RogueKiller V8.8.15 _x64_ [Mar 27 2014] par Adlice Software mail : http://www.adlice.com/contact/ Remontees : http://forum.adlice.com Site Web : http://www.surlatoile.org/RogueKiller/ Blog : http://www.adlice.com Systeme d'exploitation : Windows 8 (6.2.9200 ) 64 bits version Demarrage : Mode normal Utilisateur : Dai [Droits d'admin] Mode : Suppression -- Date : 05/21/2014 22:18:31 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2) [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2) ¤¤¤ Tâches planifiées : 2 ¤¤¤ [V1][SUSP PATH] GoogleUpdateTaskMachineUA.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][-] -> SUPPRIMÉ [V2][SUSP PATH] GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][-] -> SUPPRIMÉ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ [Address] EAT @explorer.exe (BiChangeApplicationStateForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0AB80) [Address] EAT @explorer.exe (BiChangeSessionState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F253D8) [Address] EAT @explorer.exe (BiNotifyNewSession) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26F0C) [Address] EAT @explorer.exe (BiPtActivateWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BCE0) [Address] EAT @explorer.exe (BiPtAssociateActivationProxy) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F2A7EC) [Address] EAT @explorer.exe (BiPtAssociateApplicationExtensionClass) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BBD0) [Address] EAT @explorer.exe (BiPtCreateEventForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BAC0) [Address] EAT @explorer.exe (BiPtDeleteEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BA50) [Address] EAT @explorer.exe (BiPtDisassociateWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B9B0) [Address] EAT @explorer.exe (BiPtEnumerateBrokeredEvents) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26A70) [Address] EAT @explorer.exe (BiPtEnumerateWorkItemsForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B8C0) [Address] EAT @explorer.exe (BiPtFreeMemory) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F05FE0) [Address] EAT @explorer.exe (BiPtQueryBrokeredEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F05DF0) [Address] EAT @explorer.exe (BiPtQuerySystemStateBroadcastChannels) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26A0C) [Address] EAT @explorer.exe (BiPtQueryWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B804) [Address] EAT @explorer.exe (BiPtSignalEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B738) [Address] EAT @explorer.exe (BiPtSignalMultipleEvents) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B660) [Address] EAT @explorer.exe (BiResetActiveSessionForPackage) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B57C) [Address] EAT @explorer.exe (BiSetActiveSessionForPackage) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B4E0) [Address] EAT @explorer.exe (BiUpdateLockScreenApplications) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B430) [Address] EAT @explorer.exe (DllCanUnloadNow) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F01340) [Address] EAT @explorer.exe (DllGetActivationFactory) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02F60) [Address] EAT @explorer.exe (DllGetClassObject) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02110) [Address] EAT @explorer.exe (PsmBlockAppStateChangeCompletion) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BDD4) [Address] EAT @explorer.exe (PsmIsProcessInApplication) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F17D60) [Address] EAT @explorer.exe (PsmQueryApplicationInformation) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F073F0) [Address] EAT @explorer.exe (PsmQueryApplicationList) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02770) [Address] EAT @explorer.exe (PsmQueryCurrentAppState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BD70) [Address] EAT @explorer.exe (PsmQueryProcessList) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F024F0) [Address] EAT @explorer.exe (PsmRegisterAppStateChangeNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0CF00) [Address] EAT @explorer.exe (PsmRegisterApplicationNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F071E0) [Address] EAT @explorer.exe (PsmSetApplicationState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0A870) [Address] EAT @explorer.exe (PsmShutdownApplication) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BEC0) [Address] EAT @explorer.exe (PsmUnblockAppStateChangeCompletion) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BE0C) [Address] EAT @explorer.exe (PsmUnregisterAppStateChangeNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F10A68) [Address] EAT @explorer.exe (PsmWaitForAppResume) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BE5C) [Address] EAT @firefox.exe (DllMain) : fwpuclnt.dll -> HOOKED (C:\Windows\SysWOW64\napinsp.dll @ 0x73C01A02) [Address] EAT @firefox.exe (NSPStartup) : fwpuclnt.dll -> HOOKED (C:\Windows\SysWOW64\napinsp.dll @ 0x73C01C76) ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000LM024 HN-M101MBB +++++ --- User --- [MBR] 9d74c5c9cfcebc03777b7f064cf4b41f [BSP] bf0f3ed20e6d09918e00ff500dc446cc : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_D_05212014_221831.txt >> RKreport[0]_S_05212014_135145.txt