RogueKiller V9.0.0.0 [May 29 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 32 bits version
Démarrage : Mode normal
Utilisateur : scorebut [Droits d'admin]
Mode : Recherche -- Date : 05/30/2014  18:49:45

¤¤¤ Processus malicieux : 4 ¤¤¤
[Hidden!]  -- [x] -> TUÉ [TermThr]
[Hidden!]  -- [x] -> TUÉ [TermThr]
[Hidden!]  -- [x] -> TUÉ [TermThr]
[Suspicious.Path] (SVC) mbr -- \??\C:\Users\scorebut\AppData\Local\Temp\mbr.sys[x] -> STOPPÉ

¤¤¤ Entrées de registre : 4 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> TROUVÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 -> TROUVÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> TROUVÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5 -> TROUVÉ

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 21 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.236.252
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.236.253
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.236.254
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.232.81
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.232.82
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.232.83
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.1
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.2
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.3
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.4
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    82.138.81.211
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                  license.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.license.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   speccy.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.speccy.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   recuva.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.recuva.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   defraggler.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.defraggler.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   ccleaner.piriform.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.ccleaner.piriform.com

¤¤¤ Antirootkit : 45 ¤¤¤
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemFree : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c438d0
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCreateInstance : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c5b29d
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoRegisterClassObject : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76caf40c
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoRevokeClassObject : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76cb03ec
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoSetProxyBlanket : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c7b5d1
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemAlloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c43a60
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoWaitForMultipleHandles : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c592fd
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoInitializeEx : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c44d05
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoUninitialize : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c4487e
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - RoGetAgileReference : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76cc7d4b
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - StringFromGUID2 : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c581c7
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemRealloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c59198
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetApartmentType : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c58480
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - PropVariantClear : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c58430
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CreateStreamOnHGlobal : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c8d38c
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetMalloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c43e47
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoEnableCallCancellation : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c8cf14
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCancelCall : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76d17d5b
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoDisableCallCancellation : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c8cec5
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CLSIDFromString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c6b302
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoFreeUnusedLibraries : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76cb264f
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoMarshalInterThreadInterfaceInStream : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c8dad5
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoReleaseMarshalData : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c651e9
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetInterfaceAndReleaseStream : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c8da7d
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCreateFreeThreadedMarshaler : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c88b18
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c8be69
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateStringReference : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76cc26c7
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c8bd91
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76cc2739
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - CallNtPowerInformation : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x75531e73
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - PowerDeterminePlatformRoleEx : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x755339e9
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - GetPwrCapabilities : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x75532e29
[IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRegisterInitializeSpy : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c89001
[IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRegisterMessageFilter : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76cc1ce2
[IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRevokeInitializeSpy : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c676c0
[IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - StopTraceW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a92e13
[IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - EnableTraceEx2 : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a937e1
[IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - StartTraceW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a955f7
[IAT:Addr] (explorer.exe) api-ms-win-service-management-l2-1-0.dll - QueryServiceConfigW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a8b094
[IAT:Addr] (explorer.exe) api-ms-win-service-management-l2-1-0.dll - NotifyServiceStatusChangeW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a90f0c
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76c7ef27
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - GetIdentityProviderInfoByGUID : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a8b65d
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - EnumerateIdentityProviders : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a88a90
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - ReleaseIdentityProviderEnumContext : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a88a6a
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - GetDefaultIdentityProvider : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77a92eeb

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ST3320620AS ATA Device +++++
--- User ---
[MBR] 286a47ec1d825e6e5408e3b528a9eb83
[BSP] cdb3d16f6f7f7af4c5adeeec4c297cf1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 153657 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 315410431 | Size: 151235 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] 4ea20397e70ebcb4dc329c53aab3aae2
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 128 | Size: 3874 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )