cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.0.1.0 [Oct 10 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en : Mode normal
Utilisateur : marie [Administrateur]
Mode : Suppression -- Date : 10/13/2014 12:28:44

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 44 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ConvertAd : C:\Users\marie\AppData\Local\ConvertAd\ConvertAd.exe [x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup [7][x] -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | WindApp : "C:\Windows\system32\config\systemprofile\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup [x][x] -> Supprimé(e)
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | WindApp : "C:\Windows\system32\config\systemprofile\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Windows\CurrentVersion\Run | Price-Horse : C:\Users\marie\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe [7] -> Supprimé(e)
[PUP] (X64) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb : "C:\Users\marie\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-][x] -> Supprimé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Windows\CurrentVersion\Run | Price-Horse : C:\Users\marie\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe -> ERROR [2]
[PUP] (X86) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb : "C:\Users\marie\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | WindApp : "C:\Windows\system32\config\systemprofile\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Browser Infrastructure Helper : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Smartbar\Application\Smartbar.exe startup -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | WindApp : "C:\Windows\system32\config\systemprofile\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56246;https=127.0.0.1:56246 -> Supprimé(e)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56246;https=127.0.0.1:56246 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:61370;https=127.0.0.1:61370 -> Supprimé(e)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:61370;https=127.0.0.1:61370 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56246;https=127.0.0.1:56246 -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56246;https=127.0.0.1:56246 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://speedial.com/?f=1&a=spd_cmi_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0CyEyDyEyEyEtCzytCyEyB0A0AyDzyyDtN0D0Tzu0SzytDtBtN1L2XzutBtFtBtCtFyEtFtDtN1L1CzutCyEtBzytDyD1V1OtN1L1G1B1V1N2Y1L1Qzu2SyCtBzz0AyEyByCyDtGyDtCyBtDtGzyzztA0AtG0E0EyB0EtGtDtA0FtDyEyDzz0CtD0F0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyzyzz0CyDyBzytG0B0BtAyEtGtCtAyBtAtG0A0EyCtAtGtBzz0DyEzztC0E0F0DyDyEtA2Q&cr=1976638590&ir= -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://fr.yahoo.com/?fr=hp-avast&type=avastbcl -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFkVzMqCcxhlHKbI0wfcSFsxayc0RIW8Y7zFg-0sOD_Tp6ICQuH-n1YauH92qdMoUNkW-Osuw,, -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFkVzMqCcxhlHKbI0wfcSFsxayc0RIW8Y7zFg-0sOD_Tp6ICQuH-n1YauH92qdMoUNkW-Osuw,, -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=ME3A9BE04-DEDC-48BB-A932-4EEB25DEA9F9&SearchSource=55&CUI=&UM=6&UP=SP8DCC199A-C0CA-445F-816B-85BB70EDAE61&SSPV=&SSPV=&SSPV= -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=ME3A9BE04-DEDC-48BB-A932-4EEB25DEA9F9&SearchSource=55&CUI=&UM=6&UP=SP8DCC199A-C0CA-445F-816B-85BB70EDAE61&SSPV=&SSPV=&SSPV= -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFkVzMqCcxhlHKbI0wfcSFsxayc0RIW8Y7zFg-0sOD_Tp6ICQuH-n1YauH92qdMoUNkW-Osuw,, -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFkVzMqCcxhlHKbI0wfcSFsxayc0RIW8Y7zFg-0sOD_Tp6ICQuH-n1YauH92qdMoUNkW-Osuw,, -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3631321578-2419162965-3568271233-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3EF0AF5F-0C87-4C4D-96E2-4CF2AB6B437E} | DhcpNameServer : 40.40.1.201 40.40.1.203 -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3EF0AF5F-0C87-4C4D-96E2-4CF2AB6B437E} | DhcpNameServer : 40.40.1.201 40.40.1.203 -> Remplacé(e) ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)

¤¤¤ Tâches : 4 ¤¤¤
[Suspicious.Path] OWST.job -- C:\Users\marie\AppData\Roaming\OWST.exe (/infocmdline=oDge1b+F/3cKGNpuPQOaUhGCWVNicWvDPasu4kRZ0oIQT7ugHZ7ufn7hUk+LXE42tEoh4QywgCo7Clvd1JoynJo1dBb4845PM6JgwcoZrXxeoYt/puRHX+8NVg+Oa4N9oBj8yYkCk9ydsSxjap2Fr69cQpHEmu7JXpu4LPd6U/aJiqzx69h4L3Woo2iR2svqw3t9ZcSfO2URLiN/7fQumzwdEPw6M97Hp53pcjyyCOWIQQ3TXPAjN5Uc8YYBwSfJX+ySEOgrk2liaW3wTBH+iWZZqScQV714H69MjADzrsrzpSTIA7KqROvQfDfx4XYXl9zC6X6kq3t3qcVe7nyN5HTNNlO4pUrrzHyQkmigoUAc6tvN778vAKOREkDILhewnSvIOg2zIU0iMVBcDIVpxtqcjTZ2ftdLnyys5lidvZnjplnJqgRKGivVO4dhsa9/Wwy40UtBgrDu83n8I79FwXNkOmpweT8MI5RzPYA0zVGb6iUbRlw//GmlGuzOs1jL) -> Supprimé(e)
[Suspicious.Path] RJIIB.job -- C:\Users\marie\AppData\Roaming\RJIIB.exe (/infocmdline=E6Hr6RDQehejM/AvrtRDWoA0eidH92IEEqli6Xt6k4D5WBBTut+8sarPUYT9ax1K3dpEsTjSoZr+bejyBa0B00nFWLbRM4G48WNyk4FAmD4ZsVpyNfa+eOKNq1KXj6IyLy6tk+pp7Q3yeTKNXn9Pvykskg6M8oAkOEPteuVunlp6pKqAUsTSnSykhkFXQAYxc/oo/+tkvIuzvBrPIY7k0LzEISefzextOcKR7DDmZXWef/fM1j/Xd2gVEr8dGpfl9B/rxl2z/D8Ex1TOOS7qTmCC/wn6XsHY+zSjlaSoHDT2pGcHl4jAobZ9VhYmig6MWmMj4xHqPZC6em1Eb+FrTSty8NZDJsDpCl8WlcdSBJoHN8TQhMz68KLMWYNiLThQir8LAxg5zQiPS19zzGkLH5Cp0enZtNaTBPocS5MtHxwe8bqH3e6EIWso1zFduz3mZ/2ziKKEJkAn40XQs72X+XkJ3gvnVZ8FZWGcaLDmVOwtsePn8DQRnX0fxE5sh2/V) -> Supprimé(e)
[Suspicious.Path] \\Price-Horse -- C:\Users\marie\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe -> Supprimé(e)
[Suspicious.Path] \\Price-Horse Udpater -- C:\Users\marie\AppData\Local\pricehorse\pricehorse\1.3.13.12\playsetup.exe -> Supprimé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Non chargé [0x20]) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10132014_121332.log - RKreport_SCN_10132014_122726.log

Publicité


Signaler le contenu de ce document

Publicité