RogueKiller V12.9.7.0 [Feb 6 2017] (Premium) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7600) 32 bits version Démarré en : Mode normal Utilisateur : user [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 02/10/2017 23:09:42 (Durée : 01:08:32) ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 12 ¤¤¤ [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0D3DB963-A4ED-4E83-987B-93B447EB671C} (C:\Users\user\AppData\Local\Temp\{E846E56F-708F-4B62-B9FA-B85EFA181077}\{451517F1-7E41-400B-AA36-FB7E2563526D}\InstallHelper.dll) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{5F4B69EF-1A7C-4FDD-8F61-31ACD03A95B3} (C:\Users\user\AppData\Local\Temp\{E846E56F-708F-4B62-B9FA-B85EFA181077}\{451517F1-7E41-400B-AA36-FB7E2563526D}\InstallHelper.dll) -> Trouvé(e) [PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{7F411237-8CB3-4812-B934-D1CF7F60403B} (C:\Users\user\AppData\Local\Temp\{E846E56F-708F-4B62-B9FA-B85EFA181077}\{451517F1-7E41-400B-AA36-FB7E2563526D}\InstallHelper.dll) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{9FEA9E8E-50CD-4551-BE0E-1AFFAB772D99} (C:\Users\user\AppData\Local\Temp\{E846E56F-708F-4B62-B9FA-B85EFA181077}\{451517F1-7E41-400B-AA36-FB7E2563526D}\InstallHelper.dll) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{B403A89C-2CA8-43AD-911E-BC8429BCB418} (C:\Users\user\AppData\Local\Temp\{E846E56F-708F-4B62-B9FA-B85EFA181077}\{451517F1-7E41-400B-AA36-FB7E2563526D}\InstallHelper.dll) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{C5C6830E-806F-4F28-863B-C01B1B41AB98} (C:\Users\user\AppData\Local\Temp\{E846E56F-708F-4B62-B9FA-B85EFA181077}\{451517F1-7E41-400B-AA36-FB7E2563526D}\InstallHelper.dll) -> Trouvé(e) [PUM.HomePage] HKEY_USERS\S-1-5-21-1765245378-4023211186-2432625949-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://linkzb.com -> Trouvé(e) [PUM.HomePage] HKEY_USERS\S-1-5-21-1765245378-4023211186-2432625949-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.babal.net/?gjj -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{54DBDCFB-71ED-4B76-914C-5A9E5247F4AC} | NameServer : 8.8.8.8,4.4.4.4 ([-][US]) -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{54DBDCFB-71ED-4B76-914C-5A9E5247F4AC} | NameServer : 8.8.8.8,4.4.4.4 ([-][US]) -> Trouvé(e) [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e) ¤¤¤ Tâches : 1 ¤¤¤ [PUP.Gen1] \SimpleFiles Update Service -- C:\Program Files\SimpleFilesUpdater\SimpleFilesUpdater.exe -> Trouvé(e) ¤¤¤ Fichiers : 8 ¤¤¤ [PUP.Gen1][Répertoire] C:\ProgramData\Free YouTube Downloader -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\user\Desktop\Google Chrome.lnk [LNK@] C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe http://chercheztout.com/tram/120 -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\chrome.LNK [LNK@] C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe http://chercheztout.com/tram/120 -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\user\AppData\Local\Free YouTube Downloader -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Free YouTube Downloader -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Program Files\Free YouTube Downloader -> Trouvé(e) [Hj.Shortcut][Fichier] C:\Users\user\Desktop\Google Chrome.lnk [LNK@] C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe http://chercheztout.com/tram/120 -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 1 ¤¤¤ [PUP.Gen2][Firefox:Addon] 6eqh5g40.default : TS Magic Player [magicplayer@torrentstream.org] -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: Hitachi HCC545016B9A300 +++++ --- User --- [MBR] 2ad26ba55addd41c5cf851e73cfdfc2a [BSP] 35b08aebdcc908dcb6739d47ec6f0084 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 61162 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 125466624 | Size: 91364 MB User = LL1 ... OK User = LL2 ... OK