RogueKiller V12.3.0.0 [May 22 2016] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8 (6.2.9200) 32 bits version
Démarré en  : Mode normal
Utilisateur : Zéro-PC [Administrateur]
Démarré depuis : C:\Users\Zéro-PC\Downloads\Programs\RogueKiller.exe
Mode : Suppression -- Date : 05/28/2016 14:50:21

¤¤¤ Processus : 3 ¤¤¤
[Suspicious.Path] slsvc.exe(3048) -- C:\Windows\slsvc.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] PersonalizeEnabler.exe(3160) -- C:\Windows\PersonalizeEnabler.exe[-] -> Tué(e) [TermProc]
[Suspicious.Path] (SVC) slsvc -- C:\Windows\slsvc.exe[-] -> Arrêté(e)

¤¤¤ Registre : 17 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\ConstantFun -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MpKsla433ed77 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E1AF1E7-0630-4646-88F6-7F93C4C13EEE}\MpKsla433ed77.sys) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\slsvc (C:\Windows\slsvc.exe) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_D_D969\ControlSet001\Services\slsvc (C:\Windows\slsvc.exe) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpKsla433ed77 (\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5E1AF1E7-0630-4646-88F6-7F93C4C13EEE}\MpKsla433ed77.sys) -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\slsvc (C:\Windows\slsvc.exe) -> Supprimé(e)
[PUM.HomePage] HKEY_USERS\S-1-5-21-493461314-785661750-2614819641-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.touslesdrivers.com/  -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2873DDE6-C1A4-495F-AB1F-FA9EB852364A} | DhcpNameServer : 105.73.0.4 41.137.33.25 ([X][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{738ED96D-FDA2-4DD5-BD1D-2685F124783C} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92B8C0AB-A476-4F58-B658-2EBC9990955C} | DhcpNameServer : 172.20.10.1 ([X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_D969\ControlSet001\Services\Tcpip\Parameters\Interfaces\{821CFA47-FBE8-4733-8779-FBC8F0E37CB0} | DhcpNameServer : 62.251.230.241 212.217.1.1 ([X][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_D_D969\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B750E490-DC04-49C2-A978-F2E7698F21D2} | DhcpNameServer : 212.217.0.12 212.217.1.12 ([X][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2873DDE6-C1A4-495F-AB1F-FA9EB852364A} | DhcpNameServer : 105.73.0.4 41.137.33.25 ([X][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{738ED96D-FDA2-4DD5-BD1D-2685F124783C} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92B8C0AB-A476-4F58-B658-2EBC9990955C} | DhcpNameServer : 172.20.10.1 ([X])  -> Remplacé(e) ()

¤¤¤ Tâches : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskMachineUA.job -- C:\Program Files\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Supprimé(e)
[Suspicious.Path] \GoogleUpdateTaskMachineUA -- C:\Program Files\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Supprimé(e)

¤¤¤ Fichiers : 3 ¤¤¤
[PUP][Fichier] C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\10\Plugin.exe -> Supprimé(e)
[PUP][Fichier] C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\2\Plugin.exe -> Supprimé(e)
[PUP][Fichier] C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe -> Supprimé(e)

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 40 (Driver: Chargé) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwThawTransactions[31] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052fdc6 (jmp dword [0x81c17030])
[SSDT:Inl(Hook.SSDT)] ZwSinglePhaseReject[43] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c464 (jmp dword [0x81c17110])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransactionManager[69] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff80530a92 (jmp dword [0x81c17114])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationTransaction[70] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052fa60 (jmp dword [0x81c17034])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationResourceManager[73] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052ce54 (jmp dword [0x81c17128])
[SSDT:Inl(Hook.SSDT)] ZwSetInformationEnlistment[79] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052bd86 (jmp dword [0x81c1703c])
[SSDT:Inl(Hook.SSDT)] ZwRollforwardTransactionManager[100] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff80530412 (jmp dword [0x81c17118])
[SSDT:Inl(Hook.SSDT)] ZwRollbackTransaction[101] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052f9f8 (jmp dword [0x81c17040])
[SSDT:Inl(Hook.SSDT)] ZwRollbackEnlistment[102] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c18c (jmp dword [0x81c17044])
[SSDT:Inl(Hook.SSDT)] ZwRollbackComplete[103] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c5cc (jmp dword [0x81c17048])
[SSDT:Inl(Hook.SSDT)] ZwRenameTransactionManager[117] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff805302ae (jmp dword [0x81c1711c])
[SSDT:Inl(Hook.SSDT)] ZwRegisterProtocolAddressInformation[127] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff80530bd2 (jmp dword [0x81c17120])
[SSDT:Inl(Hook.SSDT)] ZwRecoverTransactionManager[128] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff805304c8 (jmp dword [0x81c1704c])
[SSDT:Inl(Hook.SSDT)] ZwRecoverResourceManager[129] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052cae4 (jmp dword [0x81c17050])
[SSDT:Inl(Hook.SSDT)] ZwRecoverEnlistment[130] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052bada (jmp dword [0x81c17054])
[SSDT:Inl(Hook.SSDT)] ZwReadOnlyEnlistment[133] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c518 (jmp dword [0x81c17058])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransactionManager[171] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff80530522 (jmp dword [0x81c1705c])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationTransaction[172] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052f1d8 (jmp dword [0x81c17060])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationResourceManager[175] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052cc48 (jmp dword [0x81c17064])
[SSDT:Inl(Hook.SSDT)] ZwQueryInformationEnlistment[180] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052bb34 (jmp dword [0x81c170e0])
[SSDT:Inl(Hook.SSDT)] ZwPropagationFailed[196] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff80530e5e (jmp dword [0x81c1706c])
[SSDT:Inl(Hook.SSDT)] ZwPropagationComplete[197] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff80530d94 (jmp dword [0x81c17070])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareEnlistment[202] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c020 (jmp dword [0x81c1707c])
[SSDT:Inl(Hook.SSDT)] ZwPrePrepareComplete[203] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c2f8 (jmp dword [0x81c17080])
[SSDT:Inl(Hook.SSDT)] ZwPrepareEnlistment[204] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052bf6a (jmp dword [0x81c17074])
[SSDT:Inl(Hook.SSDT)] ZwPrepareComplete[205] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c242 (jmp dword [0x81c17078])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransactionManager[208] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff80530032 (jmp dword [0x81c17084])
[SSDT:Inl(Hook.SSDT)] ZwOpenTransaction[209] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052efd6 (jmp dword [0x81c17088])
[SSDT:Inl(Hook.SSDT)] ZwOpenResourceManager[218] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c92c (jmp dword [0x81c1708c])
[SSDT:Inl(Hook.SSDT)] ZwOpenEnlistment[235] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052b936 (jmp dword [0x81c17090])
[SSDT:Inl(Hook.SSDT)] ZwGetNotificationResourceManager[268] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052cb3c (jmp dword [0x81c17094])
[SSDT:Inl(Hook.SSDT)] ZwFreezeTransactions[278] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052fcf2 (jmp dword [0x81c17098])
[SSDT:Inl(Hook.SSDT)] ZwEnumerateTransactionObject[296] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052f792 (jmp dword [0x81c1709c])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransactionManager[326] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052fe1c (jmp dword [0x81c170a0])
[SSDT:Inl(Hook.SSDT)] ZwCreateTransaction[327] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052ecba (jmp dword [0x81c170a4])
[SSDT:Inl(Hook.SSDT)] ZwCreateResourceManager[337] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c680 (jmp dword [0x81c170a8])
[SSDT:Inl(Hook.SSDT)] ZwCreateEnlistment[358] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052b736 (jmp dword [0x81c170ac])
[SSDT:Inl(Hook.SSDT)] ZwCommitTransaction[368] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052f990 (jmp dword [0x81c170bc])
[SSDT:Inl(Hook.SSDT)] ZwCommitEnlistment[369] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c0d6 (jmp dword [0x81c170b8])
[SSDT:Inl(Hook.SSDT)] ZwCommitComplete[370] : C:\Windows\System32\Drivers\tm.sys @ 0xffffffff8052c3ae (jmp dword [0x81c170b4])

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] 265ff508c86f9d3ab5a1fd24429686f5
[BSP] 46a67dff56bd59807e9efba4e54ffc01 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 50085 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 102606848 | Size: 255143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK