RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 10 (10.0.14393) 64 bits version Démarré en : Mode normal Utilisateur : Attilio [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 03/03/2017 07:29:49 (Durée : 00:34:37) ¤¤¤ Processus : 15 ¤¤¤ [PUP.AMule|VT.Trojan-Downloader.Win32.Eroyee.g] ed2k.exe(7936) -- C:\Program Files (x86)\amuleCexx\ed2k.exe[-] -> Trouvé(e) [PUP.Ghokswa|VT.TR/Dropper.ouklc] FirefoxUpdate.exe(6968) -- C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe[7] -> Trouvé(e) [Suspicious.Path|VT.not-a-virus:AdWare.Win32.ELEX.awu] Kyubey.exe(5040) -- C:\Users\Attilio\AppData\Roaming\Kyubey\Kyubey.exe[-] -> Trouvé(e) [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iSafeSvc.exe(9540) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe[7] -> Trouvé(e) [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iSafeSvc2.exe(6236) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe[7] -> Trouvé(e) [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iSafeTray.exe(7344) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe[7] -> Trouvé(e) [PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] iDskDllPatch64.dll(6356) -- C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll[7] -> Trouvé(e) [PUP.AMule|VT.Trojan-Downloader.Win32.Eroyee.g] (SVC) ed2kidle -- "C:\Program Files (x86)\amuleCexx\ed2k.exe" -downloadwhenidle[-] -> Trouvé(e) [PUP.Ghokswa|VT.TR/Dropper.ouklc] (SVC) FirefoxU -- "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe"[7] -> Trouvé(e) [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeKrnl -- \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys[7] -> Trouvé(e) [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeKrnlR3 -- \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys[7] -> Trouvé(e) [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeKrnlMon -- \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys[7] -> Trouvé(e) [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeNetFilter -- system32\DRIVERS\iSafeNetFilter.sys[7] -> Trouvé(e) [PUP.Gen0|VT.FraudTool.YAC] (SVC) iSafeService -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe[7] -> Trouvé(e) [Suspicious.Path|VT.not-a-virus:AdWare.Win32.ELEX.awu] (SVC) Kyubey -- C:\Users\Attilio\AppData\Roaming\Kyubey\Kyubey.exe -s[-] -> Trouvé(e) ¤¤¤ Registre : 44 ¤¤¤ [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\HDWallpaper -> Trouvé(e) [Adw.Elex] (X64) HKEY_LOCAL_MACHINE\Software\InterSect Alliance -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Elex-tech -> Trouvé(e) [PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox -> Trouvé(e) [PUP.Ghokswa] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Firefox -> Trouvé(e) [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\IM -> Trouvé(e) [Adw.Elex] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\WinSnare -> Trouvé(e) [PUP.Ghokswa] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Firefox -> Trouvé(e) [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\IM -> Trouvé(e) [Adw.Elex] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\WinSnare -> Trouvé(e) [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\iSafe -> Trouvé(e) [PUP.AMule] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2EFFD4E-D098-4845-9D56-DE75BEB35913} -> Trouvé(e) [Adw.Elex|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WinSnare : (C:\Users\Attilio\AppData\Roaming\WinSnare\WinSnare.dll) [-] -> Trouvé(e) [PUP.AMule|VT.Trojan-Downloader.Win32.Eroyee.g] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ed2kidle ("C:\Program Files (x86)\amuleCexx\ed2k.exe" -downloadwhenidle) -> Trouvé(e) [PUP.Ghokswa|VT.TR/Dropper.ouklc] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FirefoxU ("C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe") -> Trouvé(e) [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnl (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys) -> Trouvé(e) [PUP.Gen0|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlBoot (system32\DRIVERS\iSafeKrnlBoot.sys) -> Trouvé(e) [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlKit (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys) -> Trouvé(e) [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlMon (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys) -> Trouvé(e) [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeKrnlR3 (\??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys) -> Trouvé(e) [PUP.Gen0|PUP.Yac|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeNetFilter (system32\DRIVERS\iSafeNetFilter.sys) -> Trouvé(e) [PUP.Gen0|PUP.Yac|PUP.Gen1|VT.FraudTool.YAC] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iSafeService (C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe) -> Trouvé(e) [Suspicious.Path|VT.not-a-virus:AdWare.Win32.ELEX.awu] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kyubey (C:\Users\Attilio\AppData\Roaming\Kyubey\Kyubey.exe -s) -> Trouvé(e) [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetUtils2016 (\??\C:\WINDOWS\system32\drivers\NetUtils2016.sys) -> Trouvé(e) [Adw.Elex|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSnare (C:\Users\Attilio\AppData\Roaming\WinSnare\WinSnare.dll) -> Trouvé(e) [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT -> Trouvé(e) [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT -> Trouvé(e) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc -> Trouvé(e) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://r.orange.fr/r/Oodc_IE_oi_v2?ref=O_OI_defaultPage_IE_odc -> Trouvé(e) [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT -> Trouvé(e) [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT -> Trouvé(e) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT -> Trouvé(e) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT -> Trouvé(e) [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.startpageing123.com/search/?type=ds&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.startpageing123.com/search/?type=ds&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH_F-zjl_VoQxUNv-lNM4LlgGiUPivhNnQYCUiLRji3QE5LFfsu8LrOoagDAkXdOv9MsjayKWBJzXU8b29vQPzPuIzZjtWGha0Gpx7lRVeXJgd_M2tp-W8ha-rlycODAIsf7TxUWtwEfl8CaQXEEbQ9ZJw-PJgpJw_jKc3Dg1g,,&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH_F-zjl_VoQxUNv-lNM4LlgGiUPivhNnQYCUiLRji3QE5LFfsu8LrOoagDAkXdOv9MsjayKWBJzXU8b29vQPzPuIzZjtWGha0Gpx7lRVeXJgd_M2tp-W8ha-rlycODAIsf7TxUWtwEfl8CaQXEEbQ9ZJw-PJgpJw_jKc3Dg1g,,&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH_F-zjl_VoQxUNv-lNM4LlgGiUPivhNnQYCUiLRji3QE5LFfsu8LrOoagDAkXdOv9MsjayKWBJzXU8b29vQPzPuIzZjtWGha0Gpx7lRVeXJgd_M2tp-W8ha-rlycODAIsf7TxUWtwEfl8CaQXEEbQ9ZJw-PJgpJw_jKc3Dg1g,,&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH_F-zjl_VoQxUNv-lNM4LlgGiUPivhNnQYCUiLRji3QE5LFfsu8LrOoagDAkXdOv9MsjayKWBJzXU8b29vQPzPuIzZjtWGha0Gpx7lRVeXJgd_M2tp-W8ha-rlycODAIsf7TxUWtwEfl8CaQXEEbQ9ZJw-PJgpJw_jKc3Dg1g,,&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.startpageing123.com/search/?type=ds&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT&q={searchTerms} -> Trouvé(e) [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://www.startpageing123.com/search/?type=ds&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT&q={searchTerms} -> Trouvé(e) [PUP.Ghokswa|VT.TR/Dropper.ouklc] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {88AB7D61-3E7F-4752-9507-675611E054D8} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| [7] -> Trouvé(e) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trouvé(e) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2394248128-3885229179-4112585846-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Trouvé(e) ¤¤¤ Tâches : 27 ¤¤¤ [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Online Application Updater.job -- C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe (/silentall -nofreqcheck) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Online Application v2 Guardian.job -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe (1 38) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Online Application v209 Guard.job -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe (1 61) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Online Application v209 Guardian.job -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe (1 62) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Online Application v209.job -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe (1 60) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Traffic Exchange Updater.job -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe (/silentall -nofreqcheck) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Traffic Exchange v2 - 1.job -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (1 36) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Traffic Exchange v2 - 2.job -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (1 37) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Traffic Exchange v2 - 3.job -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (1 38) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Traffic Exchange v209 - 1.job -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe (1 60) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Traffic Exchange v209 - 2.job -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe (1 61) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] %WINDIR%\Tasks\Traffic Exchange v209 - 3.job -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe (1 62) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Online Application Updater -- C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe (/silentall -nofreqcheck) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Online Application v2 Guardian -- C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe (1 38) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Online Application v209 -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe (1 60) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Online Application v209 Guard -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe (1 61) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Online Application v209 Guardian -- C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe (1 62) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (1 11) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange Guard -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (1 12) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange Guardian -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe (1 13) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange Updater -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe (/silentall -nofreqcheck) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange v2 - 1 -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (1 36) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange v2 - 2 -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (1 37) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange v2 - 3 -- C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe (1 38) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange v209 - 1 -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe (1 60) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange v209 - 2 -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe (1 61) -> Trouvé(e) [PUP.OnlineIO|PUP.Gen0] \Traffic Exchange v209 - 3 -- C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe (1 62) -> Trouvé(e) ¤¤¤ Fichiers : 17 ¤¤¤ [PUP.Ghokswa][Fichier] C:\Users\Attilio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\Firefox\Firefox.exe -> Trouvé(e) [PUP.Sobrab][Fichier] C:\Windows\SysWOW64\NetUtils2016.exe -> Trouvé(e) [PUP.Yac][Fichier] C:\Windows\System32\drivers\iSafeNetFilter.sys -> Trouvé(e) [PUP.Gen0][Fichier] C:\Windows\System32\drivers\NetUtils2016.sys -> Trouvé(e) [PUP.AMule][Répertoire] C:\Users\Attilio\AppData\Roaming\aMule -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Users\Attilio\AppData\Roaming\Elex-tech -> Trouvé(e) [PUP.Ghokswa][Répertoire] C:\Users\Attilio\AppData\Roaming\Firefox -> Trouvé(e) [Adw.Elex][Répertoire] C:\Users\Attilio\AppData\Roaming\Mozilla\Firefox\naweriweentcofise -> Trouvé(e) [PUP.Gen0][Répertoire] C:\Users\Attilio\AppData\Roaming\WinSAPSvc -> Trouvé(e) [Adw.Elex][Répertoire] C:\Users\Attilio\AppData\Roaming\WinSnare -> Trouvé(e) [PUP.Ghokswa][Répertoire] C:\Users\Attilio\AppData\Local\Firefox -> Trouvé(e) [PUP.QRss][Répertoire] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ -> Trouvé(e) [PUP.Ghokswa][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [LNK@] C:\PROGRA~2\Firefox\Firefox.exe http://www.startpageing123.com/?type=sc&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT -> Trouvé(e) [PUP.Ghokswa][Fichier] C:\$Recycle.Bin\S-1-5-21-2394248128-3885229179-4112585846-1001\$RE6GE3S.lnk [LNK@] C:\PROGRA~2\Firefox\Firefox.exe -> Trouvé(e) [PUP.AMule][Répertoire] C:\Program Files (x86)\amuleCexx -> Trouvé(e) [PUP.Gen1][Répertoire] C:\Program Files (x86)\Elex-tech -> Trouvé(e) [PUP.Ghokswa][Répertoire] C:\Program Files (x86)\Firefox -> Trouvé(e) ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 5 ¤¤¤ [PUM.HomePage][Firefox:Config] 1wyxytwo.default-1474902429916 : user_pref("browser.startup.homepage", "http://r.orange.fr/r/Oodc_FF_oi_v2?ref=O_OI_defaultPage_FF_odc"); -> Trouvé(e) [PUM.NewTab][Firefox:Config] 1wyxytwo.default-1474902429916 : user_pref("browser.newtab.url", "C:\\ProgramData\\Hotfreshs\\ff.NT"); -> Trouvé(e) [PUM.HomePage][Chrome:Config] ChromeDefaultData [SecurePrefs] : homepage [http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT] -> Trouvé(e) [PUP.Gen1][Chrome:Config] ChromeDefaultData : homepage [http://mystart.incredimail.com/] -> Trouvé(e) [PUM.HomePage][Chrome:Config] ChromeDefaultData [SecurePrefs] : session.startup_urls [http://www.startpageing123.com/?type=hp&ts=1488489168&z=073bfe4a0772c1641ede92dg8zcbfb1z4b8tcg8q5b&from=che0812&uid=TOSHIBAXMQ01ABD100_X5NRT7IMTXXX5NRT7IMT] -> Trouvé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++ --- User --- [MBR] b2f14ae1d3f34242b9c19dc9fefc18da [BSP] 8dfc5e1bfca110db52ad82f51db6ba94 : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB 2 - Basic data partition | Offset (sectors): 239616 | Size: 953251 MB 3 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1952497664 | Size: 500 MB User = LL1 ... OK User = LL2 ... OK