RogueKiller V9.2.11.0 (x64) [Sep 9 2014] par Adlice Software Mail : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site Web : https://www.surlatoile.org/RogueKiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Démarrage : Mode normal Utilisateur : cherik [Droits d'admin] Mode : Recherche -- Date : 09/18/2014 19:00:54 ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrées de registre : 28 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> TROUVÉ [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> TROUVÉ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> TROUVÉ [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> TROUVÉ [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> TROUVÉ [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> TROUVÉ [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://google.com -> TROUVÉ [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://google.com -> TROUVÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Fichiers : 0 ¤¤¤ ¤¤¤ Fichier HOSTS : 2 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 platform.wondershare.com [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.acronis.com ¤¤¤ Antirootkit : 9 (Driver: CHARGE) ¤¤¤ [IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_CREATE[0] : Unknown @ 0xaf0c2c0 [IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0xaf0c2c0 [IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xaf0c2c0 [IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xaf0c2c0 [IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_POWER[22] : Unknown @ 0xaf0c2c0 [IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xaf0c2c0 [IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_PNP[27] : Unknown @ 0xaf0c2c0 [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\PxHlpa64 @ Unknown (\SystemRoot\system32\drivers\FileLock.sys) [Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHlpa64 @ Unknown (\SystemRoot\system32\drivers\FileLock.sys) ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ MBR Verif : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] de254cb435ded5a886226c6924447cf5 [BSP] f927d1b60f9da352f588875731df200c : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ --- User --- [MBR] 99d67ad14ce204318f92a9a128a74c0d [BSP] 53ac4ce9e8942b888d356d453bc5fc26 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07162014_142802.log - RKreport_DEL_07162014_190957.log - RKreport_DEL_07222014_123507.log - RKreport_DEL_07252014_205741.log RKreport_DEL_07302014_175414.log - RKreport_DEL_08182014_140243.log - RKreport_DEL_08192014_171134.log - RKreport_DEL_09032014_225112.log RKreport_DEL_09072014_132742.log - RKreport_DEL_09092014_123252.log - RKreport_SCN_07162014_141303.log - RKreport_SCN_07162014_142106.log RKreport_SCN_07162014_142611.log - RKreport_SCN_07162014_190935.log - RKreport_SCN_07222014_123236.log - RKreport_SCN_07252014_205407.log RKreport_SCN_07252014_205729.log - RKreport_SCN_07302014_173921.log - RKreport_SCN_07302014_174849.log - RKreport_SCN_08182014_135549.log RKreport_SCN_08192014_164349.log - RKreport_SCN_08192014_165229.log - RKreport_SCN_09032014_225029.log - RKreport_SCN_09032014_225427.log RKreport_SCN_09072014_130859.log - RKreport_SCN_09072014_131811.log - RKreport_SCN_09092014_121008.log - RKreport_SCN_09092014_122428.log