Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.8.10 [Feb 28 2014] par Adlice Software
mail : http://www.adlice.com/contact/
Remontees : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Laetitia [Droits d'admin]
Mode : Recherche -- Date : 03/12/2014 15:37:16
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Del658230 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Del720724 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : DelTr889049 (cmd.exe /c rd /s /q "C:\Users\Laetitia\AppData\Roaming\mysearchdial" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\RunOnce : Del658230 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\RunOnce : Del720724 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\RunOnce : DelTr889049 (cmd.exe /c rd /s /q "C:\Users\Laetitia\AppData\Roaming\mysearchdial" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del658246 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del720740 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : DelTr889080 (cmd.exe /c rd /s /q "C:\Users\Laetitia\AppData\Roaming\mysearchdial" [x][-]) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\Laetitia\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> TROUVÉ
[V2][SUSP PATH] Digital Sites : C:\Users\Laetitia\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST932042 3AS SATA Disk Device +++++
--- User ---
[MBR] 3143ec775d36538b9a0230f1952b1042
[BSP] 1407337867fd24f18cc1450ee6f93407 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288783 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 591837184 | Size: 16158 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SD Card +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 31d8507c459c970c126eda13dc324487
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 52 | Size: 15275 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Imation USB Flash Drive USB Device +++++
--- User ---
[MBR] cfaca589fc701ace9892b8196ee8e892
[BSP] bf718b0ab7348a04ab716f3989aed605 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 994 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_S_03122014_153716.txt >>
mail : http://www.adlice.com/contact/
Remontees : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Laetitia [Droits d'admin]
Mode : Recherche -- Date : 03/12/2014 15:37:16
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SergeLeLama (wscript.exe //B "C:\Users\Laetitia\AppData\Local\Temp\SergeLeLama.vbs" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Del658230 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : Del720724 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\RunOnce : DelTr889049 (cmd.exe /c rd /s /q "C:\Users\Laetitia\AppData\Roaming\mysearchdial" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\RunOnce : Del658230 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\RunOnce : Del720724 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3447368618-1903890353-2125637639-1000\[...]\RunOnce : DelTr889049 (cmd.exe /c rd /s /q "C:\Users\Laetitia\AppData\Roaming\mysearchdial" [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del658246 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del720740 (cmd.exe /Q /D /c del "C:\Users\Laetitia\AppData\Local\Temp\0.del" [x][x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : DelTr889080 (cmd.exe /c rd /s /q "C:\Users\Laetitia\AppData\Roaming\mysearchdial" [x][-]) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\Laetitia\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> TROUVÉ
[V2][SUSP PATH] Digital Sites : C:\Users\Laetitia\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST932042 3AS SATA Disk Device +++++
--- User ---
[MBR] 3143ec775d36538b9a0230f1952b1042
[BSP] 1407337867fd24f18cc1450ee6f93407 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 288783 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 591837184 | Size: 16158 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SD Card +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 7576 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 31d8507c459c970c126eda13dc324487
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 52 | Size: 15275 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Imation USB Flash Drive USB Device +++++
--- User ---
[MBR] cfaca589fc701ace9892b8196ee8e892
[BSP] bf718b0ab7348a04ab716f3989aed605 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 994 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_S_03122014_153716.txt >>