please find below the scan,
I guess there is some bad things =p
RogueKiller V10.6.5.0 (x64) [May 20 2015] par Adlice Software
email :
http://www.adlice.com/contact/Remontées :
http://forum.adlice.comSite web :
http://www.adlice.com/fr/logiciels/roguekiller/Blog :
http://www.adlice.comSystème d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Racol [Administrateur]
Démarré depuis : C:\Users\Racol\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 05/21/2015 21:08:38
¤¤¤ Processus : 1 ¤¤¤
[Suspicious.Path] OneDrive.exe(1092) -- C:\Users\Racol\AppData\Local\Microsoft\OneDrive\OneDrive.exe[7] -> Tué(e) [TermProc]
¤¤¤ Registre : 27 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub) | (default) : {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub) | (default) : {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) | (default) : {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder) | (default) : {16F3DD56-1AF5-4347-846D-7C10C4192619} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark) | (default) : {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14} -> Trouvé(e)
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} -> Trouvé(e)
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Racol\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [7]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Racol\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [7]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
http://www.bing.com/?pc=U280 -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
http://www.bing.com/?pc=U280 -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
http://acer.msn.com -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-145186060-4103497679-2289092536-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
http://acer.msn.com -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6509D688-4A89-400A-99D6-A94764595569} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8F6F26B-7421-433F-9E9A-E819C4F432EC} | DhcpNameServer : 10.44.4.41 10.22.1.42 [(Private Address) (XX)][(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6509D688-4A89-400A-99D6-A94764595569} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C8F6F26B-7421-433F-9E9A-E819C4F432EC} | DhcpNameServer : 10.44.4.41 10.22.1.42 [(Private Address) (XX)][(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6509D688-4A89-400A-99D6-A94764595569} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C8F6F26B-7421-433F-9E9A-E819C4F432EC} | DhcpNameServer : 10.44.4.41 10.22.1.42 [(Private Address) (XX)][(Private Address) (XX)] -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 4 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - RtlCaptureContext : Unknown @ 0x21400a6 (jmp 0xffffffa6)
[IAT:Inl(Hook.IEAT)] (chrome.exe) wow64win.dll - sdwhwin32 : Unknown @ 0x21400a6 (jmp 0xffffffa6)
[IAT:Inl(Hook.IEAT)] (chrome.exe) wow64cpu.dll - CpuNotifyAffinityChange : Unknown @ 0x21400a6 (jmp 0xffffffa6)
[IAT:Inl(Hook.IEAT)] (chrome.exe) wow64.dll - Wow64KiUserCallbackDispatcher : Unknown @ 0x21400a6 (jmp 0xffffffa6)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 1b47b84dfcd1544f14e9c46766e8f635
[BSP] 6de6491fde3077606eff23d3bba2979a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33556480 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33761280 | Size: 460454 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Thank you in advance