RogueKiller V8.8.7 [Feb 11 2014] par Tigzy mail : tigzyRKgmailcom Remontees : http://forum.adlice.com Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://www.adlice.com Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version Demarrage : Mode normal Utilisateur : kontamine [Droits d'admin] Mode : Suppression -- Date : 02/21/2014 20:10:46 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\kontamine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> SUPPRIMÉ [RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\kontamine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> [0x2] Le fichier spécifié est introuvable. [RUN][SUSP PATH] HKLM\[...]\RunOnce : upfst_fr_101.exe (C:\Users\kontamine\AppData\Local\fst_fr_101\upfst_fr_101.exe -runonce [7]) -> SUPPRIMÉ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ ¤¤¤ Tâches planifiées : 2 ¤¤¤ [V1][ROGUE ST] MediaPlayerEnhance-firefoxinstaller.job : C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe - /installxpi /agentregpath='MediaPlayerEnhance' /extensionfilepath='C:\Program Files\MediaPlayerEnhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-ads,shopping,intext,pops' /zdata='0' /bic=B04E9622C5534626A44C5979D4AFD1D3IE /verifier=6d396bd9249ea2c74f37a63db4be7f18 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1392999284 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com /extensionversion=0.93 /prefsbranch=a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/44150.rdf /extensionname='MediaPlayerEnhance' /extensiondesc='MediaPlayerEnhance Extension' /publishername='Feven' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [7][x][x][x][x][x][x][x][x][x][x][x] -> SUPPRIMÉ [V2][ROGUE ST] MediaPlayerEnhance-firefoxinstaller : C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe - /installxpi /agentregpath='MediaPlayerEnhance' /extensionfilepath='C:\Program Files\MediaPlayerEnhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-ads,shopping,intext,pops' /zdata='0' /bic=B04E9622C5534626A44C5979D4AFD1D3IE /verifier=6d396bd9249ea2c74f37a63db4be7f18 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1392999284 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com /extensionversion=0.93 /prefsbranch=a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/44150.rdf /extensionname='MediaPlayerEnhance' /extensiondesc='MediaPlayerEnhance Extension' /publishername='Feven' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [7][x][x][x][x][x][x][x][x][x][x][x] -> SUPPRIMÉ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [Faked][Fichier] Wdf01000.sys : C:\Windows\system32\drivers\Wdf01000.sys [-] --> IMPOSSIBLE DE REPARER ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\Users\Dood'z\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\Documents and Settings\kontamine\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65L5B1 +++++ --- User --- [MBR] af3b67d834ae118f088d399f8ff913f8 [BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 761111 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1558757376 | Size: 177866 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923028695 | Size: 14888 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB Flash Disk USB Device +++++ --- User --- [MBR] 325d1e6d4f5902de8f7a0fa369be4707 [BSP] 0e8f62cb9e92b7e43cbff03ff777ac1f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 247 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. ) Termine : << RKreport[0]_D_02212014_201046.txt >> RKreport[0]_S_02212014_200040.txt