Format du document : text/x-log
Prévisualisation
RogueKiller V10.1.0.0 [Dec 11 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : Robert [Administrateur]
Mode : Suppression -- Date : 12/21/2014 22:13:33
¤¤¤ Processus : 1 ¤¤¤
[Suspicious.Path] SoundSwitch.exe -- C:\Users\Robert\AppData\Local\Apps\2.0\AG6A3X9D.RTK\X0GP739M.4JW\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe[-] -> Tué(e) [TermProc]
¤¤¤ Registre : 6 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 192.168.0.1 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 192.168.0.1 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 109.88.203.3 192.168.0.1 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68907ED4-BC7F-4823-A10D-76B9817BA4B9} | DhcpNameServer : 109.88.203.3 192.168.0.1 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{68907ED4-BC7F-4823-A10D-76B9817BA4B9} | DhcpNameServer : 109.88.203.3 192.168.0.1 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{68907ED4-BC7F-4823-A10D-76B9817BA4B9} | DhcpNameServer : 109.88.203.3 192.168.0.1 [(Unknown Country?) (XX)] -> Remplacé(e) ()
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 22 (Driver: Chargé) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk5\DR5 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk4\DR4 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk3\DR3 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk2\DR2 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x730207ae (jmp 0xfffffffffbdef23d|jmp 0xffffffffffffdd32|call 0x1fe)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x730207ae (jmp 0xfffffffffbdf5a45|jmp 0xffffffffffffe15a|call 0x1fe)
[IAT:Inl] (explorer.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x730207ae (jmp 0xfffffffffc1734ad|jmp 0xffffffffffffedd2|call 0x1fe)
[IAT:Inl] (explorer.exe) USER32.dll - GetMessageW : Unknown @ 0x730207ae (jmp 0xfffffffffc166781|jmp 0xffffffffffffd022|call 0x1fe)
[IAT:Inl] (explorer.exe) USER32.dll - PostMessageW : Unknown @ 0x730207ae (jmp 0xfffffffffc16f21e|jmp 0xffffffffffffcef2|call 0x1fe)
[IAT:Inl] (explorer.exe) USER32.dll - SetWinEventHook : Unknown @ 0x730207ae (jmp 0xfffffffffc16fcf5|jmp 0xffffffffffffe3ba|call 0x1fe)
[IAT:Inl] (explorer.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x730207ae (jmp 0xfffffffffbf2ba70|jmp 0xffffffffffffdc02|call 0x1fe)
[IAT:Inl] (explorer.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x730207ae (jmp 0xfffffffffd772217|jmp 0xffffffffffffe582|call 0x1fe)
[IAT:Inl] (explorer.exe) USER32.dll - GetMessageA : Unknown @ 0x730207ae (jmp 0xfffffffffc171c38|jmp 0xffffffffffffd0ba|call 0x1fe)
[IAT:Inl] (explorer.exe) USER32.dll - PostMessageA : Unknown @ 0x730207ae (jmp 0xfffffffffc1781bb|jmp 0xffffffffffffcf8a|call 0x1fe)
[IAT:Inl] (explorer.exe) KERNEL32.dll - MoveFileExW : Unknown @ 0x730207ae (jmp 0xfffffffffd76a151|jmp 0xffffffffffffd57a|call 0x1fe)
[IAT:Inl] (explorer.exe) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x730207ae (jmp 0xfffffffffd7b1591|jmp 0xffffffffffffd1ea|call 0x1fe)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - CreateServiceW : Unknown @ 0x730207ae (jmp 0xfffffffffbddb9f5|jmp 0xffffffffffffdad2|call 0x1fe)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - ChangeServiceConfigW : Unknown @ 0x730207ae (jmp 0xfffffffffbdbf5bd|jmp 0xffffffffffffddca|call 0x1fe)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - DeleteService : Unknown @ 0x730207ae (jmp 0xfffffffffbddb59d|jmp 0xffffffffffffdefa|call 0x1fe)
[IAT:Inl] (explorer.exe) ADVAPI32.dll - ControlService : Unknown @ 0x730207ae (jmp 0xfffffffffbddb51d|jmp 0xffffffffffffdf92|call 0x1fe)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DL 002-9TT153 SCSI Disk Device +++++
--- User ---
[MBR] 34339f1f28ef4a2425ba93efa3cc56ea
[BSP] c620bde3537309e9bea920fc62b617da : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1008 | Size: 953869 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )
+++++ PhysicalDrive1: WDC WD10 EADS-65L5B1 SCSI Disk Device +++++
--- User ---
[MBR] defb254cc719ff4ecdfdd7394c52488b
[BSP] b989ef8b47b6a728986a3dfe11336127 : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 374225 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 766429016 | Size: 579636 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )
+++++ PhysicalDrive2: ST332062 0AS SCSI Disk Device +++++
--- User ---
[MBR] b2901b9109068dccdc59b5f3186b0e9a
[BSP] c423d16b775511172f6ca563ef140b4c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16071 | Size: 305234 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )
+++++ PhysicalDrive3: M4-CT064 M4SSD2 SCSI Disk Device +++++
--- User ---
[MBR] 3280bfe0c20cae23d026451a3db79d94
[BSP] 7ca6b6bcc57150242e21e3ba84dfd68d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 61051 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )
+++++ PhysicalDrive4: WD Elements 1042 USB Device +++++
--- User ---
[MBR] 46aa76fd52cf88867a6bcff9a09bba8e
[BSP] 21e3b9b7bc966cef2269498d52778a62 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive5: Canon MG5200 series USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_DEL_12212014_131216.log - RKreport_DEL_12212014_174752.log - RKreport_DEL_12212014_195606.log - RKreport_DEL_12212014_213746.log
RKreport_DEL_12212014_213830.log - RKreport_SCN_12212014_130819.log - RKreport_SCN_12212014_173521.log - RKreport_SCN_12212014_180053.log
RKreport_SCN_12212014_201449.log - RKreport_SCN_12212014_213639.log - RKreport_SCN_12212014_221234.log