Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.0.2.0 [Jun 3 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Démarrage : Mode normal
Utilisateur : Chris [Droits d'admin]
Mode : Recherche -- Date : 06/07/2014 13:34:20
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> TROUVÉ
[PUM.Policies] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> TROUVÉ
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 20 ¤¤¤
[SSDT:Addr] NtWriteVirtualMemory[358] : C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys @ 0x9135dda0
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_POWER[22] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_PNP[27] : Unknown @ 0x8557a1f8
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetMultiByteToUnicode : C:\Windows\system32\MLANG.dll @ 0x66d12727
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetReset : C:\Windows\system32\MLANG.dll @ 0x66d11532
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetString : C:\Windows\system32\MLANG.dll @ 0x66d126fb
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetUnicodeToMultiByte : C:\Windows\system32\MLANG.dll @ 0x66d01b69
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - DllCanUnloadNow : C:\Windows\system32\MLANG.dll @ 0x66d03866
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - DllGetClassObject : C:\Windows\system32\MLANG.dll @ 0x66d02434
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - GetGlobalFontLinkObject : C:\Windows\system32\MLANG.dll @ 0x66d17f3c
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - IsConvertINetStringAvailable : C:\Windows\system32\MLANG.dll @ 0x66d0765d
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - LcidToRfc1766A : C:\Windows\system32\MLANG.dll @ 0x66d0f69d
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - LcidToRfc1766W : C:\Windows\system32\MLANG.dll @ 0x66d04877
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - Rfc1766ToLcidA : C:\Windows\system32\MLANG.dll @ 0x66d0f638
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - Rfc1766ToLcidW : C:\Windows\system32\MLANG.dll @ 0x66d04971
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 +++++
--- User ---
[MBR] 583b9119715b9b5bae24e448af885ee1
[BSP] e64b500bbf18472a140652b272add5a3 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20973568 | Size: 114116 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 254683136 | Size: 110489 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 480964608 | Size: 3628 MB
User = LL1 ... OK
User = LL2 ... OK
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Démarrage : Mode normal
Utilisateur : Chris [Droits d'admin]
Mode : Recherche -- Date : 06/07/2014 13:34:20
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> TROUVÉ
[PUM.Policies] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> TROUVÉ
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> TROUVÉ
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3529132559-2383191673-617642161-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 20 ¤¤¤
[SSDT:Addr] NtWriteVirtualMemory[358] : C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys @ 0x9135dda0
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_POWER[22] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8557a1f8
[IRP:Addr] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_PNP[27] : Unknown @ 0x8557a1f8
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetMultiByteToUnicode : C:\Windows\system32\MLANG.dll @ 0x66d12727
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetReset : C:\Windows\system32\MLANG.dll @ 0x66d11532
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetString : C:\Windows\system32\MLANG.dll @ 0x66d126fb
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - ConvertINetUnicodeToMultiByte : C:\Windows\system32\MLANG.dll @ 0x66d01b69
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - DllCanUnloadNow : C:\Windows\system32\MLANG.dll @ 0x66d03866
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - DllGetClassObject : C:\Windows\system32\MLANG.dll @ 0x66d02434
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - GetGlobalFontLinkObject : C:\Windows\system32\MLANG.dll @ 0x66d17f3c
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - IsConvertINetStringAvailable : C:\Windows\system32\MLANG.dll @ 0x66d0765d
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - LcidToRfc1766A : C:\Windows\system32\MLANG.dll @ 0x66d0f69d
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - LcidToRfc1766W : C:\Windows\system32\MLANG.dll @ 0x66d04877
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - Rfc1766ToLcidA : C:\Windows\system32\MLANG.dll @ 0x66d0f638
[EAT:Addr] (explorer.exe) PhotoMetadataHandler.dll - Rfc1766ToLcidW : C:\Windows\system32\MLANG.dll @ 0x66d04971
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 +++++
--- User ---
[MBR] 583b9119715b9b5bae24e448af885ee1
[BSP] e64b500bbf18472a140652b272add5a3 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20973568 | Size: 114116 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 254683136 | Size: 110489 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 480964608 | Size: 3628 MB
User = LL1 ... OK
User = LL2 ... OK