Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.8.7 [Feb 11 2014] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : kontamine [Droits d'admin]
Mode : Suppression -- Date : 02/21/2014 20:10:46
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\kontamine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\kontamine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][SUSP PATH] HKLM\[...]\RunOnce : upfst_fr_101.exe (C:\Users\kontamine\AppData\Local\fst_fr_101\upfst_fr_101.exe -runonce [7]) -> SUPPRIMÉ
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][ROGUE ST] MediaPlayerEnhance-firefoxinstaller.job : C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe - /installxpi /agentregpath='MediaPlayerEnhance' /extensionfilepath='C:\Program Files\MediaPlayerEnhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-ads,shopping,intext,pops' /zdata='0' /bic=B04E9622C5534626A44C5979D4AFD1D3IE /verifier=6d396bd9249ea2c74f37a63db4be7f18 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1392999284 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com /extensionversion=0.93 /prefsbranch=a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/44150.rdf /extensionname='MediaPlayerEnhance' /extensiondesc='MediaPlayerEnhance Extension' /publishername='Feven' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [7][x][x][x][x][x][x][x][x][x][x][x] -> SUPPRIMÉ
[V2][ROGUE ST] MediaPlayerEnhance-firefoxinstaller : C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe - /installxpi /agentregpath='MediaPlayerEnhance' /extensionfilepath='C:\Program Files\MediaPlayerEnhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-ads,shopping,intext,pops' /zdata='0' /bic=B04E9622C5534626A44C5979D4AFD1D3IE /verifier=6d396bd9249ea2c74f37a63db4be7f18 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1392999284 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com /extensionversion=0.93 /prefsbranch=a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/44150.rdf /extensionname='MediaPlayerEnhance' /extensiondesc='MediaPlayerEnhance Extension' /publishername='Feven' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [7][x][x][x][x][x][x][x][x][x][x][x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[Faked][Fichier] Wdf01000.sys : C:\Windows\system32\drivers\Wdf01000.sys [-] --> IMPOSSIBLE DE REPARER
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Dood'z\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\kontamine\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65L5B1 +++++
--- User ---
[MBR] af3b67d834ae118f088d399f8ff913f8
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 761111 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1558757376 | Size: 177866 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923028695 | Size: 14888 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB Flash Disk USB Device +++++
--- User ---
[MBR] 325d1e6d4f5902de8f7a0fa369be4707
[BSP] 0e8f62cb9e92b7e43cbff03ff777ac1f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 247 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_D_02212014_201046.txt >>
RKreport[0]_S_02212014_200040.txt
mail : tigzyRK
Remontees : http://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : kontamine [Droits d'admin]
Mode : Suppression -- Date : 02/21/2014 20:10:46
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\kontamine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : NextLive (C:\Windows\system32\rundll32.exe "C:\Users\kontamine\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][SUSP PATH] HKLM\[...]\RunOnce : upfst_fr_101.exe (C:\Users\kontamine\AppData\Local\fst_fr_101\upfst_fr_101.exe -runonce [7]) -> SUPPRIMÉ
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][ROGUE ST] MediaPlayerEnhance-firefoxinstaller.job : C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe - /installxpi /agentregpath='MediaPlayerEnhance' /extensionfilepath='C:\Program Files\MediaPlayerEnhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-ads,shopping,intext,pops' /zdata='0' /bic=B04E9622C5534626A44C5979D4AFD1D3IE /verifier=6d396bd9249ea2c74f37a63db4be7f18 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1392999284 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com /extensionversion=0.93 /prefsbranch=a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/44150.rdf /extensionname='MediaPlayerEnhance' /extensiondesc='MediaPlayerEnhance Extension' /publishername='Feven' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [7][x][x][x][x][x][x][x][x][x][x][x] -> SUPPRIMÉ
[V2][ROGUE ST] MediaPlayerEnhance-firefoxinstaller : C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe - /installxpi /agentregpath='MediaPlayerEnhance' /extensionfilepath='C:\Program Files\MediaPlayerEnhance\44150.xpi' /appid=44150 /srcid='000555' /subid='verticals-ads,shopping,intext,pops' /zdata='0' /bic=B04E9622C5534626A44C5979D4AFD1D3IE /verifier=6d396bd9249ea2c74f37a63db4be7f18 /installerversion=1_34_2_13 /installerfullversion=1.34.2.13 /installationtime=1392999284 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com /extensionversion=0.93 /prefsbranch=a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150 /updateurl=hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/44150.rdf /extensionname='MediaPlayerEnhance' /extensiondesc='MediaPlayerEnhance Extension' /publishername='Feven' /defbro=ch /allusers /allprofiles /checkfflist /autoupdateulr='hxxp://update.srvstatsdata.com/ff_agent_updates/{CAMP_ID}/update.json' /runfrom='task' /externallog='' [7][x][x][x][x][x][x][x][x][x][x][x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[Faked][Fichier] Wdf01000.sys : C:\Windows\system32\drivers\Wdf01000.sys [-] --> IMPOSSIBLE DE REPARER
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Dood'z\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\kontamine\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65L5B1 +++++
--- User ---
[MBR] af3b67d834ae118f088d399f8ff913f8
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 761111 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1558757376 | Size: 177866 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923028695 | Size: 14888 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB Flash Disk USB Device +++++
--- User ---
[MBR] 325d1e6d4f5902de8f7a0fa369be4707
[BSP] 0e8f62cb9e92b7e43cbff03ff777ac1f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 247 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_D_02212014_201046.txt >>
RKreport[0]_S_02212014_200040.txt