Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.8.15 _x64_ [Mar 27 2014] par Adlice Software
mail : http://www.adlice.com/contact/
Remontees : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 8 (6.2.9200 ) 64 bits version
Demarrage : Mode normal
Utilisateur : Dai [Droits d'admin]
Mode : Suppression -- Date : 05/21/2014 22:18:31
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskMachineUA.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][-] -> SUPPRIMÉ
[V2][SUSP PATH] GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][-] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
[Address] EAT @explorer.exe (BiChangeApplicationStateForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0AB80)
[Address] EAT @explorer.exe (BiChangeSessionState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F253D8)
[Address] EAT @explorer.exe (BiNotifyNewSession) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26F0C)
[Address] EAT @explorer.exe (BiPtActivateWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BCE0)
[Address] EAT @explorer.exe (BiPtAssociateActivationProxy) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F2A7EC)
[Address] EAT @explorer.exe (BiPtAssociateApplicationExtensionClass) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BBD0)
[Address] EAT @explorer.exe (BiPtCreateEventForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BAC0)
[Address] EAT @explorer.exe (BiPtDeleteEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BA50)
[Address] EAT @explorer.exe (BiPtDisassociateWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B9B0)
[Address] EAT @explorer.exe (BiPtEnumerateBrokeredEvents) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26A70)
[Address] EAT @explorer.exe (BiPtEnumerateWorkItemsForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B8C0)
[Address] EAT @explorer.exe (BiPtFreeMemory) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F05FE0)
[Address] EAT @explorer.exe (BiPtQueryBrokeredEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F05DF0)
[Address] EAT @explorer.exe (BiPtQuerySystemStateBroadcastChannels) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26A0C)
[Address] EAT @explorer.exe (BiPtQueryWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B804)
[Address] EAT @explorer.exe (BiPtSignalEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B738)
[Address] EAT @explorer.exe (BiPtSignalMultipleEvents) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B660)
[Address] EAT @explorer.exe (BiResetActiveSessionForPackage) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B57C)
[Address] EAT @explorer.exe (BiSetActiveSessionForPackage) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B4E0)
[Address] EAT @explorer.exe (BiUpdateLockScreenApplications) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B430)
[Address] EAT @explorer.exe (DllCanUnloadNow) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F01340)
[Address] EAT @explorer.exe (DllGetActivationFactory) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02F60)
[Address] EAT @explorer.exe (DllGetClassObject) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02110)
[Address] EAT @explorer.exe (PsmBlockAppStateChangeCompletion) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BDD4)
[Address] EAT @explorer.exe (PsmIsProcessInApplication) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F17D60)
[Address] EAT @explorer.exe (PsmQueryApplicationInformation) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F073F0)
[Address] EAT @explorer.exe (PsmQueryApplicationList) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02770)
[Address] EAT @explorer.exe (PsmQueryCurrentAppState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BD70)
[Address] EAT @explorer.exe (PsmQueryProcessList) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F024F0)
[Address] EAT @explorer.exe (PsmRegisterAppStateChangeNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0CF00)
[Address] EAT @explorer.exe (PsmRegisterApplicationNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F071E0)
[Address] EAT @explorer.exe (PsmSetApplicationState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0A870)
[Address] EAT @explorer.exe (PsmShutdownApplication) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BEC0)
[Address] EAT @explorer.exe (PsmUnblockAppStateChangeCompletion) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BE0C)
[Address] EAT @explorer.exe (PsmUnregisterAppStateChangeNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F10A68)
[Address] EAT @explorer.exe (PsmWaitForAppResume) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BE5C)
[Address] EAT @firefox.exe (DllMain) : fwpuclnt.dll -> HOOKED (C:\Windows\SysWOW64\napinsp.dll @ 0x73C01A02)
[Address] EAT @firefox.exe (NSPStartup) : fwpuclnt.dll -> HOOKED (C:\Windows\SysWOW64\napinsp.dll @ 0x73C01C76)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 9d74c5c9cfcebc03777b7f064cf4b41f
[BSP] bf0f3ed20e6d09918e00ff500dc446cc : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_05212014_221831.txt >>
RKreport[0]_S_05212014_135145.txt
mail : http://www.adlice.com/contact/
Remontees : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 8 (6.2.9200 ) 64 bits version
Demarrage : Mode normal
Utilisateur : Dai [Droits d'admin]
Mode : Suppression -- Date : 05/21/2014 22:18:31
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
¤¤¤ Tâches planifiées : 2 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskMachineUA.job : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][-] -> SUPPRIMÉ
[V2][SUSP PATH] GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][-] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
[Address] EAT @explorer.exe (BiChangeApplicationStateForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0AB80)
[Address] EAT @explorer.exe (BiChangeSessionState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F253D8)
[Address] EAT @explorer.exe (BiNotifyNewSession) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26F0C)
[Address] EAT @explorer.exe (BiPtActivateWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BCE0)
[Address] EAT @explorer.exe (BiPtAssociateActivationProxy) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F2A7EC)
[Address] EAT @explorer.exe (BiPtAssociateApplicationExtensionClass) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BBD0)
[Address] EAT @explorer.exe (BiPtCreateEventForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BAC0)
[Address] EAT @explorer.exe (BiPtDeleteEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BA50)
[Address] EAT @explorer.exe (BiPtDisassociateWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B9B0)
[Address] EAT @explorer.exe (BiPtEnumerateBrokeredEvents) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26A70)
[Address] EAT @explorer.exe (BiPtEnumerateWorkItemsForPackageName) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B8C0)
[Address] EAT @explorer.exe (BiPtFreeMemory) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F05FE0)
[Address] EAT @explorer.exe (BiPtQueryBrokeredEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F05DF0)
[Address] EAT @explorer.exe (BiPtQuerySystemStateBroadcastChannels) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F26A0C)
[Address] EAT @explorer.exe (BiPtQueryWorkItem) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B804)
[Address] EAT @explorer.exe (BiPtSignalEvent) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B738)
[Address] EAT @explorer.exe (BiPtSignalMultipleEvents) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B660)
[Address] EAT @explorer.exe (BiResetActiveSessionForPackage) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B57C)
[Address] EAT @explorer.exe (BiSetActiveSessionForPackage) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B4E0)
[Address] EAT @explorer.exe (BiUpdateLockScreenApplications) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7B430)
[Address] EAT @explorer.exe (DllCanUnloadNow) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F01340)
[Address] EAT @explorer.exe (DllGetActivationFactory) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02F60)
[Address] EAT @explorer.exe (DllGetClassObject) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02110)
[Address] EAT @explorer.exe (PsmBlockAppStateChangeCompletion) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BDD4)
[Address] EAT @explorer.exe (PsmIsProcessInApplication) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F17D60)
[Address] EAT @explorer.exe (PsmQueryApplicationInformation) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F073F0)
[Address] EAT @explorer.exe (PsmQueryApplicationList) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F02770)
[Address] EAT @explorer.exe (PsmQueryCurrentAppState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BD70)
[Address] EAT @explorer.exe (PsmQueryProcessList) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F024F0)
[Address] EAT @explorer.exe (PsmRegisterAppStateChangeNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0CF00)
[Address] EAT @explorer.exe (PsmRegisterApplicationNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F071E0)
[Address] EAT @explorer.exe (PsmSetApplicationState) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F0A870)
[Address] EAT @explorer.exe (PsmShutdownApplication) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BEC0)
[Address] EAT @explorer.exe (PsmUnblockAppStateChangeCompletion) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BE0C)
[Address] EAT @explorer.exe (PsmUnregisterAppStateChangeNotification) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F10A68)
[Address] EAT @explorer.exe (PsmWaitForAppResume) : SyncCenter.dll -> HOOKED (C:\Windows\System32\twinapi.dll @ 0x23F7BE5C)
[Address] EAT @firefox.exe (DllMain) : fwpuclnt.dll -> HOOKED (C:\Windows\SysWOW64\napinsp.dll @ 0x73C01A02)
[Address] EAT @firefox.exe (NSPStartup) : fwpuclnt.dll -> HOOKED (C:\Windows\SysWOW64\napinsp.dll @ 0x73C01C76)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 9d74c5c9cfcebc03777b7f064cf4b41f
[BSP] bf0f3ed20e6d09918e00ff500dc446cc : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_05212014_221831.txt >>
RKreport[0]_S_05212014_135145.txt