Publicité
Publicité
Format du document : text/plain
Prévisualisation
{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.8.1.0",
"x64": true,
"date": "Nov 14 2016",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/fr/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version",
"boot": 0,
"winpe": false,
"user": "Auchan",
"user_admin": true,
"program_location": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 1,
"aborted": false,
"date": "11/19/2016 10:12:42",
"duration": 6010,
"switches": 0,
"debug": false,
"count": 36,
"show_legit_hooks": false,
"expert_mode": false
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 344,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "\\SystemRoot\\System32\\smss.exe",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 472,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
"pid_parent": 464,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 552,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "wininit.exe",
"pid_parent": 464,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 568,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
"pid_parent": 544,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "wininit.exe",
"pid": 604,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "C:\\Windows\\system32\\services.exe",
"pid_parent": 552,
"path_parent": "C:\\Windows\\System32\\wininit.exe",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "wininit.exe",
"pid": 628,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\Windows\\system32\\lsass.exe",
"pid_parent": 552,
"path_parent": "C:\\Windows\\System32\\wininit.exe",
"is_64": true
},
{
"name": "lsm.exe",
"name_parent": "wininit.exe",
"pid": 636,
"path": "C:\\Windows\\System32\\lsm.exe",
"command_line": "C:\\Windows\\system32\\lsm.exe",
"pid_parent": 552,
"path_parent": "C:\\Windows\\System32\\wininit.exe",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 692,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 544,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 780,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 876,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "atiesrxx.exe",
"name_parent": "services.exe",
"pid": 924,
"path": "C:\\Windows\\System32\\atiesrxx.exe",
"command_line": "C:\\Windows\\system32\\atiesrxx.exe",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1000,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 252,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 392,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalService",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 476,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1036,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k GPSvcGroup",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1120,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "atieclxx.exe",
"name_parent": "atiesrxx.exe",
"pid": 1184,
"path": "C:\\Windows\\System32\\atieclxx.exe",
"command_line": "atieclxx",
"pid_parent": 924,
"path_parent": "C:\\Windows\\System32\\atiesrxx.exe",
"is_64": true
},
{
"name": "AvastSvc.exe",
"name_parent": "services.exe",
"pid": 1208,
"path": "C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe",
"command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "spoolsv.exe",
"name_parent": "services.exe",
"pid": 1440,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\Windows\\System32\\spoolsv.exe",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "taskeng.exe",
"name_parent": "svchost.exe",
"pid": 1448,
"path": "C:\\Windows\\System32\\taskeng.exe",
"command_line": "taskeng.exe {E8E5AF8F-3D32-4C02-8B52-EA1A13726ABD}",
"pid_parent": 476,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "svchost.exe",
"pid": 1464,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"C:\\Windows\\system32\\Dwm.exe\"",
"pid_parent": 252,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 1508,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\Windows\\Explorer.EXE",
"pid_parent": 1432,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1524,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "taskhost.exe",
"name_parent": "services.exe",
"pid": 1532,
"path": "C:\\Windows\\System32\\taskhost.exe",
"command_line": "\"taskhost.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "armsvc.exe",
"name_parent": "services.exe",
"pid": 1760,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "robotaskbaricon.exe",
"name_parent": "Explorer.EXE",
"pid": 1896,
"path": "C:\\Program Files (x86)\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe",
"command_line": "\"C:\\Program Files (x86)\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe\" ",
"pid_parent": 1508,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "E_IATIFDE.EXE",
"name_parent": "Explorer.EXE",
"pid": 1916,
"path": "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\E_IATIFDE.EXE",
"command_line": "\"C:\\Windows\\System32\\spool\\drivers\\x64\\3\\E_IATIFDE.EXE\" /FU \"C:\\Windows\\TEMP\\E_S1821.tmp\" /EF \"HKCU\"",
"pid_parent": 1508,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "GoogleUpdate.exe",
"name_parent": "taskeng.exe",
"pid": 1948,
"path": "C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /c",
"pid_parent": 1448,
"path_parent": "C:\\Windows\\System32\\taskeng.exe",
"is_64": false
},
{
"name": "SuiteTray.exe",
"name_parent": "",
"pid": 2000,
"path": "C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe",
"command_line": "\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\" ",
"pid_parent": 1400,
"path_parent": "",
"is_64": false
},
{
"name": "avastui.exe",
"name_parent": "",
"pid": 1100,
"path": "C:\\Program Files\\AVAST Software\\Avast\\avastui.exe",
"command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\avastui.exe\" /nogui",
"pid_parent": 1400,
"path_parent": "",
"is_64": false
},
{
"name": "taskeng.exe",
"name_parent": "svchost.exe",
"pid": 2360,
"path": "C:\\Windows\\System32\\taskeng.exe",
"command_line": "taskeng.exe {DBDE557D-DD66-42D9-ABE4-FFEE90D1375F}",
"pid_parent": 476,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "clear.fiAgent.exe",
"name_parent": "taskeng.exe",
"pid": 2404,
"path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe",
"command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe\" ",
"pid_parent": 2360,
"path_parent": "C:\\Windows\\System32\\taskeng.exe",
"is_64": false
},
{
"name": "DMREngine.exe",
"name_parent": "taskeng.exe",
"pid": 2416,
"path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\DMREngine.exe",
"command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\.\\Kernel\\DMR\\DMREngine.exe\" ",
"pid_parent": 2360,
"path_parent": "C:\\Windows\\System32\\taskeng.exe",
"is_64": false
},
{
"name": "CLMSService.exe",
"name_parent": "clear.fiAgent.exe",
"pid": 2472,
"path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\CLMSService.exe",
"command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\CLMSService.exe\" ",
"pid_parent": 2404,
"path_parent": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2620,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k utcsvc",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "UpdaterService.exe",
"name_parent": "services.exe",
"pid": 2664,
"path": "C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe",
"command_line": "\"C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2868,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k imgsvc",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1824,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 3120,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "wmpnetwk.exe",
"name_parent": "services.exe",
"pid": 3388,
"path": "C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"command_line": "\"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "svchost.exe",
"pid": 3400,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d6c1ad0c-79d2-4b87-a582-26c5805d67ed -SystemEventPortName:HostProcess-fa9f9c87-6d9a-401e-a27e-c9fe9313b3f3 -IoCancelEventPortName:HostProcess-7722ea9c-0b2a-427a-ba21-dd3b6ac5e855 -NonStateChangingEventPortName:HostProcess-e783af6e-e081-463b-9534-6a2931268ea6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:efe58b14-20f2-4446-9969-690430ee0fc0 -DeviceGroupId:WpdFsGroup",
"pid_parent": 252,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 3676,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServicePeerNet",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 2220,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}",
"pid_parent": 780,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "NASvc.exe",
"name_parent": "services.exe",
"pid": 2788,
"path": "C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "TrustedInstaller.exe",
"name_parent": "services.exe",
"pid": 1732,
"path": "C:\\Windows\\servicing\\TrustedInstaller.exe",
"command_line": "C:\\Windows\\servicing\\TrustedInstaller.exe",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "RogueKillerX64_old.exe",
"name_parent": "Explorer.EXE",
"pid": 3156,
"path": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe",
"command_line": "\"C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe\" ",
"pid_parent": 1508,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "firefox.exe",
"name_parent": "RogueKillerX64_old.exe",
"pid": 1964,
"path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"command_line": "",
"pid_parent": 3156,
"path_parent": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 1672,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\Windows\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 780,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 2,
"scan_how": [
1
],
"scan_how_trigger": 1,
"vendors": [
"PUP"
],
"rule_name": "CLSID",
"view": 256,
"value": "",
"subkey": "{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_CLASSES_ROOT\\CLSID",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
1
],
"scan_how_trigger": 1,
"vendors": [
"PUP"
],
"rule_name": "CLSID",
"view": 256,
"value": "",
"subkey": "{A07E5BFF-B16C-4ABA-A30F-514213A945E6}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_CLASSES_ROOT\\CLSID",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "CleanerProConfig",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "CleanerProLanguage",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "GoldenGate",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "CleanerProConfig",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "CleanerProLanguage",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "GoldenGate",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "UNINSTALL",
"view": 512,
"value": "",
"subkey": "ASPackage",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "PCDSRVC{4E2DA380-2F15EF8A-06020200}_0",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services",
"extra": "\\??\\c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"path_compressed": "%localappdata%\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "PCDSRVC{4E2DA380-2F15EF8A-06020200}_0",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services",
"extra": "\\??\\c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"path_compressed": "%localappdata%\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
}
],
"tasks": [
{
"scan_what": 0,
"scan_how": [
1,
2
],
"vendors": [
"PUP"
],
"parent_folder": "\\",
"name": "CleanerPro_Popup",
"path": "\\CleanerPro_Popup",
"application_path": "C:\\Program Files (x86)\\Cleaner Pro\\Splash.exe",
"application_args": "true",
"vtscore": -2,
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 0,
"scan_how": [
1,
2
],
"vendors": [
"PUP"
],
"parent_folder": "\\",
"name": "CleanerPro_Start",
"path": "\\CleanerPro_Start",
"application_path": "C:\\Program Files (x86)\\Cleaner Pro\\CleanerPro.exe",
"application_args": "true",
"vtscore": -2,
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
}
],
"filesystem": [
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "GoldenGate",
"path_expanded": "C:\\Users\\Auchan\\AppData\\Roaming\\GoldenGate",
"path_compressed": "%APPDATA%\\GoldenGate",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "TROUVÉ",
"status_removed": 0
}
]
},
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "Reimage Repair",
"path_expanded": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Reimage Repair",
"path_compressed": "%programdata%\\Microsoft\\Windows\\Start Menu\\Programs\\Reimage Repair",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "TROUVÉ",
"status_removed": 0
}
]
},
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "Software",
"path_expanded": "C:\\Program Files (x86)\\Software",
"path_compressed": "%programfiles(x86)%\\Software",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "TROUVÉ",
"status_removed": 0
}
]
}
],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": false,
"driver_error": 3221226347,
"results": []
},
"web_browsers": [
{
"scan_what": 2,
"scan_how": [
1
],
"vendors": [
"PUM.SearchEngine"
],
"browser": 1,
"browser_str": "Firefox",
"config": {
"user": "9oml9ga2.default",
"line": "user_pref(\"browser.search.selectedEngine\", \"Yahoo! (Avast)\");",
"key": "browser.search.selectedEngine",
"value": "Yahoo! (Avast)",
"line_count": 55
},
"status_str": "TROUVÉ",
"status_malicious": true,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "homepage [http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M4CA256D4-C152-458B-90E6-4FA4FE1DC299&SearchSource=55&CUI=&UM=8&UP=SPF2900746-20CA-4F75-909A-00B27DC25AB7&SSPV=]",
"key": "homepage",
"value": "http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M4CA256D4-C152-458B-90E6-4FA4FE1DC299&SearchSource=55&CUI=&UM=8&UP=SPF2900746-20CA-4F75-909A-00B27DC25AB7&SSPV="
},
"status_str": "TROUVÉ",
"status_malicious": true,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.SearchPage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "default_search_provider_data.template_url_data.suggestions_url [{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}]",
"key": "default_search_provider_data.template_url_data.suggestions_url",
"value": "{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}"
},
"status_str": "TROUVÉ",
"status_malicious": true,
"status_choice": 1,
"status_removed": 0
}
],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: ST31000524AS ATA Device +++++\n--- User ---\n[MBR] 4945f5fd9a0e5f5f8f18ce5074baf4a7\n[BSP] 2a666ef2f4204149fa73c0e3c0c6cc6c : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 21504 MB\n1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 44042240 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 44247040 | Size: 465870 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 998348800 | Size: 466393 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n"
}
}
}
"header": {
"program": {
"project": "RogueKiller",
"version": "12.8.1.0",
"x64": true,
"date": "Nov 14 2016",
"contact": "http://www.adlice.com/contact/",
"feedback": "http://forum.adlice.com",
"website": "http://www.adlice.com/fr/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version",
"boot": 0,
"winpe": false,
"user": "Auchan",
"user_admin": true,
"program_location": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 1,
"aborted": false,
"date": "11/19/2016 10:12:42",
"duration": 6010,
"switches": 0,
"debug": false,
"count": 36,
"show_legit_hooks": false,
"expert_mode": false
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 344,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "\\SystemRoot\\System32\\smss.exe",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 472,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
"pid_parent": 464,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 552,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "wininit.exe",
"pid_parent": 464,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 568,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
"pid_parent": 544,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "wininit.exe",
"pid": 604,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "C:\\Windows\\system32\\services.exe",
"pid_parent": 552,
"path_parent": "C:\\Windows\\System32\\wininit.exe",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "wininit.exe",
"pid": 628,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\Windows\\system32\\lsass.exe",
"pid_parent": 552,
"path_parent": "C:\\Windows\\System32\\wininit.exe",
"is_64": true
},
{
"name": "lsm.exe",
"name_parent": "wininit.exe",
"pid": 636,
"path": "C:\\Windows\\System32\\lsm.exe",
"command_line": "C:\\Windows\\system32\\lsm.exe",
"pid_parent": 552,
"path_parent": "C:\\Windows\\System32\\wininit.exe",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 692,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 544,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 780,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 876,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "atiesrxx.exe",
"name_parent": "services.exe",
"pid": 924,
"path": "C:\\Windows\\System32\\atiesrxx.exe",
"command_line": "C:\\Windows\\system32\\atiesrxx.exe",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1000,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 252,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 392,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalService",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 476,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1036,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k GPSvcGroup",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1120,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "atieclxx.exe",
"name_parent": "atiesrxx.exe",
"pid": 1184,
"path": "C:\\Windows\\System32\\atieclxx.exe",
"command_line": "atieclxx",
"pid_parent": 924,
"path_parent": "C:\\Windows\\System32\\atiesrxx.exe",
"is_64": true
},
{
"name": "AvastSvc.exe",
"name_parent": "services.exe",
"pid": 1208,
"path": "C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe",
"command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "spoolsv.exe",
"name_parent": "services.exe",
"pid": 1440,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\Windows\\System32\\spoolsv.exe",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "taskeng.exe",
"name_parent": "svchost.exe",
"pid": 1448,
"path": "C:\\Windows\\System32\\taskeng.exe",
"command_line": "taskeng.exe {E8E5AF8F-3D32-4C02-8B52-EA1A13726ABD}",
"pid_parent": 476,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "svchost.exe",
"pid": 1464,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"C:\\Windows\\system32\\Dwm.exe\"",
"pid_parent": 252,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 1508,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\Windows\\Explorer.EXE",
"pid_parent": 1432,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1524,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "taskhost.exe",
"name_parent": "services.exe",
"pid": 1532,
"path": "C:\\Windows\\System32\\taskhost.exe",
"command_line": "\"taskhost.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "armsvc.exe",
"name_parent": "services.exe",
"pid": 1760,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "robotaskbaricon.exe",
"name_parent": "Explorer.EXE",
"pid": 1896,
"path": "C:\\Program Files (x86)\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe",
"command_line": "\"C:\\Program Files (x86)\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe\" ",
"pid_parent": 1508,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "E_IATIFDE.EXE",
"name_parent": "Explorer.EXE",
"pid": 1916,
"path": "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\E_IATIFDE.EXE",
"command_line": "\"C:\\Windows\\System32\\spool\\drivers\\x64\\3\\E_IATIFDE.EXE\" /FU \"C:\\Windows\\TEMP\\E_S1821.tmp\" /EF \"HKCU\"",
"pid_parent": 1508,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "GoogleUpdate.exe",
"name_parent": "taskeng.exe",
"pid": 1948,
"path": "C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe",
"command_line": "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /c",
"pid_parent": 1448,
"path_parent": "C:\\Windows\\System32\\taskeng.exe",
"is_64": false
},
{
"name": "SuiteTray.exe",
"name_parent": "",
"pid": 2000,
"path": "C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe",
"command_line": "\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\" ",
"pid_parent": 1400,
"path_parent": "",
"is_64": false
},
{
"name": "avastui.exe",
"name_parent": "",
"pid": 1100,
"path": "C:\\Program Files\\AVAST Software\\Avast\\avastui.exe",
"command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\avastui.exe\" /nogui",
"pid_parent": 1400,
"path_parent": "",
"is_64": false
},
{
"name": "taskeng.exe",
"name_parent": "svchost.exe",
"pid": 2360,
"path": "C:\\Windows\\System32\\taskeng.exe",
"command_line": "taskeng.exe {DBDE557D-DD66-42D9-ABE4-FFEE90D1375F}",
"pid_parent": 476,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "clear.fiAgent.exe",
"name_parent": "taskeng.exe",
"pid": 2404,
"path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe",
"command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe\" ",
"pid_parent": 2360,
"path_parent": "C:\\Windows\\System32\\taskeng.exe",
"is_64": false
},
{
"name": "DMREngine.exe",
"name_parent": "taskeng.exe",
"pid": 2416,
"path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\DMREngine.exe",
"command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\.\\Kernel\\DMR\\DMREngine.exe\" ",
"pid_parent": 2360,
"path_parent": "C:\\Windows\\System32\\taskeng.exe",
"is_64": false
},
{
"name": "CLMSService.exe",
"name_parent": "clear.fiAgent.exe",
"pid": 2472,
"path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\CLMSService.exe",
"command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\CLMSService.exe\" ",
"pid_parent": 2404,
"path_parent": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2620,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k utcsvc",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "UpdaterService.exe",
"name_parent": "services.exe",
"pid": 2664,
"path": "C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe",
"command_line": "\"C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 2868,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k imgsvc",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 1824,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 3120,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "wmpnetwk.exe",
"name_parent": "services.exe",
"pid": 3388,
"path": "C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"command_line": "\"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "svchost.exe",
"pid": 3400,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d6c1ad0c-79d2-4b87-a582-26c5805d67ed -SystemEventPortName:HostProcess-fa9f9c87-6d9a-401e-a27e-c9fe9313b3f3 -IoCancelEventPortName:HostProcess-7722ea9c-0b2a-427a-ba21-dd3b6ac5e855 -NonStateChangingEventPortName:HostProcess-e783af6e-e081-463b-9534-6a2931268ea6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:efe58b14-20f2-4446-9969-690430ee0fc0 -DeviceGroupId:WpdFsGroup",
"pid_parent": 252,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "services.exe",
"pid": 3676,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServicePeerNet",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 2220,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}",
"pid_parent": 780,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "NASvc.exe",
"name_parent": "services.exe",
"pid": 2788,
"path": "C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe\"",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": false
},
{
"name": "TrustedInstaller.exe",
"name_parent": "services.exe",
"pid": 1732,
"path": "C:\\Windows\\servicing\\TrustedInstaller.exe",
"command_line": "C:\\Windows\\servicing\\TrustedInstaller.exe",
"pid_parent": 604,
"path_parent": "C:\\Windows\\System32\\services.exe",
"is_64": true
},
{
"name": "RogueKillerX64_old.exe",
"name_parent": "Explorer.EXE",
"pid": 3156,
"path": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe",
"command_line": "\"C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe\" ",
"pid_parent": 1508,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "firefox.exe",
"name_parent": "RogueKillerX64_old.exe",
"pid": 1964,
"path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"command_line": "",
"pid_parent": 3156,
"path_parent": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe",
"is_64": true
},
{
"name": "WmiPrvSE.exe",
"name_parent": "svchost.exe",
"pid": 1672,
"path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"command_line": "C:\\Windows\\system32\\wbem\\wmiprvse.exe",
"pid_parent": 780,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [
{
"scan_what": 2,
"scan_how": [
1
],
"scan_how_trigger": 1,
"vendors": [
"PUP"
],
"rule_name": "CLSID",
"view": 256,
"value": "",
"subkey": "{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_CLASSES_ROOT\\CLSID",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
1
],
"scan_how_trigger": 1,
"vendors": [
"PUP"
],
"rule_name": "CLSID",
"view": 256,
"value": "",
"subkey": "{A07E5BFF-B16C-4ABA-A30F-514213A945E6}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_CLASSES_ROOT\\CLSID",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "CleanerProConfig",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "CleanerProLanguage",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "GoldenGate",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "CleanerProConfig",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "CleanerProLanguage",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "GoldenGate",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "Boxore",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\.DEFAULT\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 256,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "SOFTWARE",
"view": 512,
"value": "",
"subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}",
"value_old_data": "",
"value_data": "",
"path": "HKEY_USERS\\S-1-5-18\\Software\\AppDataLow",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
7
],
"scan_how_trigger": 7,
"vendors": [
"PUP"
],
"rule_name": "UNINSTALL",
"view": 512,
"value": "",
"subkey": "ASPackage",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "PCDSRVC{4E2DA380-2F15EF8A-06020200}_0",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services",
"extra": "\\??\\c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"path_compressed": "%localappdata%\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
4
],
"scan_how_trigger": 4,
"vendors": [
"Suspicious.Path"
],
"rule_name": "Services",
"view": 256,
"value": "",
"subkey": "PCDSRVC{4E2DA380-2F15EF8A-06020200}_0",
"value_old_data": "",
"value_data": "",
"path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services",
"extra": "\\??\\c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"files_status": "[x]",
"vtscore": -1,
"files": [
{
"path_expanded": "c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"path_compressed": "%localappdata%\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms",
"md5": "",
"exists": false,
"signed": false,
"signer": "",
"vtscore": -1
}
],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
9
],
"scan_how_trigger": 9,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyEnable",
"subkey": "",
"value_old_data": "",
"value_data": "1",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 256,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 1,
"scan_how": [
13
],
"scan_how_trigger": 13,
"vendors": [
"PUM.Proxy"
],
"rule_name": "Proxy",
"view": 512,
"value": "ProxyServer",
"subkey": "",
"value_old_data": "",
"value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362",
"path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"extra": "",
"files_status": "",
"vtscore": -1,
"files": [],
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
}
],
"tasks": [
{
"scan_what": 0,
"scan_how": [
1,
2
],
"vendors": [
"PUP"
],
"parent_folder": "\\",
"name": "CleanerPro_Popup",
"path": "\\CleanerPro_Popup",
"application_path": "C:\\Program Files (x86)\\Cleaner Pro\\Splash.exe",
"application_args": "true",
"vtscore": -2,
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 0,
"scan_how": [
1,
2
],
"vendors": [
"PUP"
],
"parent_folder": "\\",
"name": "CleanerPro_Start",
"path": "\\CleanerPro_Start",
"application_path": "C:\\Program Files (x86)\\Cleaner Pro\\CleanerPro.exe",
"application_args": "true",
"vtscore": -2,
"status_str": "TROUVÉ",
"status_choice": 1,
"status_removed": 0
}
],
"filesystem": [
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "GoldenGate",
"path_expanded": "C:\\Users\\Auchan\\AppData\\Roaming\\GoldenGate",
"path_compressed": "%APPDATA%\\GoldenGate",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "TROUVÉ",
"status_removed": 0
}
]
},
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "Reimage Repair",
"path_expanded": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Reimage Repair",
"path_compressed": "%programdata%\\Microsoft\\Windows\\Start Menu\\Programs\\Reimage Repair",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "TROUVÉ",
"status_removed": 0
}
]
},
{
"scan_what": 3,
"scan_how": [
1,
2,
9
],
"vendors": [
"PUP"
],
"status_choice": 2,
"processed": [
{
"type": 2,
"name": "Software",
"path_expanded": "C:\\Program Files (x86)\\Software",
"path_compressed": "%programfiles(x86)%\\Software",
"extra": "",
"md5": "",
"md5_low_level": "",
"forged": false,
"lnk_target": "",
"lnk_args": "",
"junc_target": "",
"junc_tag": 0,
"junc_error": 0,
"exists": true,
"signed": false,
"signer": "",
"status_str": "TROUVÉ",
"status_removed": 0
}
]
}
],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": false,
"driver_error": 3221226347,
"results": []
},
"web_browsers": [
{
"scan_what": 2,
"scan_how": [
1
],
"vendors": [
"PUM.SearchEngine"
],
"browser": 1,
"browser_str": "Firefox",
"config": {
"user": "9oml9ga2.default",
"line": "user_pref(\"browser.search.selectedEngine\", \"Yahoo! (Avast)\");",
"key": "browser.search.selectedEngine",
"value": "Yahoo! (Avast)",
"line_count": 55
},
"status_str": "TROUVÉ",
"status_malicious": true,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.HomePage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "homepage [http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M4CA256D4-C152-458B-90E6-4FA4FE1DC299&SearchSource=55&CUI=&UM=8&UP=SPF2900746-20CA-4F75-909A-00B27DC25AB7&SSPV=]",
"key": "homepage",
"value": "http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M4CA256D4-C152-458B-90E6-4FA4FE1DC299&SearchSource=55&CUI=&UM=8&UP=SPF2900746-20CA-4F75-909A-00B27DC25AB7&SSPV="
},
"status_str": "TROUVÉ",
"status_malicious": true,
"status_choice": 1,
"status_removed": 0
},
{
"scan_what": 2,
"scan_how": [
2
],
"vendors": [
"PUM.SearchPage"
],
"browser": 3,
"browser_str": "Chrome",
"config": {
"user": "Default [SecurePrefs]",
"line": "default_search_provider_data.template_url_data.suggestions_url [{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}]",
"key": "default_search_provider_data.template_url_data.suggestions_url",
"value": "{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}"
},
"status_str": "TROUVÉ",
"status_malicious": true,
"status_choice": 1,
"status_removed": 0
}
],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: ST31000524AS ATA Device +++++\n--- User ---\n[MBR] 4945f5fd9a0e5f5f8f18ce5074baf4a7\n[BSP] 2a666ef2f4204149fa73c0e3c0c6cc6c : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 21504 MB\n1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 44042240 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 44247040 | Size: 465870 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 998348800 | Size: 466393 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n"
}
}
}