
RogueKiller V9.2.13.0 (x64) [Sep 25 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Clé Conseil [Droits d'admin]
Mode : Recherche -- Date : 10/04/2014  08:20:11

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrées de registre : 22 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> TROUVÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> TROUVÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> TROUVÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> TROUVÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> TROUVÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> TROUVÉ
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-279046156-2263393310-182542803-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\ENDLES~1.SCR  -> TROUVÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-279046156-2263393310-182542803-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\ENDLES~1.SCR  -> TROUVÉ
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> TROUVÉ
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> TROUVÉ
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> TROUVÉ
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> TROUVÉ
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> TROUVÉ
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> TROUVÉ
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-279046156-2263393310-182542803-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> TROUVÉ
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-279046156-2263393310-182542803-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> TROUVÉ
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> TROUVÉ
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> TROUVÉ

¤¤¤ Tâches planifiées : 4 ¤¤¤
[Suspicious.Path] \\{0A2C12BA-5F6E-476D-A162-785D76B00EA0} -- C:\Users\Clé Conseil\Desktop\JRT.exe -> TROUVÉ
[Suspicious.Path] \\{59B05577-A15B-4CD7-979D-3ADB8000758F} -- C:\Users\Clé Conseil\Desktop\JRT.exe -> TROUVÉ
[Suspicious.Path] \\{F02B8A96-D442-43DA-9184-54F2CA62DD7D} -- C:\Users\Clé Conseil\Desktop\JRT.exe -> TROUVÉ
[Suspicious.Path] \\{F6AD92EB-C048-49A4-BE14-D0A7A335BC40} -- C:\Users\Clé Conseil\Desktop\JRT.exe -> TROUVÉ

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: CHARGE) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 953e70958cfa5db5c301fc74581a75ee
[BSP] 27bb98454ff2918061bc5c822d52613c : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10032014_111355.log