ÿþRogueKiller V12.8.6.0 [Dec 19 2016] (Premium) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Démarré en : Mode normal Utilisateur : Motafa [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 12/26/2016 08:16:57 (Durée : 01:51:28) ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 16 ¤¤¤ [PUP] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80} (C:\Users\Motafa\AppData\Local\Temp\Rar$EX00.373\USBUTI~1.EXE) -> Trouvé(e) [PUP] HKEY_USERS\.DEFAULT\Software\AskPartnerNetwork -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\IM -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\Softonic -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\TeleCharger -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-18\Software\AskPartnerNetwork -> Trouvé(e) [Suspicious.Path] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\Microsoft\Windows\CurrentVersion\Run | Memory Cleaner : C:\Users\Motafa\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe boot [7] -> Trouvé(e) [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.globasearch.com/?serie=211&b=3&installkey=bIpn4HREAsPuxaevgGER -> Trouvé(e) [PUM.HomePage] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.globasearch.com/?serie=211&b=3&installkey=bIpn4HREAsPuxaevgGER -> Trouvé(e) [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : https://safesearch.avira.com/#web/result?source=art&q= -> Trouvé(e) [PUM.HomePage] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : https://safesearch.avira.com/#web/result?source=art&q= -> Trouvé(e) [PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://safesearch.avira.com/#web/result?source=art&q= -> Trouvé(e) [PUM.SearchPage] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://safesearch.avira.com/#web/result?source=art&q= -> Trouvé(e) [PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : https://safesearch.avira.com/#web/result?source=art&q= -> Trouvé(e) [PUM.SearchPage] HKEY_USERS\S-1-5-21-2358173162-1663713841-3439786372-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : https://safesearch.avira.com/#web/result?source=art&q= -> Trouvé(e) ¤¤¤ Tâches : 1 ¤¤¤ [Suspicious.Path] \Format Factory -- "C:\Users\Motafa\AppData\Local\Temp\is-8SHLT.tmp\prsetup.exe" ("/logon") -> Trouvé(e) ¤¤¤ Fichiers : 27 ¤¤¤ [PUP][Répertoire] C:\ProgramData\APN -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\ByteFence -> Trouvé(e) [PUP][Répertoire] C:\Users\Motafa\AppData\Roaming\OpenCandy -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Trouvé(e) [Tr.Generic][Fichier] C:\Users\Motafa\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Trouvé(e) [PUP][Répertoire] C:\Users\Motafa\AppData\Local\Chromatic Browser -> Trouvé(e) [PUP][Répertoire] C:\Users\Motafa\AppData\Local\VNT -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\APN -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\ByteFence -> Trouvé(e) [PUP.HackTool][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\scripts\Log.cmd -> Trouvé(e) [PUP.HackTool][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\UninsHs.exe /u0=KMSpico -> Trouvé(e) [PUP.HackTool][Répertoire] C:\Program Files\KMSpico -> Trouvé(e) [PUM.Firefox][Fichier] C:\Users\Motafa\AppData\Roaming\Mozilla\Firefox\Profiles\2n5j20bx.default\Invalidprefs.js -> Trouvé(e) [PUP][Fichier] C:\Users\Motafa\AppData\Roaming\Mozilla\Firefox\Profiles\2n5j20bx.default\searchplugins\ask-search.xml -> Trouvé(e) [PUP][Fichier] C:\Users\Motafa\AppData\Roaming\Mozilla\Firefox\Profiles\2n5j20bx.default\searchplugins\bingp.xml -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 2 ¤¤¤ [PUM.HomePage][Firefox:Config] 2n5j20bx.default : user_pref("browser.startup.homepage", "http://www.globasearch.com/?serie=211&b=2&installkey=bIpn4HREAsPuxaevgGER"); -> Trouvé(e) [PUP|PUM.NewTab][Firefox:Config] 2n5j20bx.default : user_pref("browser.newtab.url", "http://www.globasearch.com/?serie=211&b=2&installkey=bIpn4HREAsPuxaevgGER&newtab"); -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD032 +++++ --- User --- [MBR] db937e1d77c529a037ee1b030fe8f003 [BSP] 8279b523731babf0fdbffe5223a9b161 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK