RogueKiller V8.8.15 _x64_ [Mar 27 2014] par Adlice Software mail : http://www.adlice.com/contact/ Remontees : http://forum.adlice.com Site Web : http://www.surlatoile.org/RogueKiller/ Blog : http://www.adlice.com Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : jn [Droits d'admin] Mode : Recherche -- Date : 05/02/2014 12:54:59 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 5 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : lollipop_04140812 ("c:\users\jn\appdata\local\lollipop\lollipop_04140812.exe" lollipop_04140812 [x][x]) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-3966723411-1028077592-1621804241-1662\[...]\Run : lollipop_04140812 ("c:\users\jn\appdata\local\lollipop\lollipop_04140812.exe" lollipop_04140812 [x][x]) -> TROUVÉ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 1 ¤¤¤ [FF][PUP] 6fxfn404.default : Quick Start ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ [Address] EAT @explorer.exe (AsyncGetClassBits) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC970B0) [Address] EAT @explorer.exe (AsyncInstallDistributionUnit) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC97210) [Address] EAT @explorer.exe (BindAsyncMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81F90) [Address] EAT @explorer.exe (CDLGetLongPathNameA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC978D0) [Address] EAT @explorer.exe (CDLGetLongPathNameW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC978E8) [Address] EAT @explorer.exe (CORPolicyProvider) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81674) [Address] EAT @explorer.exe (CoGetClassObjectFromURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC973FC) [Address] EAT @explorer.exe (CoInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC97460) [Address] EAT @explorer.exe (CoInternetCanonicalizeIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC45660) [Address] EAT @explorer.exe (CoInternetCombineIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC480A0) [Address] EAT @explorer.exe (CoInternetCombineUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC346A4) [Address] EAT @explorer.exe (CoInternetCombineUrlEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC343C0) [Address] EAT @explorer.exe (CoInternetCompareUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC85280) [Address] EAT @explorer.exe (CoInternetCreateSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC01EE0) [Address] EAT @explorer.exe (CoInternetCreateZoneManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC10810) [Address] EAT @explorer.exe (CoInternetFeatureSettingsChanged) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECC0284) [Address] EAT @explorer.exe (CoInternetGetProtocolFlags) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC8537C) [Address] EAT @explorer.exe (CoInternetGetSecurityUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC853D0) [Address] EAT @explorer.exe (CoInternetGetSecurityUrlEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC49CD0) [Address] EAT @explorer.exe (CoInternetGetSession) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC02460) [Address] EAT @explorer.exe (CoInternetIsFeatureEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC48DC0) [Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC451B8) [Address] EAT @explorer.exe (CoInternetIsFeatureEnabledForUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC41820) [Address] EAT @explorer.exe (CoInternetIsFeatureZoneElevationEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC8586C) [Address] EAT @explorer.exe (CoInternetParseIUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC356A8) [Address] EAT @explorer.exe (CoInternetParseUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC11490) [Address] EAT @explorer.exe (CoInternetQueryInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC47C50) [Address] EAT @explorer.exe (CoInternetSetFeatureEnabled) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC85AF4) [Address] EAT @explorer.exe (CompareSecurityIds) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC1D1A4) [Address] EAT @explorer.exe (CompatFlagsFromClsid) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC44044) [Address] EAT @explorer.exe (CopyBindInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC93020) [Address] EAT @explorer.exe (CopyStgMedium) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC0BA0C) [Address] EAT @explorer.exe (CreateAsyncBindCtx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC586C0) [Address] EAT @explorer.exe (CreateAsyncBindCtxEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC43D14) [Address] EAT @explorer.exe (CreateFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC268E0) [Address] EAT @explorer.exe (CreateIUriBuilder) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC03660) [Address] EAT @explorer.exe (CreateURLMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC5CCF4) [Address] EAT @explorer.exe (CreateURLMonikerEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC078D0) [Address] EAT @explorer.exe (CreateURLMonikerEx2) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC440F0) [Address] EAT @explorer.exe (CreateUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC016F0) [Address] EAT @explorer.exe (CreateUriFromMultiByteString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81EE4) [Address] EAT @explorer.exe (CreateUriPriv) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81EF8) [Address] EAT @explorer.exe (CreateUriWithFragment) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81F40) [Address] EAT @explorer.exe (DllCanUnloadNow) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC01600) [Address] EAT @explorer.exe (DllGetClassObject) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC4AB3C) [Address] EAT @explorer.exe (DllInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC82458) [Address] EAT @explorer.exe (DllRegisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC82464) [Address] EAT @explorer.exe (DllRegisterServerEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC5E070) [Address] EAT @explorer.exe (DllUnregisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC82470) [Address] EAT @explorer.exe (Extract) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC97F74) [Address] EAT @explorer.exe (FaultInIEFeature) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC98FE8) [Address] EAT @explorer.exe (FileBearsMarkOfTheWeb) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC36B60) [Address] EAT @explorer.exe (FindMediaType) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC82E9C) [Address] EAT @explorer.exe (FindMediaTypeClass) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC26080) [Address] EAT @explorer.exe (FindMimeFromData) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC450BC) [Address] EAT @explorer.exe (GetAddSitesFileUrl) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECC02B0) [Address] EAT @explorer.exe (GetClassFileOrMime) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC5B8EC) [Address] EAT @explorer.exe (GetClassURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC82074) [Address] EAT @explorer.exe (GetComponentIDFromCLSSPEC) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC992E8) [Address] EAT @explorer.exe (GetIDNFlagsForUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC1C7F0) [Address] EAT @explorer.exe (GetIUriPriv) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81F60) [Address] EAT @explorer.exe (GetIUriPriv2) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81F50) [Address] EAT @explorer.exe (GetLabelsFromNamedHost) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECC8B54) [Address] EAT @explorer.exe (GetMarkOfTheWeb) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB9390) [Address] EAT @explorer.exe (GetPortFromUrlScheme) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81E94) [Address] EAT @explorer.exe (GetPropertyFromName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81EA4) [Address] EAT @explorer.exe (GetPropertyName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81EB4) [Address] EAT @explorer.exe (GetSoftwareUpdateInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC5E070) [Address] EAT @explorer.exe (GetUrlmonThreadNotificationHwnd) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC5DEB4) [Address] EAT @explorer.exe (GetZoneFromAlternateDataStreamEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC06D90) [Address] EAT @explorer.exe (HlinkGoBack) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB6E78) [Address] EAT @explorer.exe (HlinkGoForward) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB6F24) [Address] EAT @explorer.exe (HlinkNavigateMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB6FD0) [Address] EAT @explorer.exe (HlinkNavigateString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB7004) [Address] EAT @explorer.exe (HlinkSimpleNavigateToMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB7038) [Address] EAT @explorer.exe (HlinkSimpleNavigateToString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB75E8) [Address] EAT @explorer.exe (IECompatLogCSSFix) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC912FC) [Address] EAT @explorer.exe (IEDllLoader) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC826F0) [Address] EAT @explorer.exe (IEGetUserPrivateNamespaceName) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC93244) [Address] EAT @explorer.exe (IEInstallScope) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC97554) [Address] EAT @explorer.exe (IntlPercentEncodeNormalize) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81F70) [Address] EAT @explorer.exe (IsAsyncMoniker) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC421FC) [Address] EAT @explorer.exe (IsDWORDProperty) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81EC4) [Address] EAT @explorer.exe (IsIntranetAvailable) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECC0668) [Address] EAT @explorer.exe (IsJITInProgress) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC1B328) [Address] EAT @explorer.exe (IsLoggingEnabledA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB855C) [Address] EAT @explorer.exe (IsLoggingEnabledW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB8688) [Address] EAT @explorer.exe (IsStringProperty) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC81ED4) [Address] EAT @explorer.exe (IsValidURL) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC37610) [Address] EAT @explorer.exe (MkParseDisplayNameEx) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC592F0) [Address] EAT @explorer.exe (ObtainUserAgentString) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC8DCE0) [Address] EAT @explorer.exe (PrivateCoInstall) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC97560) [Address] EAT @explorer.exe (QueryAssociations) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC1E9C0) [Address] EAT @explorer.exe (QueryClsidAssociation) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC90A8C) [Address] EAT @explorer.exe (RegisterBindStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC3F600) [Address] EAT @explorer.exe (RegisterFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC41C6C) [Address] EAT @explorer.exe (RegisterMediaTypeClass) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC820C0) [Address] EAT @explorer.exe (RegisterMediaTypes) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC82210) [Address] EAT @explorer.exe (RegisterWebPlatformPermanentSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC38C54) [Address] EAT @explorer.exe (ReleaseBindInfo) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC07D40) [Address] EAT @explorer.exe (RevokeBindStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC3FBF0) [Address] EAT @explorer.exe (RevokeFormatEnumerator) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC822CC) [Address] EAT @explorer.exe (SetAccessForIEAppContainer) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC93258) [Address] EAT @explorer.exe (SetSoftwareUpdateAdvertisementState) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC5E070) [Address] EAT @explorer.exe (ShouldDisplayPunycodeForUri) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC8DE50) [Address] EAT @explorer.exe (ShouldShowIntranetWarningSecband) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC43A3C) [Address] EAT @explorer.exe (ShowTrustAlertDialog) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECC0820) [Address] EAT @explorer.exe (URLDownloadA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC85CC4) [Address] EAT @explorer.exe (URLDownloadToCacheFileA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB7D9C) [Address] EAT @explorer.exe (URLDownloadToCacheFileW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC2A0C4) [Address] EAT @explorer.exe (URLDownloadToFileA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB7F10) [Address] EAT @explorer.exe (URLDownloadToFileW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC2EFD0) [Address] EAT @explorer.exe (URLDownloadW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC85D78) [Address] EAT @explorer.exe (URLOpenBlockingStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB8058) [Address] EAT @explorer.exe (URLOpenBlockingStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB8138) [Address] EAT @explorer.exe (URLOpenPullStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB821C) [Address] EAT @explorer.exe (URLOpenPullStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB82E0) [Address] EAT @explorer.exe (URLOpenStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB8408) [Address] EAT @explorer.exe (URLOpenStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB84D0) [Address] EAT @explorer.exe (UnregisterWebPlatformPermanentSecurityManager) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC5C9B4) [Address] EAT @explorer.exe (UrlMkBuildVersion) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC82804) [Address] EAT @explorer.exe (UrlMkGetSessionOption) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC13E60) [Address] EAT @explorer.exe (UrlMkSetSessionOption) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC3D0E4) [Address] EAT @explorer.exe (UrlmonCleanupCurrentThread) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFEC2A27C) [Address] EAT @explorer.exe (WriteHitLogging) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB85D0) [Address] EAT @explorer.exe (ZonesReInit) : NSI.dll -> HOOKED (C:\Windows\system32\urlmon.dll @ 0xFECB9C30) ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABD050 ATA Device +++++ --- User --- [MBR] e1fb215453be99d8d9562939e02ca522 [BSP] bc58ead512d7e06c6af6c7c787b65237 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_S_05022014_125459.txt >>