Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.2.8.0 (x64) [Jul 11 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Kaki [Droits d'admin]
Mode : Suppression -- Date : 08/15/2014 17:28:10
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 28 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginServices -> SUPPRIMÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginServices -> SUPPRIMÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> SUPPRIMÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> SUPPRIMÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> ERROR [2]
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> SUPPRIMÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> SUPPRIMÉ
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REMPLACÉ (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REMPLACÉ (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/?type=ds&ts=1408094175&from=adks&uid=TOSHIBAXMK5056GSY_606DFLI1SXX606DFLI1S&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/?type=ds&ts=1408094175&from=adks&uid=TOSHIBAXMK5056GSY_606DFLI1SXX606DFLI1S&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
¤¤¤ Tâches planifiées : 2 ¤¤¤
[Suspicious.Path] WSE_Astromenda.job -- C:\Users\Kaki\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> SUPPRIMÉ
[Suspicious.Path] \\WSE_Astromenda -- C:\Users\Kaki\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: CHARGE) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] bf71f433e49796a086ad8c01e5372036
[BSP] a87f5aefe79b4f344c4a08d74ec8a315 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 462351 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 947304448 | Size: 14285 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_08152014_172630.log
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : Kaki [Droits d'admin]
Mode : Suppression -- Date : 08/15/2014 17:28:10
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 28 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginServices -> SUPPRIMÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginServices -> SUPPRIMÉ
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> SUPPRIMÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> SUPPRIMÉ
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> ERROR [2]
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> SUPPRIMÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REMPLACÉ (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REMPLACÉ (2)
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> SUPPRIMÉ
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REMPLACÉ (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REMPLACÉ (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REMPLACÉ (0)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE -> REMPLACÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/?type=ds&ts=1408094175&from=adks&uid=TOSHIBAXMK5056GSY_606DFLI1SXX606DFLI1S&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2861097751-2107483224-206683470-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/?type=ds&ts=1408094175&from=adks&uid=TOSHIBAXMK5056GSY_606DFLI1SXX606DFLI1S&q={searchTerms} -> REMPLACÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
¤¤¤ Tâches planifiées : 2 ¤¤¤
[Suspicious.Path] WSE_Astromenda.job -- C:\Users\Kaki\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> SUPPRIMÉ
[Suspicious.Path] \\WSE_Astromenda -- C:\Users\Kaki\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE (/Check) -> SUPPRIMÉ
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: CHARGE) ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] bf71f433e49796a086ad8c01e5372036
[BSP] a87f5aefe79b4f344c4a08d74ec8a315 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 462351 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 947304448 | Size: 14285 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_08152014_172630.log