RogueKiller V12.12.12.0 (x64) [Apr 9 2018] (Gratuit) par Adlice Software
email : http://www.adlice.com/fr/contact/
Remontes : https://forum.adlice.com
Site web : http://www.adlice.com/fr/download/roguekiller/
Blog : http://www.adlice.com/fr/

Systme d'exploitation : Windows 10 (10.0.16299) 64 bits version
Dmarr en : Mode normal
Utilisateur : Samax [Administrateur]
Dmarr depuis : C:\Users\samax_000\Desktop\RogueKiller_portable64.exe
Mode : Suppression -- Date : 04/15/2018 14:54:50 (Dure : 00:33:31)

Processus : 2
[PUP.uTorrentAds|VT.Detected] utorrentie.exe(11284) -- C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe[7] -> Tu(e) [TermProc]
[PUP.uTorrentAds|VT.Detected] utorrentie.exe(22140) -- C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe[7] -> Tu(e) [TermProc]

Registre : 33
[PUP.Gen1] (X64) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\APN PIP -> Non slectionn
[PUP.DllFiles] (X64) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\dll-files.com -> Non slectionn
[PUP.Gen1] (X64) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\TeleCharger -> Non slectionn
[PUP.Gen1] (X86) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\APN PIP -> Non slectionn
[PUP.DllFiles] (X86) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\dll-files.com -> Non slectionn
[PUP.Gen1] (X86) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\TeleCharger -> Non slectionn
[PUM.HomePage] (X64) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.daum.net/ -> Non slectionn
[PUM.HomePage] (X86) HKEY_USERS\RK_Samax_ON_H_3F6D\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.daum.net/ -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8CDAD410-4BCB-4DB9-BEE8-90CC1E826A8B} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Samax\AppData\Roaming\uTorrent\uTorrent.exe|Name=Torrent (UDP-In)|Desc=Allow Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8D13C474-E58F-4F1C-8FF5-F1C4F229BBFE} : v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Samax\AppData\Roaming\uTorrent\uTorrent.exe|Name=Torrent (TCP-In)|Desc=Allow Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{F185E2F8-35A4-431A-B13B-9D5D35FF54FD}C:\users\samax\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\samax\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{A455566E-D5C7-4357-8292-FCED13B0C8BB}C:\users\samax\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\samax\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{6A11A89D-8E31-44FF-B036-94004955E9F4}C:\users\samax\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\samax\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{EEDF2125-9E18-4188-AB9E-A5F801E22E66}C:\users\samax\appdata\roaming\utorrent\utorrent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\samax\appdata\roaming\utorrent\utorrent.exe|Name=utorrent.exe|Desc=utorrent.exe|Edge=TRUE|Defer=App| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {114E2BF2-5C29-45BE-9071-1C20685B54D9} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Samax\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AE5D93B1-384F-45AE-BB7E-065C66CB6F6C} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Samax\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{636E380C-E268-4B0A-BD5D-BD6372B3A87A}C:\users\samax\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\samax\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{06121BC5-C90C-4679-8871-8BE9F6CC9B6F}C:\users\samax\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\samax\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3D4C1BB1-D2D0-420A-A5F1-54D1606153CA} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Samax\AppData\Local\Temp\nsyA09A.tmp\CnetInstaller-75738300.exe|Name=proinstaller1567| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {42B2F246-32EE-438E-9911-A05C87A9C146} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Samax\AppData\Local\Temp\nsyA09A.tmp\CnetInstaller-75738300.exe|Name=proinstaller1567| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FAF4000F-81E5-47F3-A7C2-8F6690722E77} : v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|LPort=80|App=D:\Jeux\Survarium\temp\survarium_launcher.exe|Name=Survarium Launcher| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {884F186F-CE4E-4C7B-94D6-6CC560B22206} : v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=D:\Jeux\Survarium\temp\survarium_updater.exe|Name=Survarium Updater| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4F805869-6319-4ADD-853D-4E3D8C21BBD7} : v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=D:\Jeux\Survarium\temp\survarium_updater.exe|Name=Survarium Updater| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E11F4501-9D89-4065-B41C-4DA918745E53} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\Jeux\Survarium\temp\survarium_updater.exe|Name=Survarium Updater| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_H_7C9B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0FF47791-535D-4D45-AD04-F3622FF2BC89} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\Jeux\Survarium\temp\survarium_updater.exe|Name=Survarium Updater| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_K_BD13\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FFD424EA-2586-463C-8E76-1D9E501135B4} : v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\mathi\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-Out) (mathi)|Desc=Allow Torrent network traffic| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_K_BD13\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FC66B176-EAAD-4F75-BAB2-B30D61D99814} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\mathi\AppData\Roaming\uTorrent\uTorrent.exe|Name=Torrent (mathi)| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_K_BD13\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {073E93FE-0FC0-4347-B6C6-567246A7CA07} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\mathi\AppData\Roaming\uTorrent\uTorrent.exe|Name=Torrent (mathi)| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_K_BD13\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0EFEA4F4-FA72-4093-A179-A770BA13F3B4} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\mathi\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In) (mathi)|Desc=Allow Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_K_BD13\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B2623CD1-70DF-47A3-BAB7-1E277E069487} : v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\mathi\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-Out) (mathi)|Desc=Allow Torrent network traffic| [x] -> Non slectionn
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_K_BD13\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {17E63B36-5818-4B85-958A-593D91CDFD39} : v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\mathi\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In) (mathi)|Desc=Allow Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Non slectionn
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_H_7297\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non slectionn
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_H_7297\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non slectionn

Tches : 1
[Hj.Shortcut] \{D941EC40-633E-4D30-8592-6D306C83624A} -- "c:\program files (x86)\mozilla firefox\firefox.exe" (http://ui.skype.com/ui/0/7.12.0.101/fr/abandoninstall?source=lightinstaller&page=tsBing) -> Supprim(e)

Fichiers : 21
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Supprim(e)
[PUP.uTorrentAds][Fichier] C:\Users\samax_000\AppData\Roaming\uTorrent\updates\3.5.3_44396\utorrentie.exe -> Supprim(e)
[PUP.Gen1][Rpertoire] C:\Program Files (x86)\Popcorn Time -> Supprim(e)
[PUP.Gen1][Fichier] C:\Program Files (x86)\Popcorn Time\init.txt -> Supprim(e)
[PUP.Gen1][Fichier] C:\Program Files (x86)\Popcorn Time\Updater.exe -> Supprim(e)

WMI : 0

Fichier Hosts : 0

Antirootkit : 0 (Driver: Charg)

Navigateurs web : 1
[PUM.HomePage][Firefox:Config] oi4qlrav.default : user_pref("browser.startup.homepage", "http://www.vice.com/fr/|http://www.feedly.com"); -> Non slectionn

Vrification MBR :
+++++ PhysicalDrive0: SanDisk SDSSDHP256G +++++
--- User ---
[MBR] 2db2efb97b9dbec0dcc62109dcc2303f
[BSP] 46364c0343a9641c4485752a03dce1fa : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 243396 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 499193856 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Ultra II 240GB +++++
--- User ---
[MBR] 4985834b9d89e095844087ec08cc0843
[BSP] 6f0a3d261bad0eb0540c20f9d544e8a8 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228456 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467881984 | Size: 476 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SAMSUNG HD103UJ +++++
--- User ---
[MBR] b9447f5bb1a84efd1d9a52a5ba2fd539
[BSP] c8572202f82b7e1b011d9d1ce8e0ea63 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 56319 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] LINUX (0x83) [VISIBLE] Offset (sectors): 115343360 | Size: 35840 MB
2 - [XXXXXX] LINUX-SWP (0x82) [VISIBLE] Offset (sectors): 188743680 | Size: 16384 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 222298112 | Size: 845325 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: TOSHIBA HDWD120 +++++
--- User ---
[MBR] 703903d4f3903668c4dc30991ba79209
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] f7f0325856c5fb6763b3495c1888af0e
[BSP] a11469c2366245dda16363c08e7ae8e2 : Linux|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )