RogueKiller V12.3.2.0 [Jun 6 2016] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/logiciels/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Démarré en : Mode normal Utilisateur : QUSAI BARKA [Administrateur] Démarré depuis : C:\Users\QUSAI BARKA\Desktop\RogueKiller.exe Mode : Suppression -- Date : 06/12/2016 03:29:41 ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 9 ¤¤¤ [PUP] HKEY_LOCAL_MACHINE\Software\Myfree Codec -> Supprimé(e) [PUP] HKEY_USERS\S-1-5-21-1087414920-4244440857-1596309313-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Supprimé(e) [PUM.Proxy] HKEY_USERS\S-1-5-21-1087414920-4244440857-1596309313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.info/wpad.dat?7c44cb3592cf19bb4d70b8238835f81a11393617 -> Supprimé(e) [PUM.Proxy] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.info/wpad.dat?7c44cb3592cf19bb4d70b8238835f81a11393617 -> Supprimé(e) [PUM.Proxy] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.info/wpad.dat?7c44cb3592cf19bb4d70b8238835f81a11393617 -> ERROR [2] [PUM.Proxy] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.info/wpad.dat?7c44cb3592cf19bb4d70b8238835f81a11393617 -> Supprimé(e) [PUM.HomePage] HKEY_USERS\S-1-5-21-1087414920-4244440857-1596309313-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160602__yaie -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2) [PUM.StartMenu] HKEY_USERS\S-1-5-21-1087414920-4244440857-1596309313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Remplacé(e) (1) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 1 ¤¤¤ [PUP][Répertoire] C:\Users\QUSAI BARKA\AppData\Roaming\OpenCandy -> Supprimé(e) [PUP][Fichier] C:\Users\QUSAI BARKA\AppData\Roaming\OpenCandy\1CB2548B407F4497BC9082694CD146A2\WcInstaller.exe -> Supprimé(e) [PUP][Répertoire] C:\Users\QUSAI BARKA\AppData\Roaming\OpenCandy\1CB2548B407F4497BC9082694CD146A2 -> Supprimé(e) [PUP][Fichier] C:\Users\QUSAI BARKA\AppData\Roaming\OpenCandy\OpenCandy_A0AAA5BEF6AC4D4A83A64084D9F6B17E\dyesubd1_p3v0.exe -> Supprimé(e) [PUP][Répertoire] C:\Users\QUSAI BARKA\AppData\Roaming\OpenCandy\OpenCandy_A0AAA5BEF6AC4D4A83A64084D9F6B17E -> Supprimé(e) ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 1 ¤¤¤ [PUM.HomePage][FIREFX:Config] 5ae4tgo3.default : user_pref("browser.startup.homepage", "https://en-maktoob.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160602__yaff"); -> Remplacé(e) (about:home) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: FUJITSU MJA2500BH G2 ATA Device +++++ --- User --- [MBR] c65faef1e649a977e92a46ae3650777f [BSP] e497f80e9f9beab215ee08ae7ad29df4 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 249988 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 512000000 | Size: 226939 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK