Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.2.1.0 (x64) [Jun 23 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : guillaume [Droits d'admin]
Mode : Suppression -- Date : 07/09/2014 18:33:28
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 16 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> SUPPRIMÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> SUPPRIMÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 1 ¤¤¤
[Suspicious.Path|Keylogger] \Microsoft\Windows\RVLKL\RVLKL -- C:\ProgramData\rvlkl\rvlkl.exe (/b) -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 12 (Driver: CHARGE) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass3 : \Driver\vmkbd2 @ Unknown (\SystemRoot\system32\DRIVERS\raspppoe.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\vmkbd2 @ Unknown (\SystemRoot\system32\DRIVERS\raspppoe.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass1 : \Driver\vmkbd2 @ Unknown (\SystemRoot\system32\DRIVERS\raspppoe.sys)
[EAT:Addr] (explorer.exe) syncui.dll - AddFileToReport : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2220
[EAT:Addr] (explorer.exe) syncui.dll - CrashServer_SendAssertionViolated : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb1a70
[EAT:Addr] (explorer.exe) syncui.dll - GetVersionFromApp : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2980
[EAT:Addr] (explorer.exe) syncui.dll - GetVersionFromFile : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2860
[EAT:Addr] (explorer.exe) syncui.dll - InitCrashHandler : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb1d10
[EAT:Addr] (explorer.exe) syncui.dll - IsReadyToExit : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb29f0
[EAT:Addr] (explorer.exe) syncui.dll - RemoveFileFromReport : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2760
[EAT:Addr] (explorer.exe) syncui.dll - SendReport : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb1830
¤¤¤ Navigateurs web : 1 ¤¤¤
[CHROME:Addon] Default : Enhance Browser [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> SUPPRIMÉ
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 72a49f0a571d27fff3435cecdd758056
[BSP] c72a17ded58f591d5d8b7e89519867da : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244196 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] fc1d715d3c4b96483473918fa17d8413
[BSP] baf4823e90ebe59aeea6bbc2e446c83f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: WD Elements 1048 USB Device +++++
--- User ---
[MBR] 7e7ce113bc15bf4aca5d0a2ab9c7a5e2
[BSP] 34ed1411064840526a54f7f1e293b1c4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_07092014_170523.log - RKreport_SCN_07092014_183010.log
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : guillaume [Droits d'admin]
Mode : Suppression -- Date : 07/09/2014 18:33:28
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 16 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> SUPPRIMÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> SUPPRIMÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664552395-1626294200-2592763016-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
¤¤¤ Tâches planifiées : 1 ¤¤¤
[Suspicious.Path|Keylogger] \Microsoft\Windows\RVLKL\RVLKL -- C:\ProgramData\rvlkl\rvlkl.exe (/b) -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 12 (Driver: CHARGE) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass3 : \Driver\vmkbd2 @ Unknown (\SystemRoot\system32\DRIVERS\raspppoe.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\vmkbd2 @ Unknown (\SystemRoot\system32\DRIVERS\raspppoe.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass1 : \Driver\vmkbd2 @ Unknown (\SystemRoot\system32\DRIVERS\raspppoe.sys)
[EAT:Addr] (explorer.exe) syncui.dll - AddFileToReport : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2220
[EAT:Addr] (explorer.exe) syncui.dll - CrashServer_SendAssertionViolated : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb1a70
[EAT:Addr] (explorer.exe) syncui.dll - GetVersionFromApp : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2980
[EAT:Addr] (explorer.exe) syncui.dll - GetVersionFromFile : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2860
[EAT:Addr] (explorer.exe) syncui.dll - InitCrashHandler : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb1d10
[EAT:Addr] (explorer.exe) syncui.dll - IsReadyToExit : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb29f0
[EAT:Addr] (explorer.exe) syncui.dll - RemoveFileFromReport : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb2760
[EAT:Addr] (explorer.exe) syncui.dll - SendReport : C:\Program Files\TortoiseSVN\bin\crshhndl.dll @ 0x7feedfb1830
¤¤¤ Navigateurs web : 1 ¤¤¤
[CHROME:Addon] Default : Enhance Browser [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> SUPPRIMÉ
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 72a49f0a571d27fff3435cecdd758056
[BSP] c72a17ded58f591d5d8b7e89519867da : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244196 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] fc1d715d3c4b96483473918fa17d8413
[BSP] baf4823e90ebe59aeea6bbc2e446c83f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: WD Elements 1048 USB Device +++++
--- User ---
[MBR] 7e7ce113bc15bf4aca5d0a2ab9c7a5e2
[BSP] 34ed1411064840526a54f7f1e293b1c4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_07092014_170523.log - RKreport_SCN_07092014_183010.log