# AdwCleaner v6.044 - Rapport créé le 07/03/2017 à 18:45:31 # Mis à jour le 28/02/2017 par Malwarebytes # Base de données : 2017-03-07.1 [Serveur] # Système d'exploitation : Windows 10 Home (X64) # Nom d'utilisateur : HARDCORE - HARDCORE-PC # Exécuté depuis : C:\Users\HARDCORE\Desktop\adwcleaner_6.044.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service trouvé: FirefoxU Service trouvé: WinSAPSvc Service trouvé: ed2kidle Service trouvé: WinSnare Service trouvé: Apps_Cfg Service trouvé: Kyubey ***** [ Dossiers ] ***** Dossier trouvé: C:\Program Files (x86)\WinSnare(4.2.5) Dossier trouvé: C:\Users\HARDCORE\AppData\Roaming\WinSAPSvc Dossier trouvé: C:\Users\HARDCORE\AppData\Roaming\winsapsvc Dossier trouvé: C:\Users\HARDCORE\AppData\Roaming\aMule Dossier trouvé: C:\Users\HARDCORE\AppData\Roaming\WinSnare Dossier trouvé: C:\Users\HARDCORE\AppData\Roaming\Kyubey Dossier trouvé: C:\Users\HARDCORE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ Dossier trouvé: C:\Program Files (x86)\Qernient Dossier trouvé: C:\Program Files (x86)\BikaQRss Dossier trouvé: C:\Program Files (x86)\Firefox Dossier trouvé: C:\Users\HARDCORE\AppData\Roaming\WinSnare ***** [ Fichiers ] ***** Fichier trouvé: C:\Users\Public\Documents\temp.dat Fichier trouvé: C:\Users\Public\Documents\report.dat Fichier trouvé: C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apdhdnojdbhafnfogidcjgknlgjaackh_0.localstorage Fichier trouvé: C:\Users\stoec\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apdhdnojdbhafnfogidcjgknlgjaackh_0.localstorage ***** [ DLL ] ***** Aucune DLL patchée trouvée. ***** [ WMI ] ***** Aucune clé malveillante trouvée. ***** [ Raccourcis ] ***** Raccourci infecté: C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT-80HXZT1_WD-WXP1E21XLH70XL Raccourci infecté: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400B Raccourci infecté: C:\Users\HARDCORE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from= Raccourci infecté: C:\Users\HARDCORE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m Raccourci infecté: C:\Users\HARDCORE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=c Raccourci infecté: C:\Users\HARDCORE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3b Raccourci infecté: C:\Users\HARDCORE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3 ***** [ Tâches planifiées ] ***** Tâche trouvée: BoxSoftwareUpdate Tâche trouvée: LaunchApp Tâche trouvée: BikaQ_FetchAndUpgrade_CanBeDel ***** [ Registre ] ***** Clé trouvée: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Clé trouvée: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare Clé trouvée: HKU\S-1-5-21-393267221-3395938937-2926540975-1000\Software\WinSnare Clé trouvée: HKCU\Software\WinSnare Clé trouvée: HKLM\SOFTWARE\ScreenShot Clé trouvée: HKLM\SOFTWARE\startpageing123Software Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78A2D999-4673-4FCC-818E-57B0AF8F3B70} Clé trouvée: [x64] HKCU\Software\WinSnare Clé trouvée: [x64] HKLM\SOFTWARE\InterSect Alliance Clé trouvée: HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Clé trouvée: HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-393267221-3395938937-2926540975-1000\Products\E4DFFE2B890D5484D965ED57EB3B9531 Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\999D2A873764CCF418E8750BFAF8B307 Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\999D2A873764CCF418E8750BFAF8B307 Clé trouvée: [x64] HKLM\SOFTWARE\Classes\Installer\Features\999D2A873764CCF418E8750BFAF8B307 Clé trouvée: [x64] HKLM\SOFTWARE\Classes\Installer\Products\999D2A873764CCF418E8750BFAF8B307 Donnée trouvée: HKU\S-1-5-21-393267221-3395938937-2926540975-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8 Donnée trouvée: HKU\S-1-5-21-393267221-3395938937-2926540975-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bd Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT-80HXZT1 Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT-8 Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT-8 Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6 Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT-80HXZT1 Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT-80HXZ Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT-80HXZ Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BP Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXWD6400BPVT Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.startpageing123.com/search/?type=ds&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&uid=WDCXW Clé trouvée: HKU\S-1-5-21-393267221-3395938937-2926540975-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Donnée trouvée: HKU\S-1-5-21-393267221-3395938937-2926540975-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Clé trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Clé trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - Donnée trouvée: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08a6a25a626934285 Donnée trouvée: HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc08 Donnée trouvée: [x64] HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.startpageing123.com/?type=sc&ts=1488817320&z=cc Valeur trouvée: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc] Clé trouvée: HKCU\SOFTWARE\Classes\ChromeHTML ***** [ Navigateurs web ] ***** Aucune préférence Firefox malveillante trouvée. Chromium préf trouvée: [C:\Users\HARDCORE\AppData\Local\Google\Chrome\User Data\Default\Web data] - searchinterneat-a.akamaihd.net Chromium préf trouvée: [C:\Users\HARDCORE\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&ui Chromium préf trouvée: [C:\Users\HARDCORE\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.startpageing123.com/searchfavicon.ico Chromium préf trouvée: [C:\Users\HARDCORE\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www.startpageing123.com/?type=hp&ts=1488817320&z=cc08a6a25a626934285701eg5zeb3bdb1g0m8c1o9z&from=che0812&u ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [38085 octets] - [24/02/2017 10:55:02] C:\AdwCleaner\AdwCleaner[C2].txt - [9924 octets] - [24/02/2017 18:05:11] C:\AdwCleaner\AdwCleaner[R0].txt - [23649 octets] - [19/03/2014 18:36:30] C:\AdwCleaner\AdwCleaner[R1].txt - [1571 octets] - [23/03/2014 12:26:06] C:\AdwCleaner\AdwCleaner[R2].txt - [1351 octets] - [07/04/2014 14:03:46] C:\AdwCleaner\AdwCleaner[S0].txt - [20689 octets] - [19/03/2014 18:37:18] C:\AdwCleaner\AdwCleaner[S1].txt - [1287 octets] - [07/04/2014 14:04:26] C:\AdwCleaner\AdwCleaner[S2].txt - [40033 octets] - [24/02/2017 10:47:39] C:\AdwCleaner\AdwCleaner[S3].txt - [35262 octets] - [24/02/2017 10:52:16] C:\AdwCleaner\AdwCleaner[S4].txt - [9333 octets] - [24/02/2017 18:02:47] C:\AdwCleaner\AdwCleaner[S5].txt - [11938 octets] - [07/03/2017 18:45:31] ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [12013 octets] ##########