RogueKiller V12.9.2.0 (x64) [Jan 9 2017] (Premium) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 10 (10.0.14393) 64 bits version Démarré en : Mode normal Utilisateur : yan-9 [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Suppression -- Date : 01/09/2017 23:27:00 (Durée : 00:29:57) ¤¤¤ Processus : 2 ¤¤¤ [Adw.Elex|Suspicious.Path|VT.not-a-virus:AdWare.Win32.Agent.xxdcno] UvConverter.exe(3004) -- C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe[-] -> Tué(e) [TermProc] [Adw.Elex|Suspicious.Path|VT.not-a-virus:AdWare.Win32.Agent.xxdcno] (SVC) Convxxxx -- "C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}[-] -> ERROR [6d] ¤¤¤ Registre : 33 ¤¤¤ [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{FAD99A26-B035-11E6-868F-64006A5CFC23} (C:\Users\yan-9\AppData\Roaming\Aterqcult\Usaphatusary.dll) -> Supprimé(e) [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\jhdbca -> Supprimé(e) [PUP.Amisites] (X86) HKEY_LOCAL_MACHINE\Software\amisitesSoftware -> Supprimé(e) [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\jhdbca -> Supprimé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\trotuxSoftware -> Supprimé(e) [Adw.Elex] (X86) HKEY_LOCAL_MACHINE\Software\UvConv -> Supprimé(e) [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\WinArcher -> Supprimé(e) [PUP.Gen0] (X64) HKEY_USERS\.DEFAULT\Software\jhdbca -> Supprimé(e) [PUP.Gen0] (X86) HKEY_USERS\.DEFAULT\Software\jhdbca -> Supprimé(e) [PUP.Gen0] (X64) HKEY_USERS\S-1-5-18\Software\jhdbca -> Supprimé(e) [PUP.Gen0] (X86) HKEY_USERS\S-1-5-18\Software\jhdbca -> Supprimé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {FAD99A26-B035-11E6-868F-64006A5CFC23} : (C:\Users\yan-9\AppData\Roaming\Aterqcult\Usaphatusary.dll) [x] -> Supprimé(e) [Adw.Elex|Suspicious.Path|VT.not-a-virus:AdWare.Win32.Agent.xxdcno] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Convxxxx ("C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577}) -> Supprimé(e) [PUP.AMule] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ed2kidle ("C:\Program Files (x86)\amuleC1\ed2k.exe" -downloadwhenidle) -> Supprimé(e) [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896) [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896) [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch) [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-581885192-1748243344-1620244531-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms} -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch) [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2) [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2) [Adw.Elex] (X64) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes | DependOnService : -> Supprimé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 5 ¤¤¤ [PUP.Gen0][Répertoire] C:\ProgramData\WinSAPSvc -> Supprimé(e) au redémarrage [20] [PUP.Gen0][Fichier] C:\ProgramData\WinSAPSvc\WinSAP.dll -> Supprimé(e) au redémarrage [5] [Adw.Elex][Fichier] C:\Users\yan-9\AppData\Roaming\jcfjc\UvConverter.exe -> Supprimé(e) [PUP.Gen0][Répertoire] C:\ProgramData\WinSAPSvc -> Supprimé(e) au redémarrage [20] [PUP.Gen0][Fichier] C:\ProgramData\WinSAPSvc\WinSAP.dll -> Supprimé(e) au redémarrage [5] [Adw.Elex][Répertoire] C:\Program Files (x86)\UvConverter -> Supprimé(e) [PUP.Gen0][Répertoire] C:\Program Files (x86)\WinArcher -> Supprimé(e) au redémarrage [91] [PUP.Gen0][Fichier] C:\Program Files (x86)\WinArcher\Archer.dll -> Supprimé(e) au redémarrage [5] [PUP.Gen0][Fichier] C:\Program Files (x86)\WinArcher\Packet.dll -> Supprimé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 3 ¤¤¤ [PUM.HomePage][Chrome:Config] ChromeDefaultData [SecurePrefs] : session.startup_urls [https://www.google.com/|http://www.amisites.com/?type=hp&ts=1483114052&z=220b85063d1f3e6685be08fgaz5bcc0gcg2zee8w1e&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT|http://www.amisites.com/?type=hp&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT] -> Supprimé(e) [PUM.SearchPage][Chrome:Config] ChromeDefaultData [SecurePrefs] : default_search_provider_data.template_url_data.keyword [amisites] -> Supprimé(e) [PUM.SearchPage][Chrome:Config] ChromeDefaultData [SecurePrefs] : default_search_provider_data.template_url_data.url [http://www.amisites.com/search/?type=ds&ts=1483995336&z=9292a818f45a7a142d46ecdgfz5bac3t4t1w1c7c8z&from=archer1028&uid=TOSHIBAXMQ01ABF050_56D2PCSATXX56D2PCSAT&q={searchTerms}] -> Supprimé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++ --- User --- [MBR] 9d76ce1b64e2873a671280857b86a525 [BSP] 79fc08d9881519e96afb442150a3e5d0 : Empty|VT.Unknown MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB 3 - Basic data partition | Offset (sectors): 1161216 | Size: 231934 MB 4 - [MAN-MOUNT] Basic data partition | Offset (sectors): 476162048 | Size: 1 MB 5 - Basic data partition | Offset (sectors): 476164096 | Size: 244437 MB User = LL1 ... OK User = LL2 ... OK