ÿþRogueKiller V12.8.5.0 [Dec 12 2016] (Premium) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Démarré en : Mode normal Utilisateur : KAMIKAZ [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 12/14/2016 14:01:23 (Durée : 00:35:33) ¤¤¤ Processus : 2 ¤¤¤ [PUP.HackTool|VT.HackTool:Win32/AutoKMS] Service_KMS.exe(2312) -- C:\Program Files\KMSpico\Service_KMS.exe[-] -> Trouvé(e) [PUP.HackTool|VT.HackTool:Win32/AutoKMS] (SVC) Service KMSELDI -- C:\Program Files\KMSpico\Service_KMS.exe[-] -> Trouvé(e) ¤¤¤ Registre : 29 ¤¤¤ [PUP] HKEY_CLASSES_ROOT\CLSID\{6AC0BB10-C922-45e2-857D-2A368FE749E5} (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll) -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\CLSID\{947217BD-E967-400A-B14A-BA851A8EDCBB} (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonDocTranslationPI.dll) -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll) -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\.bgl -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\.bof -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\BabyDict -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\BabyGloss -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\BabyOptFile -> Trouvé(e) [PUP] HKEY_CLASSES_ROOT\Prod.cap -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\Babylon -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\UCBrowser -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Trouvé(e) [PUP] HKEY_USERS\.DEFAULT\Software\UCBrowser -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-2240328502-4235292055-2088451052-1000\Software\Babylon -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-2240328502-4235292055-2088451052-1000\Software\UCBrowser -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-2240328502-4235292055-2088451052-1000\Software\UCBrowserPID -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-18\Software\UCBrowser -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} (C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll) -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> Trouvé(e) [VT.W32.HfsAtITA.BAEC] HKEY_USERS\S-1-5-21-2240328502-4235292055-2088451052-1000\Software\Microsoft\Windows\CurrentVersion\Run | IDM trial reset : "C:\IDMan Trial Reset by Chamsoo.exe" /trial [-] -> Trouvé(e) [PUP.HackTool|VT.HackTool:Win32/AutoKMS] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trouvé(e) [PUP.HackTool|VT.HackTool:Win32/AutoKMS] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service KMSELDI (C:\Program Files\KMSpico\Service_KMS.exe) -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 0.0.0.0 ([]) -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DAB6D11E-826B-40DB-981E-8BE88270D38C} | DhcpNameServer : 0.0.0.0 ([]) -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DAB6D11E-826B-40DB-981E-8BE88270D38C} | DhcpNameServer : 0.0.0.0 ([]) -> Trouvé(e) [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e) [PUM.StartMenu] HKEY_USERS\S-1-5-21-2240328502-4235292055-2088451052-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trouvé(e) ¤¤¤ Tâches : 1 ¤¤¤ [PUP.HackTool|VT.HackTool:Win32/AutoKMS] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Trouvé(e) ¤¤¤ Fichiers : 17 ¤¤¤ [PUP][Répertoire] C:\ProgramData\Babylon -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\PC Faster -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\KAMIKAZ\Desktop\Pre_Scan_Donate.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN -> Trouvé(e) [PUP][Fichier] C:\Users\KAMIKAZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk [LNK@] C:\PROGRA~1\Babylon\BABYLO~1\Babylon.exe -> Trouvé(e) [PUP][Répertoire] C:\Users\KAMIKAZ\AppData\Roaming\Babylon -> Trouvé(e) [PUP][Répertoire] C:\Users\KAMIKAZ\AppData\Local\Babylon -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\Babylon -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon -> Trouvé(e) [PUP.HackTool][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk [LNK@] C:\PROGRA~1\KMSpico\AutoPico.exe -> Trouvé(e) [PUP.HackTool][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\KMSELDI.exe -> Trouvé(e) [PUP.HackTool][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\scripts\Log.cmd -> Trouvé(e) [PUP.HackTool][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk [LNK@] C:\PROGRA~1\KMSpico\UninsHs.exe /u0=KMSpico -> Trouvé(e) [PUP][Répertoire] C:\ProgramData\PC Faster -> Trouvé(e) [PUP][Répertoire] C:\Program Files\Babylon -> Trouvé(e) [Hj.Name][Fichier] C:\Program Files\DLL Suite\ctfmon.exe -> Trouvé(e) [PUP.HackTool][Répertoire] C:\Program Files\KMSpico -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\KAMIKAZ\Desktop\Pre_Scan_Donate.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 1 ¤¤¤ [PUP][Firefox:Addon] kmgjony7.default : Babylon Translation Activation [ocr@babylon.com] -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++ --- User --- [MBR] c0db0825a9c900f0cb01cd5daf8cb7d0 [BSP] 4dbd1e8406f020d5be956857df73faec : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 190000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 389122048 | Size: 286938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK