cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Jérémy [Droits d'admin]
Mode : Suppression -- Date : 09/10/2014 20:07:08

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrées de registre : 27 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR () -> SUPPRIMÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR () -> SUPPRIMÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR () -> SUPPRIMÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> SUPPRIMÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.sfr.fr/portail.html -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.sfr.fr/portail.html -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3573598656-2148803446-1735575328-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> SUPPRIMÉ

¤¤¤ Antirootkit : 20 (Driver: CHARGE) ¤¤¤
[EAT:Addr] (explorer.exe) wpdshext.dll - CoCreateActivity : C:\Windows\system32\comsvcs.dll @ 0x7feec85fcb0
[EAT:Addr] (explorer.exe) wpdshext.dll - CoEnterServiceDomain : C:\Windows\system32\comsvcs.dll @ 0x7feec850668
[EAT:Addr] (explorer.exe) wpdshext.dll - CoLeaveServiceDomain : C:\Windows\system32\comsvcs.dll @ 0x7feec850938
[EAT:Addr] (explorer.exe) wpdshext.dll - CoLoadServices : C:\Windows\system32\comsvcs.dll @ 0x7feec89992c
[EAT:Addr] (explorer.exe) wpdshext.dll - ComSvcsExceptionFilter : C:\Windows\system32\comsvcs.dll @ 0x7feec83dc14
[EAT:Addr] (explorer.exe) wpdshext.dll - ComSvcsLogError : C:\Windows\system32\comsvcs.dll @ 0x7feec850e2c
[EAT:Addr] (explorer.exe) wpdshext.dll - CosGetCallContext : C:\Windows\system32\comsvcs.dll @ 0x7feec854c74
[EAT:Addr] (explorer.exe) wpdshext.dll - DispManGetContext : C:\Windows\system32\comsvcs.dll @ 0x7feec833d70
[EAT:Addr] (explorer.exe) wpdshext.dll - DllCanUnloadNow : C:\Windows\system32\comsvcs.dll @ 0x7feec83d808
[EAT:Addr] (explorer.exe) wpdshext.dll - DllGetClassObject : C:\Windows\system32\comsvcs.dll @ 0x7feec8336b0
[EAT:Addr] (explorer.exe) wpdshext.dll - DllRegisterServer : C:\Windows\system32\comsvcs.dll @ 0x7feec833494
[EAT:Addr] (explorer.exe) wpdshext.dll - DllUnregisterServer : C:\Windows\system32\comsvcs.dll @ 0x7feec833494
[EAT:Addr] (explorer.exe) wpdshext.dll - GetMTAThreadPoolMetrics : C:\Windows\system32\comsvcs.dll @ 0x7feec83de20
[EAT:Addr] (explorer.exe) wpdshext.dll - GetManagedExtensions : C:\Windows\system32\comsvcs.dll @ 0x7feec83e1b4
[EAT:Addr] (explorer.exe) wpdshext.dll - GetObjectContext : C:\Windows\system32\comsvcs.dll @ 0x7feec850dfc
[EAT:Addr] (explorer.exe) wpdshext.dll - GetTrkSvrObject : C:\Windows\system32\comsvcs.dll @ 0x7feec83dd48
[EAT:Addr] (explorer.exe) wpdshext.dll - MTSCreateActivity : C:\Windows\system32\comsvcs.dll @ 0x7feec85fd90
[EAT:Addr] (explorer.exe) wpdshext.dll - MiniDumpW : C:\Windows\system32\comsvcs.dll @ 0x7feec83dea4
[EAT:Addr] (explorer.exe) wpdshext.dll - RecycleSurrogate : C:\Windows\system32\comsvcs.dll @ 0x7feec85116c
[EAT:Addr] (explorer.exe) wpdshext.dll - SafeRef : C:\Windows\system32\comsvcs.dll @ 0x7feec850f14

¤¤¤ Navigateurs web : 6 ¤¤¤
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> SUPPRIMÉ
[CHROME:Addon] Default : Google Voice Search Hotword (Beta) [bepbmhgboaologfdajaanbcjmnhjmhfn] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ST950032 5AS SCSI Disk Device +++++
--- User ---
[MBR] b35cd8c5d1058d4ad7c0c695c10785a9
[BSP] ba7218981e13a587b0937e6cd93cfb0a : HP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 14998 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 30717952 | Size: 119231 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 274905088 | Size: 342708 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Fonction incorrecte. )


============================================
RKreport_SCN_09102014_174849.log - RKreport_SCN_09102014_200359.log

Publicité


Signaler le contenu de ce document

Publicité