RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Premium) par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 10 (10.0.10586) 64 bits version
Démarré en  : Mode normal
Utilisateur : SouheiB [Administrateur]
Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/05/2017 23:17:14 (Durée : 00:34:36)

¤¤¤ Processus : 2 ¤¤¤
[PUP.HackTool|Suspicious.Path|VT.Troj.Gen!c] KMS-R@1n.exe(2204) -- C:\Windows\KMS-R@1n.exe[-] -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Troj.Gen!c] (SVC) KMS-R@1n -- C:\Windows\KMS-R@1n.exe[-] -> Trouvé(e)

¤¤¤ Registre : 9 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Reimage -> Trouvé(e)
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\TweakBit -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Troj.Gen!c] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMS-R@1n (C:\Windows\KMS-R@1n.exe) -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Troj.Gen!c] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {26DED61E-A4D6-4318-A2C3-952EE68D3224} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [-] -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Troj.Gen!c] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9803800B-BEA3-4636-90F1-9947FAC0C88C} : v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=1688|App=C:\Windows\KMS-R@1n.exe|Name=KMS-R@1n| [-] -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Patched4_c.GXW] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Patched4_c.GXW] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Patched4_c.GXW] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OSppSvc.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)
[PUP.HackTool|Suspicious.Path|VT.Patched4_c.GXW] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe | Debugger : KMS-R@1nHook.exe [-] -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 7 ¤¤¤
[PUP.Gen1][Répertoire] C:\ProgramData\TweakBit -> Trouvé(e)
[PUP.HackTool][Fichier] C:\Windows\KMS-R@1n.exe -> Trouvé(e)
[PUP.HackTool][Fichier] C:\Windows\KMS-R@1nHook.exe -> Trouvé(e)
[PUP.Gen0][Fichier] C:\Windows\Reimage.ini -> Trouvé(e)
[Tr.Gen0][Fichier] C:\Users\SouheiB\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Trouvé(e)
[Tr.Gen0][Fichier] C:\Users\SouheiB\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Trouvé(e)
[PUP.Gen1][Répertoire] C:\ProgramData\TweakBit -> Trouvé(e)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZRX-00A3KB0 +++++
--- User ---
[MBR] 88c87bf599d3588eab45c6b2cc2b3a03
[BSP] d49d3ba2aa71ebbdd840421c04c38b7d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 249899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512000000 | Size: 243868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1011441664 | Size: 460000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST500DM002-1CH14C +++++
--- User ---
[MBR] 6a0e2be42da3487a4042a0b9a870f930
[BSP] c84bf172c3d7681c4fbbe0aa968477a8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 250000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 512002048 | Size: 226937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK