ÿþRogueKiller V12.8.4.0 [Dec 5 2016] (Premium) par Adlice Software email : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site web : http://www.adlice.com/fr/download/roguekiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Démarré en : Mode normal Utilisateur : Med [Administrateur] Démarré depuis : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Date : 12/05/2016 21:17:36 (Durée : 00:45:52) ¤¤¤ Processus : 1 ¤¤¤ [VT.Sape.Heur.A7972!c] UsbFix.exe(2044) -- C:\UsbFix\UsbFix.exe[-] -> Trouvé(e) ¤¤¤ Registre : 15 ¤¤¤ [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} (C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6} (C:\Users\Med\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{8F84B376-2386-475B-992D-07F7562AA180} (C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll) -> Trouvé(e) [Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{B173D0A0-F669-4F7A-8C40-CF46A1ED04C6} (C:\Users\Med\AppData\Roaming\WindSolutions\CopyTransManager\CopyTransManager.ax) -> Trouvé(e) [PUP] HKEY_LOCAL_MACHINE\Software\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-3874071003-1161783992-2313022149-1000\Software\APN PIP -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-3874071003-1161783992-2313022149-1000\Software\TeleCharger -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-3874071003-1161783992-2313022149-1000\Software\WebApp -> Trouvé(e) [PUP] HKEY_USERS\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-21-3874071003-1161783992-2313022149-1000\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Trouvé(e) [PUP] HKEY_USERS\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A6258F64-5A84-42D3-8998-547EED94AB6E} | DhcpNameServer : 172.20.10.1 ([]) -> Trouvé(e) [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A6258F64-5A84-42D3-8998-547EED94AB6E} | DhcpNameServer : 172.20.10.1 ([]) -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C6E96F1C-831C-4B67-808C-B575A846D929} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Med\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [7] -> Trouvé(e) [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C6E96F1C-831C-4B67-808C-B575A846D929} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Med\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| [7] -> Trouvé(e) ¤¤¤ Tâches : 0 ¤¤¤ ¤¤¤ Fichiers : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Fichier Hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Vérification MBR : ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] a3b3a6a367b10c9c53d8b7e351c1713d [BSP] f3f6eb90eb3955241edbbc61cf11a1fd : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 241664 | Size: 8818 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 18300928 | Size: 100003 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 223107072 | Size: 368000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: SD Memory Card +++++ Error reading User MBR! ([79] Le délai de temporisation de sémaphore a expiré. ) Error reading LL1 MBR! ([1] Fonction incorrecte. ) Error reading LL2 MBR! ([1] Fonction incorrecte. )