Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.1.0.0 [Jun 23 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Béatrice [Droits d'admin]
Mode : Recherche -- Date : 06/26/2014 21:59:33
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 9 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46D4E32D-C5B8-4F0C-8DDE-9E661A8120E9} | DhcpNameServer : 172.20.2.10 172.20.2.39 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46D4E32D-C5B8-4F0C-8DDE-9E661A8120E9} | DhcpNameServer : 172.20.2.10 172.20.2.39 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{46D4E32D-C5B8-4F0C-8DDE-9E661A8120E9} | DhcpNameServer : 172.20.2.10 172.20.2.39 -> TROUVÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3412913541-1543372874-812571775-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> TROUVÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3412913541-1543372874-812571775-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
¤¤¤ Tâches planifiées : 7 ¤¤¤
[Suspicious.Path] \\{04A3D3C2-4883-48AB-BDCC-CB996AAFB10D} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QKH8FI3\sp55138[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{13202301-D4A1-41CB-B038-0DF346509593} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NV9SBG22\sp50180[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{1E0A5FCB-7576-4333-9852-58DC4A04B61D} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MXVFTJ8\sp50843[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{3F2D8BD4-DB10-41C6-BDBD-37F47FB30B26} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Béatrice\Desktop\blu-rayvideoconverterultimate_setup.exe -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{6E626A28-6420-4305-AF55-F697648FE895} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Béatrice\AppData\Local\Temp\Temp2_Synaptics_v16_2_21_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Win8.zip\Setup.exe) -> TROUVÉ
[Suspicious.Path] \\{8325534E-CFE2-4C41-977C-0F8B241FC172} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKTQ98YR\sp56847[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{8BB20B50-D99B-499E-A0BF-C048B08237A5} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGW9F8XC\sp55109.exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1059GSM +++++
--- User ---
[MBR] f485dea7aef1f98031e2d5e4d159de97
[BSP] 4936d21bd438e26710c7abfdc939c60f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 937123 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1919637504 | Size: 16443 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] c6d5d410a5bd6c463e878e3102505343
[BSP] 4936d21bd438e26710c7abfdc939c60f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB
============================================
RKreport_DEL_06252014_171736.log - RKreport_SCN_06252014_171536.log - RKreport_SCN_06252014_172019.log - RKreport_SCN_06252014_172236.log
RKreport_SCN_06262014_214551.log
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Béatrice [Droits d'admin]
Mode : Recherche -- Date : 06/26/2014 21:59:33
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 9 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46D4E32D-C5B8-4F0C-8DDE-9E661A8120E9} | DhcpNameServer : 172.20.2.10 172.20.2.39 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46D4E32D-C5B8-4F0C-8DDE-9E661A8120E9} | DhcpNameServer : 172.20.2.10 172.20.2.39 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{46D4E32D-C5B8-4F0C-8DDE-9E661A8120E9} | DhcpNameServer : 172.20.2.10 172.20.2.39 -> TROUVÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3412913541-1543372874-812571775-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> TROUVÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3412913541-1543372874-812571775-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
¤¤¤ Tâches planifiées : 7 ¤¤¤
[Suspicious.Path] \\{04A3D3C2-4883-48AB-BDCC-CB996AAFB10D} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QKH8FI3\sp55138[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{13202301-D4A1-41CB-B038-0DF346509593} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NV9SBG22\sp50180[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{1E0A5FCB-7576-4333-9852-58DC4A04B61D} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MXVFTJ8\sp50843[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{3F2D8BD4-DB10-41C6-BDBD-37F47FB30B26} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Béatrice\Desktop\blu-rayvideoconverterultimate_setup.exe -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{6E626A28-6420-4305-AF55-F697648FE895} -- C:\Windows\system32\pcalua.exe (-a C:\Users\Béatrice\AppData\Local\Temp\Temp2_Synaptics_v16_2_21_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Win8.zip\Setup.exe) -> TROUVÉ
[Suspicious.Path] \\{8325534E-CFE2-4C41-977C-0F8B241FC172} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKTQ98YR\sp56847[1].exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
[Suspicious.Path] \\{8BB20B50-D99B-499E-A0BF-C048B08237A5} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Béatrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KGW9F8XC\sp55109.exe" -d C:\Users\Béatrice\Desktop) -> TROUVÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1059GSM +++++
--- User ---
[MBR] f485dea7aef1f98031e2d5e4d159de97
[BSP] 4936d21bd438e26710c7abfdc939c60f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 937123 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1919637504 | Size: 16443 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] c6d5d410a5bd6c463e878e3102505343
[BSP] 4936d21bd438e26710c7abfdc939c60f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB
============================================
RKreport_DEL_06252014_171736.log - RKreport_SCN_06252014_171536.log - RKreport_SCN_06252014_172019.log - RKreport_SCN_06252014_172236.log
RKreport_SCN_06262014_214551.log