RogueKiller V12.13.4.0 (x64) [Oct 8 2018] (Gratuit) par Adlice Software email : http://www.adlice.com/fr/contact/ Remontées : https://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com/fr/ Système d'exploitation : Windows 8 (6.2.9200) 64 bits version Démarré en : Mode normal Utilisateur : Mathieu [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Suppression -- Date : 10/12/2018 10:15:46 (Durée : 00:38:32) ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 20 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091043464\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091043464\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091459895\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091459895\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091505914\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091505914\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091043464\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091043464\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091459895\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091459895\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091505914\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-565260823-566925515-856121267-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10122018091505914\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com -> Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.188.0.1 ([]) -> Remplacé(e) () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6EB69A95-37F3-411C-97DC-83D9D51CFD4D} | DhcpNameServer : 10.188.0.1 ([]) -> Remplacé(e) () [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2) [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Remplacé(e) (2) ¤¤¤ Tâches : 7 ¤¤¤ [Hj.Shortcut] \{3EF5D124-E3AB-40D7-A95A-58BC8B5E1907} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.16.0.105/fr/abandoninstall?page=tsPlugin) -> Supprimé(e) [Hj.Shortcut] \{421B3518-3471-42B5-97CD-121448AC76CF} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.28.80.101/fr/abandoninstall?page=tsProgressBar) -> Supprimé(e) [Hj.Shortcut] \{7220286F-2E88-4568-87A1-511CCE4AEA67} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.21.0.104/fr/abandoninstall?page=tsMain) -> Supprimé(e) [Hj.Shortcut] \{B19CBF4D-4339-49F3-8827-16589E9CFF90} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.28.80.101/fr/abandoninstall?page=tsProgressBar) -> Supprimé(e) [Hj.Shortcut] \{D27A9D98-AA24-4477-8A37-4EED12960883} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.16.0.105/fr/go/help.faq.installer?LastError=1638) -> Supprimé(e) [Hj.Shortcut] \{D6537F3D-224B-4717-9C23-C9FD1D564275} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.16.0.105/fr/go/help.faq.installer?LastError=1638) -> Supprimé(e) [Hj.Shortcut] \{F75864ED-F180-4994-A7ED-55F55F19B30F} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/6.16.0.105/fr/go/help.faq.installer?LastError=1638) -> Supprimé(e) ¤¤¤ Fichiers : 19 ¤¤¤ [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlDaily.zip -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Definitions\MaliciousUrlWeekly.zip -> Supprimé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion\Definitions -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Icons\bing.ico -> Supprimé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion\Icons -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion\webcompanion.log -> Supprimé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion\Logs\Webcompanion -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService\WCAssistantServiceLog.log -> Supprimé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion\Logs\WindowsService -> Supprimé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion\Logs -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\ActiveFeatures.zip -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\CurrentReleaseNotes.txt -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\install.txt -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\LatestReleaseNotes.txt -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\partner.txt -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\ServicePartnerInfo.txt -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\Statistics.txt -> Supprimé(e) [PUP.Gen1][Fichier] C:\ProgramData\Lavasoft\Web Companion\Options\UpdateServer.txt -> Supprimé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion\Options -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\LIN?.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.rehcnualenil.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\St?rt ??r Br?wser.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.xoferif.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G?ogle ?hr?me.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.emorhc.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?unch Int?rnet E??l?rer Br?wser.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.erolpxei.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogle Chr?m?.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.emorhc.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\G?ogl? ?hrome.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.emorhc.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\LIN?.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.rehcnualenil.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozilla Fir?f?? (2).lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.xoferif.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozilla Fir?f?? (3).lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.xoferif.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozilla Fir?f??.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.xoferif.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\?ozill? Fir?f??.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.xoferif.bat -> Supprimé(e) [Hidden.ADS][Flux] C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201 -> Supprimé(e) [PUP.Gen1][Répertoire] C:\ProgramData\Lavasoft\Web Companion -> ERROR [3] [PUP.Gen0][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G?ogle Chr?m?.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.emorhc.bat -> Supprimé(e) [PUP.Gen0][Fichier] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?ozilla Fir?f??.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.xoferif.bat -> Supprimé(e) [Adw.Neoreklami][Fichier] C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll -> Supprimé(e) au redémarrage [5] [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\LIN?.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.rehcnualenil.bat -> Supprimé(e) au redémarrage [2] [PUP.Gen0][Fichier] C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\St?rt ??r Br?wser.lnk [LNK@] C:\Users\Mathieu\AppData\Roaming\Browsers\exe.xoferif.bat -> Supprimé(e) au redémarrage [2] ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 6 ¤¤¤ [PUM.HomePage][Firefox:Config] 6kt43ar3.default-1434886448240 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Remplacé(e) (about:home) [PUM.SearchEngine][Firefox:Config] 6kt43ar3.default-1434886448240 : user_pref("browser.search.selectedEngine", "Bing®"); -> Supprimé(e) [PUM.SearchEngine][Firefox:Config] 6kt43ar3.default-1434886448240 : user_pref("browser.search.defaultenginename", "Bing®"); -> Supprimé(e) [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [qwant.com] -> Supprimé(e) [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://www.qwant.com/?q={searchTerms}&client=opensearch] -> Supprimé(e) [PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://api.qwant.com/api/suggest/?q={searchTerms}&client=opensearch] -> Supprimé(e) ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: WDC WD7500BPKX-80HPJT0 +++++ --- User --- [MBR] fed5a442707a868e55b7c3ca9c160577 [BSP] 41f38fef58afd164ffddcfc6de5920ef : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB 1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 2312192 | Size: 286160 MB 4 - Basic data partition | Offset (sectors): 588367872 | Size: 407625 MB 5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1423183872 | Size: 20490 MB User = LL1 ... OK User = LL2 ... OK