cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþRogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Mr ysn [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/26/2016 21:38:25 (Duration : 00:42:43)

¤¤¤ Processes : 3 ¤¤¤
[Adw.Elex|Suspicious.Path] service.exe(1676) -- C:\ProgramData\service.exe[-] -> Found
[PUP.HackTool|Suspicious.Path] KMS-R@1n.exe(1908) -- C:\Windows\KMS-R@1n.exe[-] -> Found
[PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (SVC) KMS-R@1n -- C:\Windows\KMS-R@1n.exe[-] -> Found

¤¤¤ Registry : 17 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\csastats -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\DriverToolkit -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\IM -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Installer -> Found
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\ProductSetup -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\csastats -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\DriverToolkit -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\IM -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Installer -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\ProductSetup -> Found
[Suspicious.Path|VT.Adware.Agent] (X64) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Microsoft\Windows\CurrentVersion\Run | msiql : C:\Users\Mr ysn\AppData\Local\Temp\00024854\msiql.exe /RUNNING [-] -> Found
[Suspicious.Path|VT.Adware.Agent] (X86) HKEY_USERS\S-1-5-21-1604366849-3738614433-1859447426-1002\Software\Microsoft\Windows\CurrentVersion\Run | msiql : C:\Users\Mr ysn\AppData\Local\Temp\00024854\msiql.exe /RUNNING [-] -> Found
[PUP.Gen0|VT.PUP.Optional.HahoMedia] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BugFixxer (C:\Windows\BugFixxer\1004\BugFixxer.exe) -> Found
[PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Found
[PUP.Gen0|PUP.HahoMedia] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Policies (C:\Windows\system32\Policies\161011\Policies.exe) -> Found
[PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {62714C1E-DE41-4392-B623-BFD6DADEE9DD} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [-] -> Found
[PUP.HackTool|Suspicious.Path|VT.HackTool/Win32.KMSAuto.C1585389] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C789FE12-C35E-4459-A3CA-C4D614150DA8} : v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [-] -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Tr.Gen0|Suspicious.Path|VT.Adware.OxyPumper] \Microsoft\Windows\Multimedia\Manager -- C:\Users\Mr ysn\AppData\Roaming\Adobe\Manager.exe (604C4206-B430-43E1-A102-8BF11249AEC2) -> Found

¤¤¤ Files : 7 ¤¤¤
[Adw.Elex][File] C:\ProgramData\service.exe -> Found
[PUP.HackTool][File] C:\Windows\KMS-R@1n.exe -> Found
[PUP.HackTool][File] C:\Windows\KMS-R@1nHook.exe -> Found
[PUP.HahoMedia][Folder] C:\Windows\SysWOW64\Policies -> Found
[Tr.Gen0][File] C:\Users\Mr ysn\AppData\Roaming\Adobe\Manager.exe -> Found
[Tr.Gen0][File] C:\Users\Mr ysn\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
[Adw.Elex][File] C:\ProgramData\service.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen1][Firefox:Addon] 7vml8ba5.default-1466085183021 : Add-ons Manager Context Menu [amcontextmenu@loucypher] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-80ZEST0 +++++
--- User ---
[MBR] 51cad808cb71806fa55453011f4ba6b9
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 149450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 306280448 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307202048 | Size: 155243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ALCATEL Mass Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Publicité

Signaler le contenu de ce document

Publicité