{ "header": { "program": { "project": "RogueKiller", "version": "12.8.1.0", "x64": true, "date": "Nov 14 2016", "contact": "http://www.adlice.com/contact/", "feedback": "http://forum.adlice.com", "website": "http://www.adlice.com/fr/download/roguekiller/", "blog": "http://www.adlice.com" }, "environment": { "operating_system": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version", "boot": 0, "winpe": false, "user": "Auchan", "user_admin": true, "program_location": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe", "x64": true, "licensing": "free" }, "report": { "type": 1, "aborted": false, "date": "11/19/2016 10:12:42", "duration": 6010, "switches": 0, "debug": false, "count": 36, "show_legit_hooks": false, "expert_mode": false } }, "information": { "processes": [ { "name": "[System Process]", "name_parent": "", "pid": 0, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "System", "name_parent": "", "pid": 4, "path": "", "command_line": "", "pid_parent": 0, "path_parent": "", "is_64": true }, { "name": "smss.exe", "name_parent": "", "pid": 344, "path": "C:\\Windows\\System32\\smss.exe", "command_line": "\\SystemRoot\\System32\\smss.exe", "pid_parent": 4, "path_parent": "", "is_64": true }, { "name": "csrss.exe", "name_parent": "", "pid": 472, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16", "pid_parent": 464, "path_parent": "", "is_64": true }, { "name": "wininit.exe", "name_parent": "", "pid": 552, "path": "C:\\Windows\\System32\\wininit.exe", "command_line": "wininit.exe", "pid_parent": 464, "path_parent": "", "is_64": true }, { "name": "csrss.exe", "name_parent": "", "pid": 568, "path": "C:\\Windows\\System32\\csrss.exe", "command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16", "pid_parent": 544, "path_parent": "", "is_64": true }, { "name": "services.exe", "name_parent": "wininit.exe", "pid": 604, "path": "C:\\Windows\\System32\\services.exe", "command_line": "C:\\Windows\\system32\\services.exe", "pid_parent": 552, "path_parent": "C:\\Windows\\System32\\wininit.exe", "is_64": true }, { "name": "lsass.exe", "name_parent": "wininit.exe", "pid": 628, "path": "C:\\Windows\\System32\\lsass.exe", "command_line": "C:\\Windows\\system32\\lsass.exe", "pid_parent": 552, "path_parent": "C:\\Windows\\System32\\wininit.exe", "is_64": true }, { "name": "lsm.exe", "name_parent": "wininit.exe", "pid": 636, "path": "C:\\Windows\\System32\\lsm.exe", "command_line": "C:\\Windows\\system32\\lsm.exe", "pid_parent": 552, "path_parent": "C:\\Windows\\System32\\wininit.exe", "is_64": true }, { "name": "winlogon.exe", "name_parent": "", "pid": 692, "path": "C:\\Windows\\System32\\winlogon.exe", "command_line": "winlogon.exe", "pid_parent": 544, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 780, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 876, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "atiesrxx.exe", "name_parent": "services.exe", "pid": 924, "path": "C:\\Windows\\System32\\atiesrxx.exe", "command_line": "C:\\Windows\\system32\\atiesrxx.exe", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 1000, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 252, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 392, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalService", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 476, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 1036, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k GPSvcGroup", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 1120, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "atieclxx.exe", "name_parent": "atiesrxx.exe", "pid": 1184, "path": "C:\\Windows\\System32\\atieclxx.exe", "command_line": "atieclxx", "pid_parent": 924, "path_parent": "C:\\Windows\\System32\\atiesrxx.exe", "is_64": true }, { "name": "AvastSvc.exe", "name_parent": "services.exe", "pid": 1208, "path": "C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe", "command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\AvastSvc.exe\"", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": false }, { "name": "spoolsv.exe", "name_parent": "services.exe", "pid": 1440, "path": "C:\\Windows\\System32\\spoolsv.exe", "command_line": "C:\\Windows\\System32\\spoolsv.exe", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "taskeng.exe", "name_parent": "svchost.exe", "pid": 1448, "path": "C:\\Windows\\System32\\taskeng.exe", "command_line": "taskeng.exe {E8E5AF8F-3D32-4C02-8B52-EA1A13726ABD}", "pid_parent": 476, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "dwm.exe", "name_parent": "svchost.exe", "pid": 1464, "path": "C:\\Windows\\System32\\dwm.exe", "command_line": "\"C:\\Windows\\system32\\Dwm.exe\"", "pid_parent": 252, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "explorer.exe", "name_parent": "", "pid": 1508, "path": "C:\\Windows\\explorer.exe", "command_line": "C:\\Windows\\Explorer.EXE", "pid_parent": 1432, "path_parent": "", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 1524, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "taskhost.exe", "name_parent": "services.exe", "pid": 1532, "path": "C:\\Windows\\System32\\taskhost.exe", "command_line": "\"taskhost.exe\"", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "armsvc.exe", "name_parent": "services.exe", "pid": 1760, "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe", "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": false }, { "name": "robotaskbaricon.exe", "name_parent": "Explorer.EXE", "pid": 1896, "path": "C:\\Program Files (x86)\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe", "command_line": "\"C:\\Program Files (x86)\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe\" ", "pid_parent": 1508, "path_parent": "C:\\Windows\\explorer.exe", "is_64": false }, { "name": "E_IATIFDE.EXE", "name_parent": "Explorer.EXE", "pid": 1916, "path": "C:\\Windows\\System32\\spool\\drivers\\x64\\3\\E_IATIFDE.EXE", "command_line": "\"C:\\Windows\\System32\\spool\\drivers\\x64\\3\\E_IATIFDE.EXE\" /FU \"C:\\Windows\\TEMP\\E_S1821.tmp\" /EF \"HKCU\"", "pid_parent": 1508, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "GoogleUpdate.exe", "name_parent": "taskeng.exe", "pid": 1948, "path": "C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe", "command_line": "\"C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\" /c", "pid_parent": 1448, "path_parent": "C:\\Windows\\System32\\taskeng.exe", "is_64": false }, { "name": "SuiteTray.exe", "name_parent": "", "pid": 2000, "path": "C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe", "command_line": "\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\" ", "pid_parent": 1400, "path_parent": "", "is_64": false }, { "name": "avastui.exe", "name_parent": "", "pid": 1100, "path": "C:\\Program Files\\AVAST Software\\Avast\\avastui.exe", "command_line": "\"C:\\Program Files\\AVAST Software\\Avast\\avastui.exe\" /nogui", "pid_parent": 1400, "path_parent": "", "is_64": false }, { "name": "taskeng.exe", "name_parent": "svchost.exe", "pid": 2360, "path": "C:\\Windows\\System32\\taskeng.exe", "command_line": "taskeng.exe {DBDE557D-DD66-42D9-ABE4-FFEE90D1375F}", "pid_parent": 476, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "clear.fiAgent.exe", "name_parent": "taskeng.exe", "pid": 2404, "path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe", "command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe\" ", "pid_parent": 2360, "path_parent": "C:\\Windows\\System32\\taskeng.exe", "is_64": false }, { "name": "DMREngine.exe", "name_parent": "taskeng.exe", "pid": 2416, "path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\DMREngine.exe", "command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\.\\Kernel\\DMR\\DMREngine.exe\" ", "pid_parent": 2360, "path_parent": "C:\\Windows\\System32\\taskeng.exe", "is_64": false }, { "name": "CLMSService.exe", "name_parent": "clear.fiAgent.exe", "pid": 2472, "path": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\CLMSService.exe", "command_line": "\"C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\Kernel\\DMR\\CLMSService.exe\" ", "pid_parent": 2404, "path_parent": "C:\\Program Files (x86)\\Acer\\clear.fi\\MVP\\clear.fiAgent.exe", "is_64": false }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 2620, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\System32\\svchost.exe -k utcsvc", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "UpdaterService.exe", "name_parent": "services.exe", "pid": 2664, "path": "C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe", "command_line": "\"C:\\Program Files\\Acer\\Acer Updater\\UpdaterService.exe\"", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": false }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 2868, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k imgsvc", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 1824, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkServiceNetworkRestricted", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 3120, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "wmpnetwk.exe", "name_parent": "services.exe", "pid": 3388, "path": "C:\\Program Files\\Windows Media Player\\wmpnetwk.exe", "command_line": "\"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe\"", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "WUDFHost.exe", "name_parent": "svchost.exe", "pid": 3400, "path": "C:\\Windows\\System32\\WUDFHost.exe", "command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d6c1ad0c-79d2-4b87-a582-26c5805d67ed -SystemEventPortName:HostProcess-fa9f9c87-6d9a-401e-a27e-c9fe9313b3f3 -IoCancelEventPortName:HostProcess-7722ea9c-0b2a-427a-ba21-dd3b6ac5e855 -NonStateChangingEventPortName:HostProcess-e783af6e-e081-463b-9534-6a2931268ea6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:efe58b14-20f2-4446-9969-690430ee0fc0 -DeviceGroupId:WpdFsGroup", "pid_parent": 252, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "svchost.exe", "name_parent": "services.exe", "pid": 3676, "path": "C:\\Windows\\System32\\svchost.exe", "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServicePeerNet", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "dllhost.exe", "name_parent": "svchost.exe", "pid": 2220, "path": "C:\\Windows\\System32\\dllhost.exe", "command_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}", "pid_parent": 780, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true }, { "name": "NASvc.exe", "name_parent": "services.exe", "pid": 2788, "path": "C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe", "command_line": "\"C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe\"", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": false }, { "name": "TrustedInstaller.exe", "name_parent": "services.exe", "pid": 1732, "path": "C:\\Windows\\servicing\\TrustedInstaller.exe", "command_line": "C:\\Windows\\servicing\\TrustedInstaller.exe", "pid_parent": 604, "path_parent": "C:\\Windows\\System32\\services.exe", "is_64": true }, { "name": "RogueKillerX64_old.exe", "name_parent": "Explorer.EXE", "pid": 3156, "path": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe", "command_line": "\"C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe\" ", "pid_parent": 1508, "path_parent": "C:\\Windows\\explorer.exe", "is_64": true }, { "name": "firefox.exe", "name_parent": "RogueKillerX64_old.exe", "pid": 1964, "path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", "command_line": "", "pid_parent": 3156, "path_parent": "C:\\Users\\Auchan\\Desktop\\RogueKillerX64_old.exe", "is_64": true }, { "name": "WmiPrvSE.exe", "name_parent": "svchost.exe", "pid": 1672, "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe", "command_line": "C:\\Windows\\system32\\wbem\\wmiprvse.exe", "pid_parent": 780, "path_parent": "C:\\Windows\\System32\\svchost.exe", "is_64": true } ] }, "results": { "processes": [], "modules": [], "services": [], "registry": [ { "scan_what": 2, "scan_how": [ 1 ], "scan_how_trigger": 1, "vendors": [ "PUP" ], "rule_name": "CLSID", "view": 256, "value": "", "subkey": "{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}", "value_old_data": "", "value_data": "", "path": "HKEY_CLASSES_ROOT\\CLSID", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 1 ], "scan_how_trigger": 1, "vendors": [ "PUP" ], "rule_name": "CLSID", "view": 256, "value": "", "subkey": "{A07E5BFF-B16C-4ABA-A30F-514213A945E6}", "value_old_data": "", "value_data": "", "path": "HKEY_CLASSES_ROOT\\CLSID", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Boxore", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "Boxore", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "CleanerProConfig", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "CleanerProLanguage", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "GoldenGate", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "CleanerProConfig", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "CleanerProLanguage", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "GoldenGate", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-21-526764216-2617556814-1408285273-1000\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "Boxore", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "Boxore", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software\\AppDataLow", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\.DEFAULT\\Software\\AppDataLow", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 256, "value": "", "subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software\\AppDataLow", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "SOFTWARE", "view": 512, "value": "", "subkey": "{1146AC44-2F03-4431-B4FD-889BC837521F}", "value_old_data": "", "value_data": "", "path": "HKEY_USERS\\S-1-5-18\\Software\\AppDataLow", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 7 ], "scan_how_trigger": 7, "vendors": [ "PUP" ], "rule_name": "UNINSTALL", "view": 512, "value": "", "subkey": "ASPackage", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 4 ], "scan_how_trigger": 4, "vendors": [ "Suspicious.Path" ], "rule_name": "Services", "view": 256, "value": "", "subkey": "PCDSRVC{4E2DA380-2F15EF8A-06020200}_0", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services", "extra": "\\??\\c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms", "files_status": "[x]", "vtscore": -1, "files": [ { "path_expanded": "c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms", "path_compressed": "%localappdata%\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms", "md5": "", "exists": false, "signed": false, "signer": "", "vtscore": -1 } ], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 4 ], "scan_how_trigger": 4, "vendors": [ "Suspicious.Path" ], "rule_name": "Services", "view": 256, "value": "", "subkey": "PCDSRVC{4E2DA380-2F15EF8A-06020200}_0", "value_old_data": "", "value_data": "", "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services", "extra": "\\??\\c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms", "files_status": "[x]", "vtscore": -1, "files": [ { "path_expanded": "c:\\users\\auchan\\appdata\\local\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms", "path_compressed": "%localappdata%\\temp\\x7dm6txxwzsz\\pcdrdiag\\bin\\pcdsrvc_x64.pkms", "md5": "", "exists": false, "signed": false, "signer": "", "vtscore": -1 } ], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 256, "value": "ProxyEnable", "subkey": "", "value_old_data": "", "value_data": "1", "path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 512, "value": "ProxyEnable", "subkey": "", "value_old_data": "", "value_data": "1", "path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 256, "value": "ProxyEnable", "subkey": "", "value_old_data": "", "value_data": "1", "path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 9 ], "scan_how_trigger": 9, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 512, "value": "ProxyEnable", "subkey": "", "value_old_data": "", "value_data": "1", "path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 13 ], "scan_how_trigger": 13, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 256, "value": "ProxyServer", "subkey": "", "value_old_data": "", "value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362", "path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 13 ], "scan_how_trigger": 13, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 512, "value": "ProxyServer", "subkey": "", "value_old_data": "", "value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362", "path": "HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 13 ], "scan_how_trigger": 13, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 256, "value": "ProxyServer", "subkey": "", "value_old_data": "", "value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362", "path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 1, "scan_how": [ 13 ], "scan_how_trigger": 13, "vendors": [ "PUM.Proxy" ], "rule_name": "Proxy", "view": 512, "value": "ProxyServer", "subkey": "", "value_old_data": "", "value_data": "http=127.0.0.1:54362;https=127.0.0.1:54362", "path": "HKEY_USERS\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "extra": "", "files_status": "", "vtscore": -1, "files": [], "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 } ], "tasks": [ { "scan_what": 0, "scan_how": [ 1, 2 ], "vendors": [ "PUP" ], "parent_folder": "\\", "name": "CleanerPro_Popup", "path": "\\CleanerPro_Popup", "application_path": "C:\\Program Files (x86)\\Cleaner Pro\\Splash.exe", "application_args": "true", "vtscore": -2, "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 }, { "scan_what": 0, "scan_how": [ 1, 2 ], "vendors": [ "PUP" ], "parent_folder": "\\", "name": "CleanerPro_Start", "path": "\\CleanerPro_Start", "application_path": "C:\\Program Files (x86)\\Cleaner Pro\\CleanerPro.exe", "application_args": "true", "vtscore": -2, "status_str": "TROUVÉ", "status_choice": 1, "status_removed": 0 } ], "filesystem": [ { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP" ], "status_choice": 2, "processed": [ { "type": 2, "name": "GoldenGate", "path_expanded": "C:\\Users\\Auchan\\AppData\\Roaming\\GoldenGate", "path_compressed": "%APPDATA%\\GoldenGate", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "TROUVÉ", "status_removed": 0 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP" ], "status_choice": 2, "processed": [ { "type": 2, "name": "Reimage Repair", "path_expanded": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Reimage Repair", "path_compressed": "%programdata%\\Microsoft\\Windows\\Start Menu\\Programs\\Reimage Repair", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "TROUVÉ", "status_removed": 0 } ] }, { "scan_what": 3, "scan_how": [ 1, 2, 9 ], "vendors": [ "PUP" ], "status_choice": 2, "processed": [ { "type": 2, "name": "Software", "path_expanded": "C:\\Program Files (x86)\\Software", "path_compressed": "%programfiles(x86)%\\Software", "extra": "", "md5": "", "md5_low_level": "", "forged": false, "lnk_target": "", "lnk_args": "", "junc_target": "", "junc_tag": 0, "junc_error": 0, "exists": true, "signed": false, "signer": "", "status_str": "TROUVÉ", "status_removed": 0 } ] } ], "wmi": [], "hosts": { "is_too_big": false, "lines": [] }, "antirootkit": { "is_driver_loaded": false, "driver_error": 3221226347, "results": [] }, "web_browsers": [ { "scan_what": 2, "scan_how": [ 1 ], "vendors": [ "PUM.SearchEngine" ], "browser": 1, "browser_str": "Firefox", "config": { "user": "9oml9ga2.default", "line": "user_pref(\"browser.search.selectedEngine\", \"Yahoo! (Avast)\");", "key": "browser.search.selectedEngine", "value": "Yahoo! (Avast)", "line_count": 55 }, "status_str": "TROUVÉ", "status_malicious": true, "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 2 ], "vendors": [ "PUM.HomePage" ], "browser": 3, "browser_str": "Chrome", "config": { "user": "Default [SecurePrefs]", "line": "homepage [http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M4CA256D4-C152-458B-90E6-4FA4FE1DC299&SearchSource=55&CUI=&UM=8&UP=SPF2900746-20CA-4F75-909A-00B27DC25AB7&SSPV=]", "key": "homepage", "value": "http://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M4CA256D4-C152-458B-90E6-4FA4FE1DC299&SearchSource=55&CUI=&UM=8&UP=SPF2900746-20CA-4F75-909A-00B27DC25AB7&SSPV=" }, "status_str": "TROUVÉ", "status_malicious": true, "status_choice": 1, "status_removed": 0 }, { "scan_what": 2, "scan_how": [ 2 ], "vendors": [ "PUM.SearchPage" ], "browser": 3, "browser_str": "Chrome", "config": { "user": "Default [SecurePrefs]", "line": "default_search_provider_data.template_url_data.suggestions_url [{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}]", "key": "default_search_provider_data.template_url_data.suggestions_url", "value": "{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}" }, "status_str": "TROUVÉ", "status_malicious": true, "status_choice": 1, "status_removed": 0 } ], "disk": { "results": [], "mbr": "+++++ PhysicalDrive0: ST31000524AS ATA Device +++++\n--- User ---\n[MBR] 4945f5fd9a0e5f5f8f18ce5074baf4a7\n[BSP] 2a666ef2f4204149fa73c0e3c0c6cc6c : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 21504 MB\n1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 44042240 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 44247040 | Size: 465870 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 998348800 | Size: 466393 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n" } } }