RogueKiller V12.9.2.0 (x64) [Jan 9 2017] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 8.1 (6.3.9600) 64 bits version Démarré en : Mode normal Utilisateur : aissaahelme [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 01/13/2017 18:40:43 (Durée : 01:01:05) ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 32 ¤¤¤ [Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{8395822C-D1C8-11E6-9072-64006A5CFC23} (C:\Users\aissaahelme\AppData\Roaming\Gireshckcge\Chpyhobi.dll) -> Trouvé(e) [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\CalendarTool -> Trouvé(e) [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\WeatherTool -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Maoha -> Trouvé(e) [PUP.SaFi] (X86) HKEY_LOCAL_MACHINE\Software\SaFiPlayer -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\trotuxSoftware -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\AutoTime -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Babylon -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\csastats -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Installer -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Maoha -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\ProductSetup -> Trouvé(e) [PUP.SaFi] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\SaFiPlayer -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\UCBrowserPID -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\AutoTime -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Babylon -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\csastats -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Installer -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Maoha -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\ProductSetup -> Trouvé(e) [PUP.SaFi] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\SaFiPlayer -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\UCBrowserPID -> Trouvé(e) [PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD} -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {8395822C-D1C8-11E6-9072-64006A5CFC23} : (C:\Users\aissaahelme\AppData\Roaming\Gireshckcge\Chpyhobi.dll) [x] -> Trouvé(e) [PUP.HackTool] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIPS (C:\Program Files (x86)\netcut\services\AIPS.exe) -> Trouvé(e) [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MaohaWifiSvr (C:\Program Files (x86)\Maoha\MaohaAP\MaohaWifiSvr.exe) -> Trouvé(e) [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.linkzb.com -> Trouvé(e) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.linkzb.com -> Trouvé(e) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1935104402-3179682513-2427247962-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.linkzb.com -> Trouvé(e) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{73CE8496-0C10-4C6D-B2D2-8987C7728111} | NameServer : 8.8.8.8,4.4.4.4 ([-][US]) -> Trouvé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 28 ¤¤¤ [PUP.Gen1][Répertoire] C:\ProgramData\PC Faster -> Trouvé(e) [PUP.Gen1][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\PCFTray.exe -startmenu -> Trouvé(e) [PUP.Gen1][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\PCFasterFeedback.exe -start_menu -> Trouvé(e) [PUP.Gen1][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\Uninstall.exe -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://qtipr.com/ -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://qtipr.com/ -> Trouvé(e) [PUP.Gen1][Fichier] C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\Uninstall.exe -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\aissaahelme\AppData\Roaming\Babylon -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\aissaahelme\AppData\Roaming\CalendarTool -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\aissaahelme\AppData\Roaming\PC Faster -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\aissaahelme\AppData\Local\Babylon -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\aissaahelme\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk -> Trouvé(e) [PUP.Gen1][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\PCFTray.exe -startmenu -> Trouvé(e) [PUP.Gen1][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\PCFasterFeedback.exe -start_menu -> Trouvé(e) [PUP.Gen1][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\Uninstall.exe -> Trouvé(e) [Hj.Shortcut][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe --load-extension="C:\Users\AISSAA~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/ -> Trouvé(e) [PUP.SaFi][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\PC Faster -> Trouvé(e) [PUP.SaFi][Répertoire] C:\Program Files\SaFiPlayer -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Program Files (x86)\Babylon -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Program Files (x86)\CalendarTool -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Program Files (x86)\CleanBrowser -> Trouvé(e) [PUP.HackTool][Répertoire] C:\Program Files (x86)\netcut -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Program Files (x86)\PC Faster -> Trouvé(e) [PUP.Gen1][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Baidu PC Faster.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\PCFTray.exe -startmenu -> Trouvé(e) [PUP.Gen1][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Feedback.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\PCFasterFeedback.exe -start_menu -> Trouvé(e) [PUP.Gen1][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster\Uninstall.lnk [LNK@] C:\PROGRA~2\PC Faster\5.1.0.0\Uninstall.exe -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\aissaahelme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://qtipr.com/ -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 11 ¤¤¤ [PUP.Gen0][Chrome:Addon] ChromeDefaultData2 : Web Navigation [lkemddiljapcmhicklfpcbpfffahfbja] -> Trouvé(e) [PUM.HomePage][Firefox:Config] d5fi5rbr.default-1459252039025 : user_pref("browser.startup.homepage", "http://www.trotux.com/?z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm&from=clc&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&type=hp"); -> Trouvé(e) [PUP.Gen1|PUM.NewTab][Firefox:Config] d5fi5rbr.default-1459252039025 : user_pref("browser.newtab.url", "http://www.trotux.com/?z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm&from=clc&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&type=hp"); -> Trouvé(e) [PUM.SearchEngine][Firefox:Config] d5fi5rbr.default-1459252039025 : user_pref("browser.search.selectedEngine", "trotux"); -> Trouvé(e) [PUM.SearchEngine][Firefox:Config] d5fi5rbr.default-1459252039025 : user_pref("browser.search.defaultenginename", "trotux"); -> Trouvé(e) [PUP.Gen1|PUM.SearchEngine][Firefox:Config] d5fi5rbr.default-1459252039025 : user_pref("browser.search.searchengine.hp", "http://www.trotux.com/?z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm&from=clc&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&type=hp"); -> Trouvé(e) [PUP.Gen1|PUM.SearchEngine][Firefox:Config] d5fi5rbr.default-1459252039025 : user_pref("browser.search.searchengine.sp", "http://www.trotux.com/search/?from=clc&q={searchTerms}&type=sp&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm"); -> Trouvé(e) [PUP.Gen1|PUM.SearchEngine][Firefox:Config] d5fi5rbr.default-1459252039025 : user_pref("browser.search.searchengine.url", "http://www.trotux.com/search/?from=clc&q={searchTerms}&type=sp&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm"); -> Trouvé(e) [PUM.HomePage][Chrome:Config] ChromeDefaultData2 [SecurePrefs] : homepage [http://www.trotux.com/?z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm&from=clc&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&type=hp] -> Trouvé(e) [PUM.HomePage][Chrome:Config] ChromeDefaultData [SecurePrefs] : session.startup_urls [http://www.trotux.com/?z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm&from=clc&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&type=hp] -> Trouvé(e) [PUM.HomePage][Chrome:Config] ChromeDefaultData2 [SecurePrefs] : session.startup_urls [http://www.trotux.com/?z=b7b64fb0876dd4f6dd72892gcz0bec3tdt2mbb0zcm&from=clc&uid=TOSHIBAXMQ01ABD050_13O8F240SXX13O8F240S&type=hp] -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD050 +++++ --- User --- [MBR] 9fc4f82022ace3260ca34525028b16bd [BSP] 3365f53c637d25341fd9b8719f326263 : Empty|VT.Unknown MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 1697792 | Size: 309776 MB 4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 636119040 | Size: 450 MB 5 - Basic data partition | Offset (sectors): 637040640 | Size: 151793 MB 6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 947914752 | Size: 14091 MB User = LL1 ... OK User = LL2 ... OK