RogueKiller V12.9.2.0 [Jan 9 2017] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Démarré en : Mode sans échec prise en charge réseau Utilisateur : laet [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 01/14/2017 19:10:39 (Durée : 00:52:05) ¤¤¤ Processus : 1 ¤¤¤ [PUP.Gen0|VT.Gen:Variant.Application.Sobrab.1] (SVC) NetUtils2016 -- \??\C:\Windows\system32\drivers\NetUtils2016.sys[7] -> Trouvé(e) ¤¤¤ Registre : 42 ¤¤¤ [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B} (C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\MP4Splitter.ax) -> Trouvé(e) [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD} (C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\MP4Splitter.ax) -> Trouvé(e) [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027} -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{C5E9BD50-D3FB-11E6-9B39-64006A5CFC35} (C:\Users\laet\AppData\Roaming\Jaesywacuk\Ghitstokerther.dll) -> Trouvé(e) [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A} (C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\MP4Splitter.ax) -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\5da059a482fd494db3f252126fbc3d5b -> Trouvé(e) [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\HDWallpaper -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\OtherSearch -> Trouvé(e) [PUP.ScreenShared] HKEY_LOCAL_MACHINE\Software\ScreenShared -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\SearchModule -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\zdengine -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\ryofward -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\TeleCharger -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\WebApp -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\ryofward -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\TeleCharger -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\WebApp -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search module -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\YSPackage -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Trouvé(e) [PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1 -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Trouvé(e) [PUP.Gen1] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21} -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {C5E9BD50-D3FB-11E6-9B39-64006A5CFC35} : (C:\Users\laet\AppData\Roaming\Jaesywacuk\Ghitstokerther.dll) [x] -> Trouvé(e) [PUP.Gen0] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BestCleaner : "C:\Program Files\BestCleaner\BestCleaner.exe" [-] -> Trouvé(e) [VT.UDS:DangerousObject.Multi.Generic] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\Microsoft\Windows\CurrentVersion\Run | J4T5ONTKAE : "C:\Program Files\1J7R66Z9DJ\1J7R66Z9D.exe" [-] -> Trouvé(e) [PUP.Gen0|VT.UDS:DangerousObject.Multi.Generic] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\Microsoft\Windows\CurrentVersion\Run | GSF6MKQ2F4 : "C:\Program Files\BestCleaner\AJXK4ZNKOO.exe" [-] -> Trouvé(e) [Suspicious.Path|VT.Gen:Variant.MSILPerseus.66584] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\Microsoft\Windows\CurrentVersion\Run | Publisher : C:\Users\laet\AppData\Local\Temp\{f58-f8-cc-8f400-812bd-9eb1-b3854}\ctçI-VKGdç.exe [-] -> Trouvé(e) [VT.UDS:DangerousObject.Multi.Generic] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | J4T5ONTKAE : "C:\Program Files\1J7R66Z9DJ\1J7R66Z9D.exe" [-] -> Trouvé(e) [PUP.Gen0|VT.UDS:DangerousObject.Multi.Generic] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | GSF6MKQ2F4 : "C:\Program Files\BestCleaner\AJXK4ZNKOO.exe" [-] -> Trouvé(e) [Suspicious.Path|VT.Gen:Variant.MSILPerseus.66584] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Publisher : C:\Users\laet\AppData\Local\Temp\{f58-f8-cc-8f400-812bd-9eb1-b3854}\ctçI-VKGdç.exe [-] -> Trouvé(e) [PUP.Gen0|PUP.Gen1|Suspicious.Path|VT.PUP.Optional.LogicHandler] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\backlh (C:\ProgramData\Logic Handler\set.exe) -> Trouvé(e) [PUP.Gen0|Suspicious.Path|VT.PUP.Optional.Linkury] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nettrans (C:\ProgramData\NetworkPacketManitor\Nettrans.exe) -> Trouvé(e) [PUP.Gen0|VT.Gen:Variant.Application.Sobrab.1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetUtils2016 (\??\C:\Windows\system32\drivers\NetUtils2016.sys) -> Trouvé(e) [PUP.Gen0|PUP.SearchModule|VT.Unknown] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpd (C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe /service) -> Trouvé(e) [PUP.Gen0|PUP.SearchModule|VT.Unknown] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpdd (\??\C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys) -> Trouvé(e) [Suspicious.Path|VT.not-a-virus:HEUR:WebToolbar.Win32.Linkury.gen] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Zaamla (C:\ProgramData\\Zaamla\\Zaamla.exe shuz -f "C:\ProgramData\\Zaamla\\Zaamla.dat" -l -a) -> Trouvé(e) [PUM.SearchPage] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPlbKdkH6CEUjkSSffAVcaUHDDzJpNMksDUKULwpgaWrSFYQEDv3uQcJe6bJwfbA2NIZsg15lAfcJ_9AaU_l6Ehvta9Ox4O4AvKEyOMiRiJsGxPUNDc9nMjtf5SzKz2hH0IFJP1QBJe_oQc6Emszqxyc3qmNDxpSuBDBEWsQ,,&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPlbKdkH6CEUjkSSffAVcaUHDDzJpNMksDUKULwpgaWrSFYQEDv3uQcJe6bJwfbA2NIZsg15lAfcJ_9AaU_l6Ehvta9Ox4O4AvKEyOMiRiJsGxPUNDc9nMjtf5SzKz2hH0IFJP1QBJe_oQc6Emszqxyc3qmNDxpSuBDBEWsQ,,&q={searchTerms} -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6475FC2B-C7A5-433F-8932-1DEC17EE85B5} | NameServer : 82.163.143.174,82.163.142.176 ([-][Israel]) -> Trouvé(e) [PUM.StartMenu] HKEY_USERS\S-1-5-21-213642649-178377738-3602818869-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e) [Suspicious.Path|VT.not-a-virus:AdWare.Win32.AdAgent.je] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Zaamla\Trishold.dll [-] -> Trouvé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 18 ¤¤¤ [PUP.Gen1][Répertoire] C:\ProgramData\Logic Handler -> Trouvé(e) [PUP.Gen0][Répertoire] C:\ProgramData\NetworkPacketManitor -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\SearchModule -> Trouvé(e) [PUP.Gen0][Fichier] C:\Users\Public\Desktop\HDWallPaper.lnk [LNK@] C:\PROGRA~1\HDWALL~1\HDWALL~1.EXE -> Trouvé(e) [PUP.Gen0][Fichier] C:\Windows\System32\zdengineOff.ini -> Trouvé(e) [PUP.Gen0][Fichier] C:\Windows\System32\drivers\NetUtils2016.sys -> Trouvé(e) [PUP.Gen0][Répertoire] C:\Windows\System32\config\systemprofile\AppData\Local\zdengine -> Trouvé(e) [PUP.Gen0][Répertoire] C:\Users\laet\AppData\Roaming\HDWallPaper -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Logic Handler -> Trouvé(e) [PUP.Gen0][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper -> Trouvé(e) [PUP.Gen0][Répertoire] C:\ProgramData\NetworkPacketManitor -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\SearchModule -> Trouvé(e) [PUP.Gen0][Répertoire] C:\Program Files\BestCleaner -> Trouvé(e) [PUP.SearchModule][Répertoire] C:\Program Files\Common Files\Noobzo -> Trouvé(e) [PUP.Gen0][Répertoire] C:\Program Files\HDWallPaper -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Program Files\mpck -> Trouvé(e) [PUP.ScreenShared][Répertoire] C:\Program Files\ScreenShared -> Trouvé(e) [PUP.Gen0][Fichier] C:\Users\Public\Desktop\HDWallPaper.lnk [LNK@] C:\PROGRA~1\HDWALL~1\HDWALL~1.EXE -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000035f]) ¤¤¤ ¤¤¤ Navigateurs web : 8 ¤¤¤ [PUM.HomePage][Firefox:Config] 1mesx2ss.default-1464691760777 : user_pref("browser.startup.homepage", "http://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H1Ezftpbl0cshmoAU,f2e358b8-edd5-4132-8b0b-139ab1195978,"); -> Trouvé(e) [PUP.Gen1|PUM.NewTab][Firefox:Config] 1mesx2ss.default-1464691760777 : user_pref("browser.newtab.url", "http://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H1Ezftpbl0cshmoAU,f2e358b8-edd5-4132-8b0b-139ab1195978,"); -> Trouvé(e) [PUM.SearchEngine][Firefox:Config] 1mesx2ss.default-1464691760777 : user_pref("browser.search.selectedEngine", ""); -> Trouvé(e) [PUM.HomePage][Chrome:Config] ChromeDefaultData [SecurePrefs] : homepage [http://www-searching.com/?pid=s&s=H1Ezftpbl0cshmoAU,f2e358b8-edd5-4132-8b0b-139ab1195978,] -> Trouvé(e) [PUM.HomePage][Chrome:Config] ChromeDefaultData [SecurePrefs] : session.startup_urls [http://www-searching.com/?pid=s&s=H1Ezftpbl0cshmoAU,f2e358b8-edd5-4132-8b0b-139ab1195978,] -> Trouvé(e) [PUM.SearchPage][Chrome:Config] ChromeDefaultData [SecurePrefs] : default_search_provider_data.template_url_data.keyword [www-searching.com] -> Trouvé(e) [PUM.SearchPage][Chrome:Config] ChromeDefaultData [SecurePrefs] : default_search_provider_data.template_url_data.url [http://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H1Ezftpbl0cshmoAU,f2e358b8-edd5-4132-8b0b-139ab1195978,] -> Trouvé(e) [PUM.SearchPage][Chrome:Config] ChromeDefaultData [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}] -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: STM3250318AS ATA Device +++++ --- User --- [MBR] ce46618ccab443ca76df31a52e52f773 [BSP] a461e9ea0e4e180dd85986e50a2a6abe : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] Le périphérique n?est pas prêt. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] Le périphérique n?est pas prêt. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] Le périphérique n?est pas prêt. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] Le périphérique n?est pas prêt. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )