RogueKiller V12.8.4.0 [Dec  5 2016] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en  : Mode normal
Utilisateur : 7 [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 12/05/2016 18:29:58 (Durée : 04:36:40)

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 30 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} (C:\Users\7\AppData\Local\Temp\HYDCEA9.tmp.1462322067\HTA\3rdparty\OCComSDK.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} (C:\Users\7\AppData\Local\Temp\HYDCEA9.tmp.1462322067\HTA\3rdparty\OCComSDK.dll) -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} ("C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe") -> Trouvé(e)
[PUP] HKEY_CLASSES_ROOT\ITVA -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\APN PIP -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\csastats -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\Distromatic -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\DriverUpdaterPro -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\ProductSetup -> Trouvé(e)
[PUP] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\Microsoft\Windows\CurrentVersion\Run | DUP : "C:\Program Files\DriverUpdaterPro\DriverUpdaterPro.exe" /ot /as /ss [x] -> Trouvé(e)
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtop ("C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe") -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn5dJ8gs0DGDT2U8IlLY4zcmGPcJwjbLd4TJ-siLWoYlTLHyFcVMpijz49k7zZsX3Ffx-EKv26RYacy0GXH84DEjRghN9ZzTwLidE5Ulv-f3T-O7MztSAHK-odOWYgTUTloe7N4Lb4jL4hJPAEU78gua9RTEhej_t7KLKTWh3KNyOabkG2_wtWPB&q={searchTerms}  -> Trouvé(e)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B13C0E52-CB31-4BD2-A3F6-212021D36E5A} | NameServer : 210.0.128.242,210.0.128.1 ([-][Hong Kong])  -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D4D64E6E-3B2F-4059-8817-C2C35C9D62A1} | DhcpNameServer : 10.211.254.254 8.8.8.8 ([][-])  -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{D4D64E6E-3B2F-4059-8817-C2C35C9D62A1} | DhcpNameServer : 10.211.254.254 8.8.8.8 ([][-])  -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0CD4E939-9F37-4206-9829-474929233007} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\7\AppData\Local\Temp\Trojan.exe|Name=Trojan.exe| [x] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {09BFA364-412C-4753-8477-538A49B7FA4E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\7\AppData\Local\Temp\Trojan.exe|Name=Trojan.exe| [x] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0CD4E939-9F37-4206-9829-474929233007} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\7\AppData\Local\Temp\Trojan.exe|Name=Trojan.exe| [x] -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {09BFA364-412C-4753-8477-538A49B7FA4E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\7\AppData\Local\Temp\Trojan.exe|Name=Trojan.exe| [x] -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-257175179-1315963539-895185151-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Trouvé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Quotenamron\StrongSololight.dll [x] -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 4 ¤¤¤
[PUP][Répertoire] C:\ProgramData\AVG Security Toolbar -> Trouvé(e)
[PUP][Répertoire] C:\Users\7\AppData\Roaming\OpenCandy -> Trouvé(e)
[PUP][Répertoire] C:\ProgramData\AVG Security Toolbar -> Trouvé(e)
[PUP][Répertoire] C:\Program Files\Common Files\DVDVideoSoft -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUP][Chrome:Addon] Default : MSN Homepage & Bing Search Engine [fcfenmboojpjinhpgggodefccipikbpd] -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] d818cbc55171abf486a24583a5677700
[BSP] 39805bd9416388d9424f7999b3e62a5f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 19900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 40962048 | Size: 56317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 30bf9650c74f5a5a834ab2500f3204bd
[BSP] 8b2290f9f9985fa82fc748f493ebece5 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 19900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 40962048 | Size: 56317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )