] \{24D56487-1B14-4EBF-8DC5-655D9DD3D1CB} -- "c:\program files\internet explorer\iexplore.exe" (http://ui.skype.com/ui/0/7.21.0.100/fr/abandoninstall?page=tsMain) -> Trouvé(e)
[Hj.Shortcut] \{66B20871-A204-4A57-A7CE-0C0FBF4DF967} -- "c:\program files\internet explorer\iexplore.exe" (http://ui.skype.com/ui/0/7.24.0.104/fr/abandoninstall?page=tsMain) -> Trouvé(e)
[Hj.Shortcut] \{6D8950AA-EDD8-4F06-8762-F6EA6A6E3A07} -- "c:\program files\internet explorer\iexplore.exe" (http://www.skype.com/go/downloading?source=installer&ver=7.14.0.106&LastError=-9) -> Trouvé(e)
[Hj.Shortcut] \{D792AC3E-DC21-454D-8E3E-7314B4DDC5A3} -- "c:\program files\internet explorer\iexplore.exe" (http://ui.skype.com/ui/0/7.21.0.100/fr/abandoninstall?page=tsMain) -> Trouvé(e)

¤¤¤ Fichiers : 8 ¤¤¤
[PUP.Gen1][Fichier] C:\Users\cyrille.basin\Desktop\Rocket.lnk [LNK@] C:\Users\cyrille.basin\AppData\Local\Rocket\Application\rocket.exe -> Trouvé(e)
[PUP.Gen1][Fichier] C:\Users\cyrille.basin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rocket.lnk [LNK@] C:\Users\cyrille.basin\AppData\Local\Rocket\Application\rocket.exe -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\cyrille.basin\AppData\Roaming\MCorp -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files\Popcorn Time -> Trouvé(e)
[PUP.HackTool][Répertoire] C:\Program Files\UltraVNC -> Trouvé(e)
[PUP.Gen1][Fichier] C:\Users\cyrille.basin\Desktop\Rocket.lnk [LNK@] C:\Users\cyrille.basin\AppData\Local\Rocket\Application\rocket.exe -> Trouvé(e)
[PUP.Gen3][Fichier] C:\Users\cyrille.basin\AppData\Roaming\Mozilla\Firefox\Profiles\vhdnt72s.default\searchplugins\bingp.xml -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : MSN Homepage & Bing Search Engine [fcfenmboojpjinhpgggodefccipikbpd] -> Trouvé(e)
[PUM.Proxy][Firefox:Config] vhdnt72s.default : user_pref("network.proxy.type", 2); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: LITEONIT LCS-128M6S 2.5 +++++
--- User ---
[MBR] 19e8cbb336c7f4df17dee4e1a44bdd37
[BSP] 89cf299102d4ed21d43e49aeaae5d3a6 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 696320 | Size: 48841 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 100722688 | Size: 72922 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Signaler le contenu de ce document