RogueKiller V12.11.26.0 [Nov 27 2017] (Gratuit) par Adlice Software email : http://www.adlice.com/fr/contact/ Remontées : https://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com/fr/ Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Démarré en : Mode normal Utilisateur : UTILISATEUR [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 12/01/2017 16:20:20 (Durée : 01:37:06) ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 23 ¤¤¤ [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Trouvé(e) [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Babylon -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Reimage -> Trouvé(e) [PUP.AMule] HKEY_USERS\.DEFAULT\Software\aMule -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-427539266-4164703841-491026186-1000\Software\Reimage -> Trouvé(e) [PUP.AMule] HKEY_USERS\S-1-5-18\Software\aMule -> Trouvé(e) [PUP.BrowsingProtection] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware Browsing Protection -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eapihdrv (\??\C:\Users\UTILIS~1\AppData\Local\Temp\ehdrv.sys) -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eapihdrv (\??\C:\Users\UTILIS~1\AppData\Local\Temp\ehdrv.sys) -> Trouvé(e) [PUP.Gen0] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ReimageRealTimeProtector (C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe) -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C166C18C-1079-4E29-BE39-9E3E6C4A02CF}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0EA9531F-893F-4D05-BA97-3D083758670B}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {56FE0C0A-7DE1-45C1-B015-F09FDA74D301} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F06E203-6DA1-4262-847A-67919568B020} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A103DF8E-4E85-481E-9ECE-D5A735DF8456} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3C65EDE5-2368-4299-A9D2-2538B1D829A6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{C166C18C-1079-4E29-BE39-9E3E6C4A02CF}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{0EA9531F-893F-4D05-BA97-3D083758670B}C:\programdata\free music zilla\fmzilla.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\programdata\free music zilla\fmzilla.exe|Name=FMZilla Module|Desc=FMZilla Module|Defer=User| [-] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {56FE0C0A-7DE1-45C1-B015-F09FDA74D301} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F06E203-6DA1-4262-847A-67919568B020} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A103DF8E-4E85-481E-9ECE-D5A735DF8456} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3C65EDE5-2368-4299-A9D2-2538B1D829A6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\UTILISATEUR\AppData\Local\Apowersoft\Online Audio Recorder\Online Audio Recorder.exe|Name=Online Audio Recorder| [7] -> Trouvé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 7 ¤¤¤ [PUP.BrowsingProtection][Répertoire] C:\ProgramData\Ad-Aware Browsing Protection -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Babylon -> Trouvé(e) [PUP.Gen0][Fichier] C:\Windows\Reimage.ini -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\UTILISATEUR\AppData\Roaming\Babylon -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\UTILISATEUR\AppData\Local\Babylon -> Trouvé(e) [PUP.BrowsingProtection][Répertoire] C:\ProgramData\Ad-Aware Browsing Protection -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Babylon -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 1 ¤¤¤ [PUP.Gen2][Firefox:Addon] 8skr8vst.default : Search and New Tab by Yahoo [jid1-16aeif9OQIRKxA@jetpack] -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: STM3500418AS ATA Device +++++ --- User --- [MBR] ad72891c489af99fd241115ec14a448e [BSP] d45e1d1ba58dd9e43134da3b0cdad4c6 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SAMSUNG HD103SI ATA Device +++++ --- User --- [MBR] f373f9a8502342790174497b17674bf5 [BSP] b7e5f5ec2a4a010f7109940b7f9e3d55 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: OEI-USB CompactFlash USB Device +++++ Error reading User MBR! ([15] Le périphérique n?est pas prêt. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive3: OEI-USB SM/MS/SD USB Device +++++ Error reading User MBR! ([15] Le périphérique n?est pas prêt. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )