RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 10 (10.0.14393) 64 bits version Démarré en : Mode normal Utilisateur : shagu [Administrateur] Démarré depuis : C:\Users\shagu\Desktop\RogueKillerX64.exe Mode : Scan -- Date : 02/20/2017 16:22:28 (Durée : 00:36:24) ¤¤¤ Processus : 1 ¤¤¤ [Root.Wajam] (SVC) 7ad9afa1fb34e2ffbfe2d9be24eea4c0 -- system32\drivers\7ad9afa1fb34e2ffbfe2d9be24eea4c0.sys[-] -> Trouvé(e) ¤¤¤ Registre : 40 ¤¤¤ [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{2FB831EA-DA68-4A66-8E31-A2D976A6296C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Trouvé(e) [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{3DCCD550-7586-40D2-A51D-D2F98EC06B3C} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Trouvé(e) [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Trouvé(e) [PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{C9487131-EF4C-40D9-BA70-E85356CAF67E} (C:\Program Files\¿ìѹ\X64\KZipShell.dll) -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\ByteFence -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1000\Software\UCBrowser -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1000\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\AutoTime -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\ByteFence -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\cacaoweb -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\Installer -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\SNDA -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\UCBrowserPID -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\AutoTime -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\ByteFence -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\cacaoweb -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\Installer -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\SNDA -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\UCBrowser -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\UCBrowserPID -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Trouvé(e) [PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Trouvé(e) [PUP.WikiThemes] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\AppDataLow\Software\WikiThemes -> Trouvé(e) [PUP.WikiThemes] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\AppDataLow\Software\WikiThemes -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence -> Trouvé(e) [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj | (default) : {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} -> Trouvé(e) [PUP.Gen0|PUP.Gen1|Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb : "C:\Users\shagu\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [x] -> Trouvé(e) [PUP.Gen0|PUP.Gen1|Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1826273261-1479682476-3830217024-1001\Software\Microsoft\Windows\CurrentVersion\Run | cacaoweb : "C:\Users\shagu\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [x] -> Trouvé(e) [Root.Wajam] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\7ad9afa1fb34e2ffbfe2d9be24eea4c0 (system32\drivers\7ad9afa1fb34e2ffbfe2d9be24eea4c0.sys) -> Trouvé(e) [PUP.Gen0|PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UCBrowserSvc ("C:\Program Files (x86)\UCBrowser\Application\UCService.exe") -> Trouvé(e) [PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D94D5721-45E3-46BD-B548-4EEF07536625} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe|Name=Chromium (mDNS-In)|Desc=Règle de trafic entrant pour Chromium autorisant le trafic mDNS|EmbedCtxt=UC???| [x] -> Trouvé(e) [PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9A8D0E29-5E79-49EE-B1BE-4BDEB9F8AE95} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe|Name=UC浏è§?å?¨|Desc=UC浏è§?å?¨| [x] -> Trouvé(e) [PUP.UCBrowser] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | StubPath : "C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" [x] -> Trouvé(e) ¤¤¤ Tâches : 3 ¤¤¤ [PUP.UCBrowser] \UCBrowserSecureUpdater -- "C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe" (--update-config) -> Trouvé(e) [PUP.UCBrowser] \UCBrowserUpdater -- C:\Program Files (x86)\UCBrowser\Application\update_task.exe (/update) -> Trouvé(e) [PUP.UCBrowser] \UCBrowserUpdaterCore -- C:\Program Files (x86)\UCBrowser\Application\update_task.exe (/task=1) -> Trouvé(e) ¤¤¤ Fichiers : 12 ¤¤¤ [PUP.Gen1][Répertoire] C:\ProgramData\WindowsMsg -> Trouvé(e) [PUP.Gen0][Fichier] C:\Users\shagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk [LNK@] C:\Users\shagu\AppData\Roaming\Browsers\exe.erolpxei.bat -> Trouvé(e) [PUP.Gen0][Fichier] C:\Users\shagu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle Chr?m?.lnk [LNK@] C:\Users\shagu\AppData\Roaming\Browsers\exe.emorhc.bat -> Trouvé(e) [Ads.Generic|Hidden.ADS][Flux] C:\Windows\System32\drivers:ucdrv-x64.sys -> Trouvé(e) [Ads.Generic|Hidden.ADS][Flux] C:\Windows\System32\drivers:x64 -> Trouvé(e) [Ads.Generic|Hidden.ADS][Flux] C:\Windows\System32\drivers:x86 -> Trouvé(e) [Root.Wajam][Fichier] C:\Windows\System32\drivers\7ad9afa1fb34e2ffbfe2d9be24eea4c0.sys -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\shagu\AppData\Local\DownloadManager -> Trouvé(e) [PUP.WikiThemes][Répertoire] C:\Users\shagu\AppData\Local\WikiThemes -> Trouvé(e) [PUP.Gen0][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogl? ?hr?m?.lnk [LNK@] C:\Users\shagu\AppData\Roaming\Browsers\exe.emorhc.bat -> Trouvé(e) [PUP.Gen1][Répertoire] C:\ProgramData\WindowsMsg -> Trouvé(e) [PUP.Gen0][Fichier] C:\Users\shagu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk [LNK@] C:\Users\shagu\AppData\Roaming\Browsers\exe.erolpxei.bat -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BPVT-22JJ5T0 +++++ --- User --- [MBR] 2f0913784ab8f50d586c90c33b724942 [BSP] f650f734991eff7e9b7ff4609359d1aa : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 289783 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK