Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V10.0.6.0 (x64) [Nov 13 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : user [Administrateur]
Mode : Scan -- Date : 11/19/2014 13:17:13
¤¤¤ Processus : 41 ¤¤¤
[Proc.Injected] smss.exe -- C:\Windows\System32\smss.exe[x] -> [NoKill]
[Proc.Injected] services.exe -- C:\Windows\system32\services.exe[x] -> [NoKill]
[Proc.Injected] lsm.exe -- C:\Windows\system32\lsm.exe[x] -> [NoKill]
[Proc.Injected] winlogon.exe -- C:\Windows\system32\winlogon.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] spoolsv.exe -- C:\Windows\System32\spoolsv.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] taskeng.exe -- C:\Windows\system32\taskeng.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] armsvc.exe -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] mbamscheduler.exe -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] taskhost.exe -- C:\Windows\system32\taskhost.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] mbamservice.exe -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] dwm.exe -- C:\Windows\system32\Dwm.exe[x] -> [NoKill]
[Proc.Injected] explorer.exe -- C:\Windows\Explorer.EXE[7] -> Tué(e) [TermProc]
[Proc.Injected] MDM.EXE -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[7] -> Tué(e) [TermProc]
[Proc.Injected] rpcnet.exe -- C:\Windows\SysWOW64\rpcnet.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] igfxtray.exe -- C:\Windows\System32\igfxtray.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] hkcmd.exe -- C:\Windows\System32\hkcmd.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] igfxpers.exe -- C:\Windows\System32\igfxpers.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] ccSvcHst.exe -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe[7] -> Tué(e) [DrvNtTerm]
[Proc.Injected] regsvr32.exe -- C:\Windows\System32\regsvr32.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] regsvr32.exe -- C:\Windows\SysWOW64\regsvr32.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] SSScheduler.exe -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] VCDDaemon.exe -- E:\Logiciels\VirtualCloneDrive\VCDDaemon.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] Smc.exe -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe[7] -> Tué(e) [DrvNtTerm]
[Proc.Injected] SearchIndexer.exe -- C:\Windows\system32\SearchIndexer.exe[x] -> [NoKill]
[Proc.Injected] unsecapp.exe -- C:\Windows\system32\wbem\unsecapp.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] WmiPrvSE.exe -- C:\Windows\system32\wbem\wmiprvse.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] wuauclt.exe -- C:\Windows\system32\wuauclt.exe[7] -> Tué(e) [TermProc]
¤¤¤ Registre : 26 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Run | Akworks : regsvr32.exe C:\Users\user\AppData\Local\Akworks\DependCommand.dll -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Run | Akworks : regsvr32.exe C:\Users\user\AppData\Local\Akworks\DependCommand.dll -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D6D8B27-F1E7-4272-A6F7-65AEB529B00A} | DhcpNameServer : 172.20.128.9 193.52.112.17 [(Private Address) (XX)][FRANCE (FR)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4BFEA05-C8F4-4B8D-9341-87C7E1333E24} | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1D6D8B27-F1E7-4272-A6F7-65AEB529B00A} | DhcpNameServer : 172.20.128.9 193.52.112.17 [(Private Address) (XX)][FRANCE (FR)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A4BFEA05-C8F4-4B8D-9341-87C7E1333E24} | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1D6D8B27-F1E7-4272-A6F7-65AEB529B00A} | DhcpNameServer : 172.20.128.9 193.52.112.17 [(Private Address) (XX)][FRANCE (FR)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A4BFEA05-C8F4-4B8D-9341-87C7E1333E24} | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] wse_astromenda.job -- C:\Users\user\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Trouvé(e)
¤¤¤ Fichiers : 3 ¤¤¤
[Suspicious.Path][Fichier] esentutl.lnk -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esentutl.lnk [LNK@] C:\Users\user\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe -> Trouvé(e)
[Suspicious.Path][Fichier] fsutil.lnk -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fsutil.lnk [LNK@] C:\Users\user\AppData\Roaming\Microsoft\Windows\IEUpdate\fsutil.exe -> Trouvé(e)
[Suspicious.Path][Fichier] wuapp.lnk -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.lnk [LNK@] C:\Users\user\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe -> Trouvé(e)
¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 764gcd12.default-1410434960340 : user_pref("browser.startup.homepage", "google.com"); -> Trouvé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD800BJKT-75F4T0 ATA Device +++++
--- User ---
[MBR] ee1f33cc2fd44d1376b43fd987a9c456
[BSP] 077dd4928f0b843db4e9349ad7ea5600 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76192 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 80437cd8b9e3133868a6b0722d39af1b
[BSP] 9b6ebbf7c1a08cbb9ccbeeaea6641cdb : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476907 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : user [Administrateur]
Mode : Scan -- Date : 11/19/2014 13:17:13
¤¤¤ Processus : 41 ¤¤¤
[Proc.Injected] smss.exe -- C:\Windows\System32\smss.exe[x] -> [NoKill]
[Proc.Injected] services.exe -- C:\Windows\system32\services.exe[x] -> [NoKill]
[Proc.Injected] lsm.exe -- C:\Windows\system32\lsm.exe[x] -> [NoKill]
[Proc.Injected] winlogon.exe -- C:\Windows\system32\winlogon.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] spoolsv.exe -- C:\Windows\System32\spoolsv.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] taskeng.exe -- C:\Windows\system32\taskeng.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] armsvc.exe -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] mbamscheduler.exe -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] taskhost.exe -- C:\Windows\system32\taskhost.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] mbamservice.exe -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] dwm.exe -- C:\Windows\system32\Dwm.exe[x] -> [NoKill]
[Proc.Injected] explorer.exe -- C:\Windows\Explorer.EXE[7] -> Tué(e) [TermProc]
[Proc.Injected] MDM.EXE -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[7] -> Tué(e) [TermProc]
[Proc.Injected] rpcnet.exe -- C:\Windows\SysWOW64\rpcnet.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] igfxtray.exe -- C:\Windows\System32\igfxtray.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] hkcmd.exe -- C:\Windows\System32\hkcmd.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] igfxpers.exe -- C:\Windows\System32\igfxpers.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] ccSvcHst.exe -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe[7] -> Tué(e) [DrvNtTerm]
[Proc.Injected] regsvr32.exe -- C:\Windows\System32\regsvr32.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] regsvr32.exe -- C:\Windows\SysWOW64\regsvr32.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] SSScheduler.exe -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] VCDDaemon.exe -- E:\Logiciels\VirtualCloneDrive\VCDDaemon.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] iexplore.exe -- C:\Program Files\Internet Explorer\iexplore.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] Smc.exe -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe[7] -> Tué(e) [DrvNtTerm]
[Proc.Injected] SearchIndexer.exe -- C:\Windows\system32\SearchIndexer.exe[x] -> [NoKill]
[Proc.Injected] unsecapp.exe -- C:\Windows\system32\wbem\unsecapp.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] WmiPrvSE.exe -- C:\Windows\system32\wbem\wmiprvse.exe[7] -> Tué(e) [TermProc]
[Proc.Injected] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Injected] wuauclt.exe -- C:\Windows\system32\wuauclt.exe[7] -> Tué(e) [TermProc]
¤¤¤ Registre : 26 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Run | Akworks : regsvr32.exe C:\Users\user\AppData\Local\Akworks\DependCommand.dll -> Trouvé(e)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Run | Akworks : regsvr32.exe C:\Users\user\AppData\Local\Akworks\DependCommand.dll -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsMangerProtect (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service) -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Trouvé(e)
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D6D8B27-F1E7-4272-A6F7-65AEB529B00A} | DhcpNameServer : 172.20.128.9 193.52.112.17 [(Private Address) (XX)][FRANCE (FR)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4BFEA05-C8F4-4B8D-9341-87C7E1333E24} | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1D6D8B27-F1E7-4272-A6F7-65AEB529B00A} | DhcpNameServer : 172.20.128.9 193.52.112.17 [(Private Address) (XX)][FRANCE (FR)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A4BFEA05-C8F4-4B8D-9341-87C7E1333E24} | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1D6D8B27-F1E7-4272-A6F7-65AEB529B00A} | DhcpNameServer : 172.20.128.9 193.52.112.17 [(Private Address) (XX)][FRANCE (FR)] -> Trouvé(e)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A4BFEA05-C8F4-4B8D-9341-87C7E1333E24} | DhcpNameServer : 10.189.0.1 [(Private Address) (XX)] -> Trouvé(e)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-153967636-2143559309-1663407548-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
¤¤¤ Tâches : 1 ¤¤¤
[Suspicious.Path] wse_astromenda.job -- C:\Users\user\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Trouvé(e)
¤¤¤ Fichiers : 3 ¤¤¤
[Suspicious.Path][Fichier] esentutl.lnk -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\esentutl.lnk [LNK@] C:\Users\user\AppData\Roaming\Microsoft\Windows\IEUpdate\esentutl.exe -> Trouvé(e)
[Suspicious.Path][Fichier] fsutil.lnk -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fsutil.lnk [LNK@] C:\Users\user\AppData\Roaming\Microsoft\Windows\IEUpdate\fsutil.exe -> Trouvé(e)
[Suspicious.Path][Fichier] wuapp.lnk -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuapp.lnk [LNK@] C:\Users\user\AppData\Roaming\Microsoft\Windows\IEUpdate\wuapp.exe -> Trouvé(e)
¤¤¤ Fichier Hosts : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 764gcd12.default-1410434960340 : user_pref("browser.startup.homepage", "google.com"); -> Trouvé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD800BJKT-75F4T0 ATA Device +++++
--- User ---
[MBR] ee1f33cc2fd44d1376b43fd987a9c456
[BSP] 077dd4928f0b843db4e9349ad7ea5600 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76192 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 80437cd8b9e3133868a6b0722d39af1b
[BSP] 9b6ebbf7c1a08cbb9ccbeeaea6641cdb : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476907 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )