ÿþRogueKiller V12.7.1.0 (x64) [Oct 10 2016] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version Démarré en : Mode normal Utilisateur : yannick [Administrateur] Démarré depuis : C:\Users\yannick\Desktop\RogueKillerX64.exe Mode : Scan -- Date : 10/10/2016 19:58:37 (Durée : 01:00:35) ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 8 ¤¤¤ [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A} -> Trouvé(e) [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b} -> Trouvé(e) [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2237771939-2435204212-4217874023-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-blocking.info/wpad.dat?c78bfa5029d60d75392b687d32bc7d1f17834388 -> Trouvé(e) [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2237771939-2435204212-4217874023-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-blocking.info/wpad.dat?c78bfa5029d60d75392b687d32bc7d1f17834388 -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FF4C0836-B544-4254-A843-71DF26DAB3BC} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=%LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe|Name=HP Connected Music Spotify Helper| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {93BEA8ED-1A0D-419E-8E42-A65C1E6B93A8} : v2.20|Action=Allow|Active=TRUE|Dir=Out|App=%LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe|Name=HP Connected Music Spotify Helper| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4DFBA340-5E69-41D0-AD9A-B1832F8ADC5D} : v2.20|Action=Allow|Active=TRUE|Dir=In|App=%LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe|Name=HP Connected Music| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B1ADE038-EE30-4A9E-9700-26501FD1709F} : v2.20|Action=Allow|Active=TRUE|Dir=Out|App=%LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe|Name=HP Connected Music| [x] -> Trouvé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 5 ¤¤¤ [Hidden.ADS][Flux] C:\WINDOWS\System32\rdas1079.dll:Zone.Identifier -> Trouvé(e) [Hidden.ADS][Flux] C:\WINDOWS\System32\RdCi1079.dll:Zone.Identifier -> Trouvé(e) [Hidden.ADS][Flux] C:\WINDOWS\System32\RDDP1079.EXE:Zone.Identifier -> Trouvé(e) [Hidden.ADS][Flux] C:\WINDOWS\SysWOW64\RDAW1079.DLL:Zone.Identifier -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\FileFinder -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 1 ¤¤¤ [PUP][FIREFX:Addon] 6yg37htc.default-1404679998576 : cacaoweb [cacaoweb@cacaoweb.org] -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD7500BPVT-60HXZT3 +++++ --- User --- [MBR] d0af33687b9a2800c199c68bb0e60457 [BSP] cb0bb350b2a3958c3d93ddd19ce3470f : Empty MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 1615872 | Size: 691494 MB 4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1417797632 | Size: 789 MB 5 - [SYSTEM] Basic data partition | Offset (sectors): 1419413504 | Size: 22326 MB User = LL1 ... OK User = LL2 ... OK