RogueKiller V12.6.4.0 (x64) [Sep 26 2016] (Gratuit) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Démarré en : Mode normal Utilisateur : Esteban [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 09/28/2016 19:25:07 (Durée : 00:16:09) ¤¤¤ Processus : 0 ¤¤¤ ¤¤¤ Registre : 14 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{6F82FAB4-BF91-43F8-8D1A-1B9F23C209E4}C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{703F09BD-BBE3-4806-9D10-0ECF0E02B9CD}C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{44A5D321-B3F9-4870-B5B7-13F42696A851}C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{CF02CAAD-79FD-4F2F-8C3B-5E3349F7432A}C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{6F82FAB4-BF91-43F8-8D1A-1B9F23C209E4}C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{703F09BD-BBE3-4806-9D10-0ECF0E02B9CD}C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{44A5D321-B3F9-4870-B5B7-13F42696A851}C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{CF02CAAD-79FD-4F2F-8C3B-5E3349F7432A}C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{6F82FAB4-BF91-43F8-8D1A-1B9F23C209E4}C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{703F09BD-BBE3-4806-9D10-0ECF0E02B9CD}C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x32\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{44A5D321-B3F9-4870-B5B7-13F42696A851}C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{CF02CAAD-79FD-4F2F-8C3B-5E3349F7432A}C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\esteban\appdata\local\temp\rarsfx0\x64\pcsftool.exe|Name=PcSfTool|Desc=PcSfTool|Defer=User| [x] -> Trouvé(e) [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2269556892-668980708-1879617014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Trouvé(e) [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2269556892-668980708-1879617014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Trouvé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: ST1000DM 003-1CH162 SCSI Disk Device +++++ --- User --- [MBR] 5670c9d58b50552398b58e9306b1df7a [BSP] 8dff1682ed74f21f8a7f98cf5ee6ac8c : Linux|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 698655 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1490678000 | Size: 225996 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 1431054334 | Size: 29113 MB User = LL1 ... OK User = LL2 ... OK