rk-FC8D.tmp.txt

Document joint : GJbs7uKb6G4_rk-FC8D.tmp.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.11.17.0 (x64) [Sep 25 2017] (Premium) par Adlice Software
email : http://www.adlice.com/fr/contact/
Remontées : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com/fr/

Système d'exploitation : Windows 10 (10.0.15063) 64 bits version
Démarré en : Mode normal
Utilisateur : Walid [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/01/2017 15:30:50 (Durée : 03:26:36)

¤¤¤ Processus : 5 ¤¤¤
[Proc.Injected] explorer.exe(5212) -- C:\Windows\explorer.exe[7] -> Trouvé(e)
[Keylog.Gen0] rvlkl.exe(5812) -- C:\Windows\System32\rvlkl.exe[7] -> Trouvé(e)
[VT.RiskWare.BitCoinMiner] securedisk.exe(3856) -- C:\Disk\securedisk.exe[-] -> Trouvé(e)
[VT.RiskWare.BitCoinMiner] websock.exe(5336) -- C:\Applications\websock.exe[-] -> Trouvé(e)
[Root.Wajam] (SVC) 13437a72cf2b1e4ff523f62f1148e1fc -- \??\C:\WINDOWS\system32\drivers\13437a72cf2b1e4ff523f62f1148e1fc.sys[7] -> Trouvé(e)

¤¤¤ Registre : 34 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\jawego -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\DriverToolkit -> Trouvé(e)
[PUP.DriverPack] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\drpsu -> Trouvé(e)
[Adw.EnjoyWifi] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\enjoyWifi -> Trouvé(e)
[Adw.FastDataX] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\FastDataX -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\IM -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\jawego -> Trouvé(e)
[PUP.VideoBox] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\VideoBox -> Trouvé(e)
[Root.Wajam] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\WajIEnhance -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\DriverToolkit -> Trouvé(e)
[PUP.DriverPack] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\drpsu -> Trouvé(e)
[Adw.EnjoyWifi] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\enjoyWifi -> Trouvé(e)
[Adw.FastDataX] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\FastDataX -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\IM -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\jawego -> Trouvé(e)
[PUP.VideoBox] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\VideoBox -> Trouvé(e)
[Root.Wajam] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\WajIEnhance -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\AppDataLow\Software\WinToFlash Suggestor -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\AppDataLow\Software\WinToFlash Suggestor -> Trouvé(e)
[BitMiner.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\gplyra -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\vnlgp -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinToFlash Suggestor -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1 -> Trouvé(e)
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} -> Trouvé(e)
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vnlgp : C:\Users\Walid\AppData\Roaming\vnlgp\vnlgp.exe [x] -> Trouvé(e)
[BitMiner.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | gplyra : C:\Users\Walid\AppData\Roaming\gplyra\gplyra.exe [x] -> Trouvé(e)
[Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\13437a72cf2b1e4ff523f62f1148e1fc (\??\C:\WINDOWS\system32\drivers\13437a72cf2b1e4ff523f62f1148e1fc.sys) -> Trouvé(e)
[Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a005b2a6a3b47237e60b7827073d1f8b ("C:\Program Files\a005b2a6a3b47237e60b7827073d1f8b\2a3fa45f7727cbbc64a296c924dec80a.exe") -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?q=google&src=IE-SearchBox&FORM=IESR02 -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-245908911-1926491962-559848965-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?q=google&src=IE-SearchBox&FORM=IESR02 -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{1232684C-8DC4-4902-9740-C48724E2DA98}C:\users\walid\appdata\local\temp\orainstall2015-11-07_04-03-14pm\jre\1.4.2\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\walid\appdata\local\temp\orainstall2015-11-07_04-03-14pm\jre\1.4.2\bin\javaw.exe|Name=javaw.exe|Desc=javaw.exe|Defer=User| [x] -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{F34AFC0F-77D5-4B93-B82E-2AB0B4E2D504}C:\users\walid\appdata\local\temp\orainstall2015-11-07_04-03-14pm\jre\1.4.2\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\walid\appdata\local\temp\orainstall2015-11-07_04-03-14pm\jre\1.4.2\bin\javaw.exe|Name=javaw.exe|Desc=javaw.exe|Defer=User| [x] -> Trouvé(e)
[PUP.Jawego|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3C59489C-38AF-4DC4-824B-5DA4F6522C61} : v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Driver Updater Plus\dup.exe|Name=driverupdaterplus| [x] -> Trouvé(e)

¤¤¤ Tâches : 2 ¤¤¤
[PUP.Gen0] %WINDIR%\Tasks\DriverToolkit Autorun.job -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe (--autorun) -> Trouvé(e)
[Adw.OxyPumper] \Microsoft\Windows\Windows Error Reporting\ErrorReporting -- C:\\Users\\Walid\\AppData\\Roaming\\ErrorReporting\\ermgr.exe (/r /i 6) -> Trouvé(e)

¤¤¤ Fichiers : 39 ¤¤¤
[Keylog.Gen0][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [LNK@] C:\Windows\System32\rvlkl.exe /b -> Trouvé(e)
[Adw.Wizzcaster][Fichier] C:\ProgramData\0bb538d53e5d4061baf22d353d041d6f\DWLSUPFUYJ.exe -> Trouvé(e)
[Adw.Wizzcaster][Fichier] C:\ProgramData\8b87f0350db34d0fb02a42a07d8dc57d\xnBxjIQNwqBn.exe -> Trouvé(e)
[PUP.OnlineIO|PUP.Gen0][Répertoire] C:\ProgramData\Microleaves -> Trouvé(e)
[Keylog.Gen0][Répertoire] C:\ProgramData\rvlkl -> Trouvé(e)
[PUP.Gen1][Fichier] C:\Users\Public\Desktop\DriverToolkit.lnk [LNK@] C:\PROGRA~2\DRIVER~1\DRIVER~1.EXE -> Trouvé(e)
[Keylog.Gen0][Fichier] C:\Windows\System32\rvlkl.exe -> Trouvé(e)
[Root.Wajam][Fichier] C:\Windows\System32\drivers\13437a72cf2b1e4ff523f62f1148e1fc.sys -> Trouvé(e)
[Adw.EnjoyWifi][Fichier] C:\Windows\System32\drivers\wfcre.sys -> Trouvé(e)
[Adw.Wizzcaster][Fichier] C:\Users\Walid\AppData\Roaming\26dc043e60f448a28125951ba5242ea5\Mm8b9Eqg.exe -> Trouvé(e)
[Adw.OxyPumper][Répertoire] C:\Users\Walid\AppData\Roaming\ErrorReporting -> Trouvé(e)
[BitMiner.Gen0][Répertoire] C:\Users\Walid\AppData\Roaming\gplyra -> Trouvé(e)
[PUP.OnlineIO|PUP.Gen0][Répertoire] C:\Users\Walid\AppData\Roaming\Microleaves -> Trouvé(e)
[PUP.Gen0|PUP.Gen1][Répertoire] C:\Users\Walid\AppData\Roaming\OpenCandy -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\Walid\AppData\Roaming\vnlgp -> Trouvé(e)
[PUP.OnlineIO][Répertoire] C:\Users\Walid\AppData\Local\AdvinstAnalytics -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\Walid\AppData\Local\DriverToolkit -> Trouvé(e)
[BitMiner.Gen0][Répertoire] C:\Users\Walid\AppData\Local\PCBooster -> Trouvé(e)
[PUP.Linkury][Fichier] C:\Users\Walid\AppData\Local\Temp\pq3jl4er.ovu\starter.exe -> Trouvé(e)
[Adw.Wizzcaster][Fichier] C:\ProgramData\0bb538d53e5d4061baf22d353d041d6f\DWLSUPFUYJ.exe -> Trouvé(e)
[Adw.Wizzcaster][Fichier] C:\ProgramData\8b87f0350db34d0fb02a42a07d8dc57d\xnBxjIQNwqBn.exe -> Trouvé(e)
[PUP.OnlineIO|PUP.Gen0][Répertoire] C:\ProgramData\Microleaves -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit -> Trouvé(e)
[Keylog.Gen0][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [LNK@] C:\Windows\System32\rvlkl.exe /b -> Trouvé(e)
[Keylog.Gen0][Répertoire] C:\ProgramData\rvlkl -> Trouvé(e)
[Root.Wajam][Répertoire] C:\Program Files\a005b2a6a3b47237e60b7827073d1f8b -> Trouvé(e)
[PUP.Amonetize][Fichier] C:\Program Files\Reference Assemblies\KSGODXLXFU\BXJZWETVWA.exe -> Trouvé(e)
[Adw.Wizzcaster][Fichier] C:\Program Files\Reference Assemblies\XVYXRGSKUJ\BYFKFOCEMS.exe -> Trouvé(e)
[PUP.Jawego|PUP.Gen1][Répertoire] C:\Program Files (x86)\Driver Updater Plus -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files (x86)\DriverToolkit -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files (x86)\driverupdaterplus -> Trouvé(e)
[PUP.AdBlocker][Répertoire] C:\Program Files (x86)\ICBaloCIDxXU2 -> Trouvé(e)
[PUP.OnlineIO|PUP.Gen0][Répertoire] C:\Program Files (x86)\Microleaves -> Trouvé(e)
[PUP.AdBlocker][Répertoire] C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} -> Trouvé(e)
[Adw.Wizzcaster][Répertoire] C:\Program Files (x86)\ShutdownTime -> Trouvé(e)
[PUP.AdBlocker][Répertoire] C:\Program Files (x86)\TQoarIXzU -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files (x86)\WinToFlash Suggestor -> Trouvé(e)
[PUP.Gen1][Fichier] C:\Users\Public\Desktop\DriverToolkit.lnk [LNK@] C:\PROGRA~2\DRIVER~1\DRIVER~1.EXE -> Trouvé(e)
[PUP.Firefox][Fichier] C:\Users\Walid\AppData\Roaming\Mozilla\Firefox\Profiles\ab2n41bz.default\Invalidprefs.js -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 5 ¤¤¤
[PUP.Gen2][Firefox:Addon] ab2n41bz.default : WinToFlash Suggestor [{285ACFBB-8E53-4feb-90E6-F02A128927F3}] -> Trouvé(e)
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Trouvé(e)
[PUM.Proxy][Firefox:Config] ab2n41bz.default : user_pref("network.proxy.http", "4glte.at.dz.kproxy.com"); -> Trouvé(e)
[PUM.Proxy][Firefox:Config] ab2n41bz.default : user_pref("network.proxy.http_port", 8080); -> Trouvé(e)
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.mystartsearch.com/?type=hp&ts=1425761234&from=smt&uid=ST9500325AS_S2WPBTJWXXXXS2WPBTJW|http://www.mystartsearch.com/?type=hppp&ts=1425761247&from=smt&uid=ST9500325AS_S2WPBTJWXXXXS2WPBTJW] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] d8e3a3ee84f51715e231af8fdc7079b5
[BSP] 15fc16227e8fccae680f59a76c9e4889 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 155935 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 319563776 | Size: 901 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 321411072 | Size: 319999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Multiple Card Reader USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Signaler le contenu de ce document