Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.1.0.0 [Jun 23 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Sed [Droits d'admin]
Mode : Suppression -- Date : 07/06/2014 11:30:44
¤¤¤ Processus malicieux : 1 ¤¤¤
[Suspicious.Path] CurseClient.exe -- C:\Users\Sed\AppData\Local\Apps\2.0\0O7Y7C8O.2ET\5VOR63VT.YAY\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe[-] -> TUÉ [TermProc]
¤¤¤ Entrées de registre : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D1BE972-4145-4912-9933-F54EFA69C665} | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0D1BE972-4145-4912-9933-F54EFA69C665} | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0D1BE972-4145-4912-9933-F54EFA69C665} | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 1 ¤¤¤
[Suspicious.Path] \\{B984A088-FC3F-42D0-AFCB-1AB69C5CB8C9} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sed\Desktop\All_Windows_Crack\Crack_seven\Crack Seven.exe" -d C:\Users\Sed\Desktop\All_Windows_Crack\Crack_seven) -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com -> SUPPRIMÉ
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com -> SUPPRIMÉ
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com -> SUPPRIMÉ
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Navigateurs web : 7 ¤¤¤
[IE:Addon] System : avast! Online Security [{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] -> SUPPRIMÉ
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> SUPPRIMÉ
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ATA Hitachi HDS72101 SCSI Disk Device +++++
--- User ---
[MBR] 4728e3b416b6bb837d69dd2c6798d4e5
[BSP] 2993db19c37ea34f16f0f43e6aafe091 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 01ec8b4e986bd5943b461ed605a884ef
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 14975 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_07062014_112836.log
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Sed [Droits d'admin]
Mode : Suppression -- Date : 07/06/2014 11:30:44
¤¤¤ Processus malicieux : 1 ¤¤¤
[Suspicious.Path] CurseClient.exe -- C:\Users\Sed\AppData\Local\Apps\2.0\0O7Y7C8O.2ET\5VOR63VT.YAY\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe[-] -> TUÉ [TermProc]
¤¤¤ Entrées de registre : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D1BE972-4145-4912-9933-F54EFA69C665} | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0D1BE972-4145-4912-9933-F54EFA69C665} | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0D1BE972-4145-4912-9933-F54EFA69C665} | DhcpNameServer : 109.88.203.3 62.197.111.140 -> REMPLACÉ ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 1 ¤¤¤
[Suspicious.Path] \\{B984A088-FC3F-42D0-AFCB-1AB69C5CB8C9} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sed\Desktop\All_Windows_Crack\Crack_seven\Crack Seven.exe" -d C:\Users\Sed\Desktop\All_Windows_Crack\Crack_seven) -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com -> SUPPRIMÉ
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com -> SUPPRIMÉ
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com -> SUPPRIMÉ
¤¤¤ Antirootkit : 0 ¤¤¤
¤¤¤ Navigateurs web : 7 ¤¤¤
[IE:Addon] System : avast! Online Security [{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] -> SUPPRIMÉ
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> SUPPRIMÉ
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ATA Hitachi HDS72101 SCSI Disk Device +++++
--- User ---
[MBR] 4728e3b416b6bb837d69dd2c6798d4e5
[BSP] 2993db19c37ea34f16f0f43e6aafe091 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 01ec8b4e986bd5943b461ed605a884ef
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 14975 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_07062014_112836.log