ÿþRogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Gratuit) par Adlice Software email : http://www.adlice.com/fr/contact/ Remontées : https://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com/fr/ Système d'exploitation : Windows 10 (10.0.15063) 64 bits version Démarré en : Mode normal Utilisateur : jclou [Administrateur] Démarré depuis : C:\Users\jclou\Downloads\RogueKiller_portable64.exe Mode : Scan -- Date : 09/16/2017 11:31:11 (Durée : 01:45:08) ¤¤¤ Processus : 2 ¤¤¤ [VT.Adware.Tuto4PC.Generic] 8T1H8M7G32YNT3Y.exe(6356) -- C:\Program Files (x86)\xfepxsbbdrd\8T1H8M7G32YNT3Y.exe[-] -> Trouvé(e) [Adw.Wizzcaster] NS7US.exe(6056) -- C:\Program Files (x86)\xfepxsbbdrd\NS7US.exe[-] -> Trouvé(e) ¤¤¤ Registre : 36 ¤¤¤ [VT.Trojan.Injector] (X64) HKEY_CLASSES_ROOT\CLSID\{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} (C:\Users\jclou\AppData\Roaming\tmp546.dat) -> Trouvé(e) [PUP.WindowsTM] (X64) HKEY_CLASSES_ROOT\CLSID\{BFD6B750-C600-456A-BB8F-FA18D10F2C1B} (C:\Program Files (x86)\WindowsTM\TMDeskBand.dll) -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\IM -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\IM -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\UCBrowser -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Trouvé(e) [PUP.HPDefender] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mp3tagApp2 -> Trouvé(e) [PUP.HPDefender] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mp3tagApp2 -> Trouvé(e) [VT.Trojan.Injector] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} : (C:\Users\jclou\AppData\Roaming\tmp546.dat) [-] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | egsiiifr03r : "C:\Users\jclou\AppData\Roaming\11clvgttm1k\hejc1oct3lx.exe" [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | 25byozgnngk : "C:\Users\jclou\AppData\Roaming\uavbsc32as3\xxg1uchj1g4.exe" [x] -> Trouvé(e) [VT.HEUR:Trojan-Dropper.MSIL.Generic] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | OE0YJ6R5OYLD64H : "C:\Program Files (x86)\xfepxsbbdrd\NS7US.exe" [-] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | k4p2ivxx2qi : "C:\Users\jclou\AppData\Roaming\hoqkhl4g5x5\2o0k4cu4wn0.exe" [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | zn2tiohqrht : "C:\Users\jclou\AppData\Roaming\5w02ewcdjib\ao53t055c3r.exe" [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | bv3bzqbx2fo : "C:\Users\jclou\AppData\Roaming\q0g0vwnfr2y\jzbelxl525a.exe" [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | javab3nodwm : "C:\Users\jclou\AppData\Roaming\ritve3ktcqm\no32cxim1lq.exe" [x] -> Trouvé(e) [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | egsiiifr03r : "C:\Users\jclou\AppData\Roaming\11clvgttm1k\hejc1oct3lx.exe" [x] -> Trouvé(e) [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | 25byozgnngk : "C:\Users\jclou\AppData\Roaming\uavbsc32as3\xxg1uchj1g4.exe" [x] -> Trouvé(e) [VT.HEUR:Trojan-Dropper.MSIL.Generic] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | OE0YJ6R5OYLD64H : "C:\Program Files (x86)\xfepxsbbdrd\NS7US.exe" [-] -> Trouvé(e) [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | k4p2ivxx2qi : "C:\Users\jclou\AppData\Roaming\hoqkhl4g5x5\2o0k4cu4wn0.exe" [x] -> Trouvé(e) [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | zn2tiohqrht : "C:\Users\jclou\AppData\Roaming\5w02ewcdjib\ao53t055c3r.exe" [x] -> Trouvé(e) [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | bv3bzqbx2fo : "C:\Users\jclou\AppData\Roaming\q0g0vwnfr2y\jzbelxl525a.exe" [x] -> Trouvé(e) [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Windows\CurrentVersion\Run | javab3nodwm : "C:\Users\jclou\AppData\Roaming\ritve3ktcqm\no32cxim1lq.exe" [x] -> Trouvé(e) [VT.Adware.Tuto4PC.Generic] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | OMEWPRODUCT_S7G0P : "C:\Program Files (x86)\xfepxsbbdrd\8T1H8M7G32YNT3Y.exe" [-] -> Trouvé(e) [Tr.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clsid54021 (C:\ProgramData\clsid54021.exe) -> Trouvé(e) [Adw.ChinAd] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LanmaMaster (\??\C:\WINDOWS\system32\drivers\lanmamaster.sys) -> Trouvé(e) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ASUS15.msn.com/?pc=ASTE -> Trouvé(e) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2466184683-2694909910-745646739-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ASUS15.msn.com/?pc=ASTE -> Trouvé(e) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{72b09b6d-4232-4da0-8ca8-0e9593c931bf} | DhcpNameServer : 172.18.13.1 ([]) -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0419AC99-37CB-4964-85FF-D1B4701AEBA5} : v2.26|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\jclou\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [-] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {794D0FE9-7B72-4CE3-901E-AB2D8DF1E96D} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\jclou\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [-] -> Trouvé(e) ¤¤¤ Tâches : 2 ¤¤¤ [Hj.Shortcut] \{298E82EC-6953-476C-8872-112BF15257FE} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (https://ui.skype.com/ui/0/7.38.0.101/fr/abandoninstall?page=tsMain) -> Trouvé(e) [Tr.Gen] \{F5801453-74FD-4892-B054-335FDEF6701A} -- rundll32.exe ("C:\Users\jclou\AppData\Local\Microsoft\TaskPlay\caches.dat",StaticCache) -> Trouvé(e) ¤¤¤ Fichiers : 16 ¤¤¤ [Adw.ChinAd][Fichier] C:\Windows\System32\LanmaMasterHelp.dll -> Trouvé(e) [Root.Wajam][Fichier] C:\Windows\System32\drivers\8290759c81fc462abf553ffcaf9f1dd1.sys -> Trouvé(e) [Adw.ChinAd][Fichier] C:\Windows\System32\drivers\lanmamaster.sys -> Trouvé(e) [Tr.Gen][Répertoire] C:\Users\jclou\AppData\Local\Microsoft\TaskPlay -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\5S941ATV8G\installMe.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\D3X7XXKP2S\installMe.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\D8BTOEMKIX\installMe.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\ERC0BMK69C\installMe.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\QAKBO5NP92\installMe.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\SHAUJP01ZO\installMe.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\VRPS5PZ16R\installMe.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\YV1CQWWW8M\OneTwo.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\YV1CQWWW8M\Sho9libi.exe -> Trouvé(e) [Adw.Wizzcaster][Fichier] C:\Users\jclou\AppData\Local\Temp\Z6F6K5SFA7\installMe.exe -> Trouvé(e) [PUP.HPDefender][Fichier] C:\$Recycle.Bin\S-1-5-21-2466184683-2694909910-745646739-1001\$RLEZEWL.lnk [LNK@] C:\Users\jclou\AppData\Roaming\Mp3tagApp2\Mp3tagApp2\Mp3tag.exe -> Trouvé(e) [PUP.UCBrowser][Répertoire] C:\Program Files (x86)\UCBrowser -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA DT01ACA100 +++++ --- User --- [MBR] dff61d299e971c9ae967afc699b6241b [BSP] 113eed9752c1999ca12c1f30970f473e : Empty MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB 2 - Basic data partition | Offset (sectors): 239616 | Size: 153600 MB 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 314812416 | Size: 500 MB 4 - Basic data partition | Offset (sectors): 315836416 | Size: 799652 MB User = LL1 ... OK User = LL2 ... OK