Journal-roguekiller.txt

Document joint : GLbrhcAHsJV_Journal-roguekiller.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

RogueKiller V12.11.26.0 [Nov 27 2017] (Gratuit) par Adlice Software
email : http://www.adlice.com/fr/contact/
Remontées : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com/fr/

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : UTILISATEUR [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 12/01/2017 16:20:20 (Durée : 01:37:06)

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 23 ¤¤¤
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Trouvé(e)
[PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Trouvé(e)
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Babylon -> Trouvé(e)
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Reimage -> Trouvé(e)
[PUP.AMule] HKEY_USERS\.DEFAULT\Software\aMule -> Trouvé(e)
[PUP.Gen1] HKEY_USERS\S-1-5-21-427539266-4164703841-491026186-1000\Software\Reimage -> Trouvé(e)
[PUP.AMule] HKEY_USERS\S-1-5-18\Software\aMule -> Trouvé(e)
[PUP.BrowsingProtection] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eapihdrv (\??\C:\Users\UTILIS~1\AppData\Local\Temp\ehdrv.sys) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eapihdrv (\??\C:\Users\UTILIS~1\AppData\Local\Temp\ehdrv.sys) -> Trouvé(e)
[PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ReimageRealTimeProtector (C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe) -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C166C18C-1079-4E29-BE39-9E3E6C4A02CF}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0EA9531F-893F-4D05-BA97-3D083758670B}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {56FE0C0A-7DE1-45C1-B015-F09FDA74D301} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F06E203-6DA1-4262-847A-67919568B020} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A103DF8E-4E85-481E-9ECE-D5A735DF8456} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3C65EDE5-2368-4299-A9D2-2538B1D829A6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C166C18C-1079-4E29-BE39-9E3E6C4A02CF}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0EA9531F-893F-4D05-BA97-3D083758670B}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {56FE0C0A-7DE1-45C1-B015-F09FDA74D301} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F06E203-6DA1-4262-847A-67919568B020} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A103DF8E-4E85-481E-9ECE-D5A735DF8456} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3C65EDE5-2368-4299-A9D2-2538B1D829A6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 7 ¤¤¤
[PUP.BrowsingProtection][Répertoire] C:\ProgramData\Ad-Aware Browsing Protection -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\Babylon -> Trouvé(e)
[PUP.Gen0][Fichier] C:\Windows\Reimage.ini -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\UTILISATEUR\AppData\Roaming\Babylon -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\UTILISATEUR\AppData\Local\Babylon -> Trouvé(e)
[PUP.BrowsingProtection][Répertoire] C:\ProgramData\Ad-Aware Browsing Protection -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\Babylon -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUP.Gen2][Firefox:Addon] 8skr8vst.default : Search and New Tab by Yahoo [jid1-16aeif9OQIRKxA@jetpack] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: STM3500418AS ATA Device +++++
--- User ---
[MBR] ad72891c489af99fd241115ec14a448e
[BSP] d45e1d1ba58dd9e43134da3b0cdad4c6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD103SI ATA Device +++++
--- User ---
[MBR] f373f9a8502342790174497b17674bf5
[BSP] b7e5f5ec2a4a010f7109940b7f9e3d55 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: OEI-USB CompactFlash USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive3: OEI-USB SM/MS/SD USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

Signaler le contenu de ce document