cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Premium) par Adlice Software
email : http://www.adlice.com/fr/contact/
Remontées : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com/fr/

Système d'exploitation : Windows 10 (10.0.16299) 64 bits version
Démarré en : Mode normal
Utilisateur : Mouad [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/15/2018 22:30:06 (Durée : 00:38:31)

¤¤¤ Processus : 6 ¤¤¤
[Tr.Gen] yc.exe(7128) -- C:\Users\Mouad\AppData\Local\yc\Application\yc.exe[-] -> Trouvé(e)
[Tr.Gen] yc.exe(7044) -- C:\Users\Mouad\AppData\Local\yc\Application\yc.exe[-] -> Trouvé(e)
[Tr.Gen] yc.exe(4236) -- C:\Users\Mouad\AppData\Local\yc\Application\yc.exe[-] -> Trouvé(e)
[Tr.Gen] yc.exe(5680) -- C:\Users\Mouad\AppData\Local\yc\Application\yc.exe[-] -> Trouvé(e)
[Tr.Gen] yc.exe(7224) -- C:\Users\Mouad\AppData\Local\yc\Application\yc.exe[-] -> Trouvé(e)
[Tr.Gen] yc.exe(7452) -- C:\Users\Mouad\AppData\Local\yc\Application\yc.exe[-] -> Trouvé(e)

¤¤¤ Registre : 16 ¤¤¤
[PUP.MailRU|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Mail.Ru -> Trouvé(e)
[PUP.MailRU|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\Mail.Ru -> Trouvé(e)
[PUP.MailRU|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\Mail.Ru -> Trouvé(e)
[PUP.MailRU|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\AppDataLow\Software\Mail.Ru -> Trouvé(e)
[PUP.MailRU|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\AppDataLow\Software\Mail.Ru -> Trouvé(e)
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099} -> Trouvé(e)
[Adw.LoadMoney] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ea3Host (C:\Windows\system32\Ea3Host.exe) -> Trouvé(e)
[PUP.Gen0|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WCAssistantService (C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe) -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://maktoob.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180218__yaie -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://maktoob.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180218__yaie -> Trouvé(e)
[Hj.Name] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | VIRTCL-WMI-RPCSS-In-TCP-NoScope : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=$(runtime.system32)\svchost.exe|Svc=rpcss|Name=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-212|Desc=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-213|EmbedCtxt=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-211| [x] -> Trouvé(e)
[Hj.Name] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | VIRTCL-WMI-WINMGMT-In-TCP-NoScope : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=$(runtime.system32)\svchost.exe|Svc=winmgmt|Name=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-214|Desc=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-215|EmbedCtxt=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-211| [x] -> Trouvé(e)
[Hj.Name] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | VIRTCL-WMI-WINMGMT-Out-TCP-NoScope : v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=$(runtime.system32)\svchost.exe|Svc=winmgmt|Name=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-216|Desc=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-217|EmbedCtxt=@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-211| [x] -> Trouvé(e)
[Tr.Gen] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4C8ACE36-4A5D-42AF-BB57-ECA198CF3F96} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Mouad\AppData\Local\yc\Application\yc.exe|Name=Chromium (mDNS-In)|Desc=Règle de trafic entrant pour Chromium autorisant le trafic mDNS|EmbedCtxt=yc| [-] -> Trouvé(e)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trouvé(e)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2330382296-2397498535-29398591-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trouvé(e)

¤¤¤ Tâches : 1 ¤¤¤
[PUP.HackTool|VT.Detected] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Trouvé(e)

¤¤¤ Fichiers : 14 ¤¤¤
[PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion -> Trouvé(e)
[PUP.MailRU|PUP.Gen1][Répertoire] C:\ProgramData\Mail.Ru -> Trouvé(e)
[PUP.HackTool][Répertoire] C:\Windows\AutoKMS -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\Mouad\AppData\Roaming\Lavasoft\Web Companion -> Trouvé(e)
[PUP.uTorrentAds][Fichier] C:\Users\Mouad\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Trouvé(e)
[PUP.uTorrentAds][Fichier] C:\Users\Mouad\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Trouvé(e)
[PUP.MailRU|PUP.Gen1][Répertoire] C:\Users\Mouad\AppData\Local\Mail.Ru -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Users\Mouad\AppData\Local\sysnet -> Trouvé(e)
[Tr.Gen][Fichier] C:\Users\Mouad\AppData\Local\yc\Application\yc.exe -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion -> Trouvé(e)
[PUP.MailRU|PUP.Gen1][Répertoire] C:\ProgramData\Mail.Ru -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\Program Files (x86)\Lavasoft\Web Companion -> Trouvé(e)
[PUP.MailRU|PUP.Gen1][Répertoire] C:\Program Files (x86)\Mail.Ru -> Trouvé(e)
[PUP.Gen3][Fichier] C:\Users\Mouad\AppData\Roaming\Mozilla\Firefox\Profiles\23n0nrb5.default\searchplugins\yahoo-lavasoft.xml -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 4 ¤¤¤
[PUM.HomePage][Firefox:Config] 23n0nrb5.default : user_pref("browser.startup.homepage", "https://maktoob.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180218__yaff"); -> Trouvé(e)
[PUM.NewTab][Firefox:Config] 23n0nrb5.default : user_pref("browser.newtab.url", "https://maktoob.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180218__yaff"); -> Trouvé(e)
[PUM.SearchEngine][Firefox:Config] 23n0nrb5.default : user_pref("browser.search.selectedEngine", "Yahoo®"); -> Trouvé(e)
[PUM.SearchEngine][Firefox:Config] 23n0nrb5.default : user_pref("browser.search.defaultenginename", "Yahoo®"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM035-1RK172 +++++
--- User ---
[MBR] d0de1a28dbc5cf2e366493520b442b19
[BSP] 7642d1eaed38b035e5353f2f9b6e3d2e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 851697 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1745438720 | Size: 814 MB
5 - Basic data partition | Offset (sectors): 1747107840 | Size: 99999 MB
6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1951907840 | Size: 788 MB
User = LL1 ... OK
User = LL2 ... OK

Publicité

Signaler le contenu de ce document

Publicité