RogueKiller V9.0.0.0 [May 29 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 32 bits version
Démarrage : Mode normal
Utilisateur : scorebut [Droits d'admin]
Mode : Suppression -- Date : 05/31/2014  11:48:36

¤¤¤ Processus malicieux : 2 ¤¤¤
[Hidden!]  -- [x] -> TUÉ [TermThr]
[Suspicious.Path] (SVC) mbr -- \??\C:\Users\scorebut\AppData\Local\Temp\mbr.sys[x] -> STOPPÉ

¤¤¤ Entrées de registre : 4 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> SUPPRIMÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 -> SUPPRIMÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> SUPPRIMÉ
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5 -> SUPPRIMÉ

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 21 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.236.252 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.236.253 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.236.254 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.232.81 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.232.82 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    85.159.232.83 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.1 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.2 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.3 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    193.107.240.4 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1    82.138.81.211 -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                  license.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.license.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   speccy.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.speccy.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   recuva.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.recuva.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   defraggler.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.defraggler.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   ccleaner.piriform.com -> SUPPRIMÉ
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1                   www.ccleaner.piriform.com -> SUPPRIMÉ

¤¤¤ Antirootkit : 68 ¤¤¤
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemFree : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f38d0
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCreateInstance : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7670b29d
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoRegisterClassObject : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7675f40c
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoRevokeClassObject : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767603ec
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoSetProxyBlanket : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7672b5d1
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemAlloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f3a60
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoWaitForMultipleHandles : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767092fd
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoInitializeEx : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f4d05
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoUninitialize : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f487e
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - RoGetAgileReference : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76777d4b
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - StringFromGUID2 : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767081c7
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemRealloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76709198
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetApartmentType : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76708480
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - PropVariantClear : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76708430
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CreateStreamOnHGlobal : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673d38c
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetMalloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f3e47
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoEnableCallCancellation : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673cf14
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCancelCall : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767c7d5b
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoDisableCallCancellation : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673cec5
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CLSIDFromString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7671b302
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoFreeUnusedLibraries : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7676264f
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoMarshalInterThreadInterfaceInStream : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673dad5
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoReleaseMarshalData : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767151e9
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetInterfaceAndReleaseStream : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673da7d
[IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCreateFreeThreadedMarshaler : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76738b18
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673be69
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateStringReference : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767726c7
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673bd91
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76772739
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - CallNtPowerInformation : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74c41e73
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - PowerDeterminePlatformRoleEx : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74c439e9
[IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - GetPwrCapabilities : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74c42e29
[IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRegisterInitializeSpy : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76739001
[IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRegisterMessageFilter : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76771ce2
[IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRevokeInitializeSpy : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767176c0
[IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - StopTraceW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77022e13
[IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - EnableTraceEx2 : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x770237e1
[IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - StartTraceW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x770255f7
[IAT:Addr] (explorer.exe) api-ms-win-service-management-l2-1-0.dll - QueryServiceConfigW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x7701b094
[IAT:Addr] (explorer.exe) api-ms-win-service-management-l2-1-0.dll - NotifyServiceStatusChangeW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77020f0c
[IAT:Addr] (explorer.exe) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7672ef27
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - GetIdentityProviderInfoByGUID : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x7701b65d
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - EnumerateIdentityProviders : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77018a90
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - ReleaseIdentityProviderEnumContext : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77018a6a
[IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - GetDefaultIdentityProvider : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77022eeb
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetAddAlternateComputerName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed66a7
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetEnumerateComputerNames : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed67b1
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetGetJoinInformation : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed2b89
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetGetJoinableOUs : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6931
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetJoinDomain : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed4409
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetRemoveAlternateComputerName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6a89
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetRenameMachineInDomain : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6b91
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetSetPrimaryComputerName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6c99
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetUnjoinDomain : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed431b
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseAdd : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed3324
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseDel : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed2fe8
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseEnum : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed30c1
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseGetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6da1
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetValidateName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6e41
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaGetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed2c99
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaSetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6fd1
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaStatisticsGet : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed70a9
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaTransportAdd : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed71b9
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaTransportDel : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7299
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaTransportEnum : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7371
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaUserEnum : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed74c5
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaUserGetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7615
[EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaUserSetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7709

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ST3320620AS ATA Device +++++
--- User ---
[MBR] 286a47ec1d825e6e5408e3b528a9eb83
[BSP] cdb3d16f6f7f7af4c5adeeec4c297cf1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 153657 MB
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 315410431 | Size: 151235 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] 4ea20397e70ebcb4dc329c53aab3aae2
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 128 | Size: 3874 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


============================================
RKreport_SCN_05302014_184933.log - RKreport_SCN_05312014_000235.log - RKreport_SCN_05312014_112723.log