cjoint

Publicité


Publicité

Format du document : text/x-log

Prévisualisation

RogueKiller V10.6.3.0 (x64) [May 11 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : Bernard64 [Administrateur]
Démarré depuis : C:\Users\Bernard64\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 05/14/2015 12:17:53

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 12 ¤¤¤
[Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Trouvé(e)
[Orphan] (X64) HKEY_USERS\S-1-5-21-913612614-1294717438-705540740-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} : -> Trouvé(e)
[Orphan] (X86) HKEY_USERS\S-1-5-21-913612614-1294717438-705540740-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} : -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-913612614-1294717438-705540740-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.lemonde.fr/ -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-913612614-1294717438-705540740-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.lemonde.fr/ -> Trouvé(e)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 99 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) ADVAPI32.dll - RegCreateKeyW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) kernel32.dll - DelayLoadFailureHook : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) GDI32.dll - GetRgnBox : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - CopyRect : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - iswalpha : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - WinSqmSetString : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHLWAPI.dll - StrStrIW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SHELL32.dll - SHCreateDataObject : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ole32.dll - CoInitializeEx : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) UxTheme.dll - GetThemeBackgroundExtent : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) POWRPROF.dll - CallNtPowerInformation : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) dwmapi.dll - DwmEnableBlurBehindWindow : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) slc.dll - SLGetWindowsInformationDWORD : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) gdiplus.dll - GdipSetInterpolationMode : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Secur32.dll - GetUserNameExW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) RPCRT4.dll - NdrClientCall3 : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) PROPSYS.dll - PSCreateMemoryPropertyStore : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WINMM.dll - PlaySoundW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) CFGMGR32.dll - CM_Request_Eject_PC : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WINSTA.dll - WinStationSetInformationW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) OLEACC.dll - CreateStdAccessibleProxyW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WINBRAND.dll - BrandingFormatString : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) DUI70.dll - UnInitProcessPriv : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) netutils.dll - NetApiBufferFree : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) wkscli.dll - NetGetJoinInformation : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) KERNELBASE.dll - BaseReleaseProcessExePath : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) CRYPTSP.dll - CryptSetProvParam : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WINTRUST.dll - WinVerifyTrust : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SSPICLI.DLL - LogonUserExExW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) CRYPTBASE.dll - SystemFunction004 : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WS2_32.dll - WSASocketW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) IPHLPAPI.DLL - GetBestRoute2 : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) LPK.dll - LpkGetCharacterPlacement : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USP10.dll - ScriptRecordDigitSubstitution : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) MPR.dll - WNetGetResourceInformationA : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) urlmon.dll - CreateFormatEnumerator : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) apphelp.dll - ApphelpCheckShellObject : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) CRYPT32.dll - CertCloseStore : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SETUPAPI.dll - SetupDiGetClassDevsW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USERENV.dll - ExpandEnvironmentStringsForUserW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) version.DLL - GetFileVersionInfoA : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WININET.dll - CreateUrlCacheEntryW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) samcli.dll - NetUserGetInfo : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) srvcli.dll - NetServerGetInfo : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) DAVHLPR.dll - DavFlushFile : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) CSCAPI.dll - OfflineFilesQueryStatus : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntshrui.dll - GetNetResourceFromLocalPathW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) LINKINFO.dll - IsValidLinkInfo : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) DUser.dll - ForwardGadgetMessage : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WindowsCodecs.dll - WICConvertBitmapSource : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) IMM32.dll - ImmGetDefaultIMEWnd : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) xmllite.dll - CreateXmlReader : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) CLBCatQ.DLL - GetCatalogObject : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) OLEAUT32.dll - BSTR_UserSize64 : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) wer.dll - WerReportAddDump : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) MSCTF.dll - CtfImeProcessCicHotkey : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) DEVOBJ.dll - DevObjOpenDeviceInterface : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) DEVRTL.dll - DevRtlGetThreadLogToken : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WINSPOOL.DRV - GetPrinterDriverDirectoryW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) HID.DLL - HidP_GetUsages : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) comctl32.dll - InitCommonControlsEx : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SAMLIB.dll - SamGetMembersInAlias : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) CRYPTUI.dll - CryptUIDlgViewSignerInfoW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WTSAPI32.dll - WTSQuerySessionInformationW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) MSASN1.dll - ASN1BEREncSX : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-shlwapi-l1-1-0.dll - PathGetDriveNumberW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-advapi32-l1-1-0.dll - RegSetValueExW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-user32-l1-1-0.dll - CharPrevA : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-normaliz-l1-1-0.dll - IdnToAscii : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) iertutil.dll - IsStringProperty : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-shlwapi-l2-1-0.dll - IStream_Reset : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-advapi32-l2-1-0.dll - ConvertStringSecurityDescriptorToSecurityDescriptorW : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) dhcpcsvc.DLL - DhcpRequestParams : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ksuser.dll - KsCreatePin : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) AVRT.dll - AvSetMmThreadPriority : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) MSACM32.dll - acmStreamSize : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) printui.dll - ShowErrorMessageSC : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) BatMeter.dll - IsBatteryLevelLow : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) shdocvw.dll - DllRegisterWindowClasses : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) nlaapi.dll - NlaCloseQuery : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) Wlanapi.dll - WlanOpenHandle : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) wlanutil.dll - WlanSsidToDisplayName : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) NSI.dll - NsiSetParameter : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WINNSI.DLL - NsiRpcDeregisterChangeNotification : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) dhcpcsvc6.DLL - Dhcpv6QueryLeaseInfo : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) QUtil.dll - FreeIsolationInfo : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) wevtapi.dll - EvtSubscribe : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) wwapi.dll - WwanRegister : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) api-ms-win-downlevel-shell32-l1-1-0.dll - SetCurrentProcessExplicitAppUserModelID : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) FXSAPI.dll - FaxAccessCheckEx : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) WSCAPI.dll - WscRegisterForChanges : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) wercplsupport.dll - WerComGetAdminStores : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) puiapi.dll - STRAPI_FormatMsg : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) MSVCR100.dll - wcscpy_s : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) SYNCENG.dll - OpenBriefcase : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) sfc.dll - SfcIsFileProtected : Unknown @ 0x22ff5e09 (call 0x20d85e07)
[IAT:Inl(Hook.IEAT)] (explorer.exe) PSAPI.DLL - QueryWorkingSetEx : Unknown @ 0x22ff5e09 (call 0x20d85e07)

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] lau1y6db.default : user_pref("browser.startup.homepage", "lemonde.fr"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
--- User ---
[MBR] 8484ab359218130f31aeef46b083333f
[BSP] bcc728f48f34cee78cb279e3a1fd91f3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238474 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EZEX-00M2NA0 ATA Device +++++
--- User ---
[MBR] f18254e8aa42ac52884fd8f3757d0e0d
[BSP] 3f850965e0629ca1578b5b53a1c16161 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 857829 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1756837888 | Size: 96037 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Brother MFC-290C USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )


============================================
RKreport_SCN_05142015_121000.log

Publicité


Signaler le contenu de ce document

Publicité