cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V12.9.2.0 (x64) [Jan 9 2017] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 10 (10.0.14393) 64 bits version
Démarré en : Mode normal
Utilisateur : yan-9 [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Suppression -- Date : 01/09/2017 23:27:00 (Durée : 00:29:57)

¤¤¤ Processus : 2 ¤¤¤
[Adw.Elex|Suspicious.Path|VT.not-a-virus:AdWare.Win32.Agent.xxdcno] UvConverter.exe(3004) -- C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe[-] -> Tué(e) [TermProc]
[Adw.Elex|Suspicious.Path|VT.not-a-virus:AdWare.Win32.Agent.xxdcno] (SVC) Convxxxx -- "C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}[-] -> ERROR [6d]

¤¤¤ Registre : 33 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{FAD99A26-B035-11E6-868F-64006A5CFC23} (C:\Users\yan-9\AppData\Roaming\Aterqcult\Usaphatusary.dll) -> Supprimé(e)
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\jhdbca -> Supprimé(e)
[PUP.Amisites] (X86) HKEY_LOCAL_MACHINE\Software\amisitesSoftware -> Supprimé(e)
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\jhdbca -> Supprimé(e)
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\trotuxSoftware -> Supprimé(e)
[Adw.Elex] (X86) HKEY_LOCAL_MACHINE\Software\UvConv -> Supprimé(e)
[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\WinArcher -> Supprimé(e)
[PUP.Gen0] (X64) HKEY_USERS\.DEFAULT\Software\jhdbca -> Supprimé(e)
[PUP.Gen0] (X86) HKEY_USERS\.DEFAULT\Software\jhdbca -> Supprimé(e)
[PUP.Gen0] (X64) HKEY_USERS\S-1-5-18\Software\jhdbca -> Supprimé(e)
[PUP.Gen0] (X86) HKEY_USERS\S-1-5-18\Software\jhdbca -> Supprimé(e)
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {FAD99A26-B035-11E6-868F-64006A5CFC23} : (C:\Users\yan-9\AppData\Roaming\Aterqcult\Usaphatusary.dll) [x] -> Supprimé(e)
[Adw.Elex|Suspicious.Path|VT.not-a-virus:AdWare.Win32.Agent.xxdcno] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Convxxxx ("C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}) -> Supprimé(e)
[PUP.AMule] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ed2kidle ("C:\Program Files (x86)\amuleC1\ed2k.exe" -downloadwhenidle) -> Supprimé(e)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2)
[Adw.Elex] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes | DependOnService : -> Supprimé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 5 ¤¤¤
[PUP.Gen0][Répertoire] C:\ProgramData\WinSAPSvc -> Supprimé(e) au redémarrage [20]
[PUP.Gen0][Fichier] C:\ProgramData\WinSAPSvc\WinSAP.dll -> Supprimé(e) au redémarrage [5]
[Adw.Elex][Fichier] C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe -> Supprimé(e)
[PUP.Gen0][Répertoire] C:\ProgramData\WinSAPSvc -> Supprimé(e) au redémarrage [20]
[PUP.Gen0][Fichier] C:\ProgramData\WinSAPSvc\WinSAP.dll -> Supprimé(e) au redémarrage [5]
[Adw.Elex][Répertoire] C:\Program Files (x86)\UvConverter -> Supprimé(e)
[PUP.Gen0][Répertoire] C:\Program Files (x86)\WinArcher -> Supprimé(e) au redémarrage [91]
[PUP.Gen0][Fichier] C:\Program Files (x86)\WinArcher\Archer.dll -> Supprimé(e) au redémarrage [5]
[PUP.Gen0][Fichier] C:\Program Files (x86)\WinArcher\Packet.dll -> Supprimé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 3 ¤¤¤
[PUM.HomePage][Chrome:Config] ChromeDefaultData [SecurePrefs] : session.startup_urls [https://www.google.com/|http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT|http://www.amisites.com/?type=hp&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT] -> Supprimé(e)
[PUM.SearchPage][Chrome:Config] ChromeDefaultData [SecurePrefs] : default_search_provider_data.template_url_data.keyword [amisites] -> Supprimé(e)
[PUM.SearchPage][Chrome:Config] ChromeDefaultData [SecurePrefs] : default_search_provider_data.template_url_data.url [http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms}] -> Supprimé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] 9d76ce1b64e2873a671280857b86a525
[BSP] 79fc08d9881519e96afb442150a3e5d0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 231934 MB
4 - [MAN-MOUNT] Basic data partition | Offset (sectors): 476162048 | Size: 1 MB
5 - Basic data partition | Offset (sectors): 476164096 | Size: 244437 MB
User = LL1 ... OK
User = LL2 ... OK

Publicité

Signaler le contenu de ce document

Publicité