Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.0.3.0 (x64) [Jun 17 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarrage : Mode normal
Utilisateur : sos [Droits d'admin]
Mode : Recherche -- Date : 06/20/2014 13:13:12
¤¤¤ Processus malicieux : 1 ¤¤¤
[Svchost] svchost.exe -- C:\Windows\syswow64\svchost.exe[x] -> [NoKill]
¤¤¤ Entrées de registre : 20 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Netprotocol : C:\Users\sos\AppData\Roaming\netprotocol.exe -> TROUVÉ
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | svñhîst : %USERPROFILE%\Desktop\22aec5b5e8c4e7cf239543ae44d307ea\22aec5b5e8c4e7cf239543ae44d307ea.exe -> TROUVÉ
[ZeroAccess] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Google Update : "C:\Users\sos\AppData\Local\Google\Desktop\Install\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\❤≸⋙\Ⱒ☠⍨\?ﯹ๛\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\GoogleUpdate.exe" > -> TROUVÉ
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | 5fa1fd2 : C:\Users\sos\AppData\Roaming\5fa1fd2.exe -> TROUVÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Netprotocol : C:\Users\sos\AppData\Roaming\netprotocol.exe -> TROUVÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | svñhîst : %USERPROFILE%\Desktop\22aec5b5e8c4e7cf239543ae44d307ea\22aec5b5e8c4e7cf239543ae44d307ea.exe -> TROUVÉ
[ZeroAccess] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Google Update : "C:\Users\sos\AppData\Local\Google\Desktop\Install\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\❤≸⋙\Ⱒ☠⍨\?ﯹ๛\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\GoogleUpdate.exe" > -> TROUVÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | 5fa1fd2 : C:\Users\sos\AppData\Roaming\5fa1fd2.exe -> TROUVÉ
[Root.Necurs] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\63fa85c9be5b5aa7 -> TROUVÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NvUpdSrv -> TROUVÉ
[Root.Necurs] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\63fa85c9be5b5aa7 -> TROUVÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NvUpdSrv -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BD97968-F93B-4F53-BD27-6205E13DFD3B} | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7BD97968-F93B-4F53-BD27-6205E13DFD3B} | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 1 ¤¤¤
[ZeroAccess][Repertoire] Install -- C:\Users\sos\AppData\Local\Google\Desktop\Install -> TROUVÉ
¤¤¤ Fichier HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: VBOX HARDDISK +++++
--- User ---
[MBR] e041475d754f2d2620eab1caa02d68bb
[BSP] a4dadd6b386bef5ba7a5d344c962dab5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 25248 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_06192014_161634.log - RKreport_SCN_06192014_152642.log - RKreport_SCN_06192014_153630.log - RKreport_SCN_06192014_155002.log
RKreport_SCN_06192014_161020.log
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarrage : Mode normal
Utilisateur : sos [Droits d'admin]
Mode : Recherche -- Date : 06/20/2014 13:13:12
¤¤¤ Processus malicieux : 1 ¤¤¤
[Svchost] svchost.exe -- C:\Windows\syswow64\svchost.exe[x] -> [NoKill]
¤¤¤ Entrées de registre : 20 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Netprotocol : C:\Users\sos\AppData\Roaming\netprotocol.exe -> TROUVÉ
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | svñhîst : %USERPROFILE%\Desktop\22aec5b5e8c4e7cf239543ae44d307ea\22aec5b5e8c4e7cf239543ae44d307ea.exe -> TROUVÉ
[ZeroAccess] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Google Update : "C:\Users\sos\AppData\Local\Google\Desktop\Install\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\❤≸⋙\Ⱒ☠⍨\?ﯹ๛\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\GoogleUpdate.exe" > -> TROUVÉ
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | 5fa1fd2 : C:\Users\sos\AppData\Roaming\5fa1fd2.exe -> TROUVÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Netprotocol : C:\Users\sos\AppData\Roaming\netprotocol.exe -> TROUVÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | svñhîst : %USERPROFILE%\Desktop\22aec5b5e8c4e7cf239543ae44d307ea\22aec5b5e8c4e7cf239543ae44d307ea.exe -> TROUVÉ
[ZeroAccess] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | Google Update : "C:\Users\sos\AppData\Local\Google\Desktop\Install\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\❤≸⋙\Ⱒ☠⍨\?ﯹ๛\{aa182e55-c4fb-5227-a1b4-e80d169edc21}\GoogleUpdate.exe" > -> TROUVÉ
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2954563638-2763980334-2977926080-1001\Software\Microsoft\Windows\CurrentVersion\Run | 5fa1fd2 : C:\Users\sos\AppData\Roaming\5fa1fd2.exe -> TROUVÉ
[Root.Necurs] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\63fa85c9be5b5aa7 -> TROUVÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NvUpdSrv -> TROUVÉ
[Root.Necurs] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\63fa85c9be5b5aa7 -> TROUVÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NvUpdSrv -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7BD97968-F93B-4F53-BD27-6205E13DFD3B} | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7BD97968-F93B-4F53-BD27-6205E13DFD3B} | DhcpNameServer : 208.67.222.222 208.67.220.220 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 1 ¤¤¤
[ZeroAccess][Repertoire] Install -- C:\Users\sos\AppData\Local\Google\Desktop\Install -> TROUVÉ
¤¤¤ Fichier HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: VBOX HARDDISK +++++
--- User ---
[MBR] e041475d754f2d2620eab1caa02d68bb
[BSP] a4dadd6b386bef5ba7a5d344c962dab5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 25248 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_06192014_161634.log - RKreport_SCN_06192014_152642.log - RKreport_SCN_06192014_153630.log - RKreport_SCN_06192014_155002.log
RKreport_SCN_06192014_161020.log