Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.2.11.0 (x64) [Sep 9 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : cherik [Droits d'admin]
Mode : Recherche -- Date : 09/18/2014 19:00:54
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 28 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> TROUVÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> TROUVÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> TROUVÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://google.com -> TROUVÉ
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://google.com -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 platform.wondershare.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.acronis.com
¤¤¤ Antirootkit : 9 (Driver: CHARGE) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_CREATE[0] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_POWER[22] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_PNP[27] : Unknown @ 0xaf0c2c0
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\PxHlpa64 @ Unknown (\SystemRoot\system32\drivers\FileLock.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHlpa64 @ Unknown (\SystemRoot\system32\drivers\FileLock.sys)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] de254cb435ded5a886226c6924447cf5
[BSP] f927d1b60f9da352f588875731df200c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 99d67ad14ce204318f92a9a128a74c0d
[BSP] 53ac4ce9e8942b888d356d453bc5fc26 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_07162014_142802.log - RKreport_DEL_07162014_190957.log - RKreport_DEL_07222014_123507.log - RKreport_DEL_07252014_205741.log
RKreport_DEL_07302014_175414.log - RKreport_DEL_08182014_140243.log - RKreport_DEL_08192014_171134.log - RKreport_DEL_09032014_225112.log
RKreport_DEL_09072014_132742.log - RKreport_DEL_09092014_123252.log - RKreport_SCN_07162014_141303.log - RKreport_SCN_07162014_142106.log
RKreport_SCN_07162014_142611.log - RKreport_SCN_07162014_190935.log - RKreport_SCN_07222014_123236.log - RKreport_SCN_07252014_205407.log
RKreport_SCN_07252014_205729.log - RKreport_SCN_07302014_173921.log - RKreport_SCN_07302014_174849.log - RKreport_SCN_08182014_135549.log
RKreport_SCN_08192014_164349.log - RKreport_SCN_08192014_165229.log - RKreport_SCN_09032014_225029.log - RKreport_SCN_09032014_225427.log
RKreport_SCN_09072014_130859.log - RKreport_SCN_09072014_131811.log - RKreport_SCN_09092014_121008.log - RKreport_SCN_09092014_122428.log
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarrage : Mode normal
Utilisateur : cherik [Droits d'admin]
Mode : Recherche -- Date : 09/18/2014 19:00:54
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 28 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> TROUVÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> TROUVÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> TROUVÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> TROUVÉ
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> TROUVÉ
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> TROUVÉ
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://google.com -> TROUVÉ
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1904093324-3722900780-3403926114-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://google.com -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 platform.wondershare.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.acronis.com
¤¤¤ Antirootkit : 9 (Driver: CHARGE) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_CREATE[0] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_POWER[22] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xaf0c2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WMILIB.SYS - IRP_MJ_PNP[27] : Unknown @ 0xaf0c2c0
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\PxHlpa64 @ Unknown (\SystemRoot\system32\drivers\FileLock.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHlpa64 @ Unknown (\SystemRoot\system32\drivers\FileLock.sys)
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] de254cb435ded5a886226c6924447cf5
[BSP] f927d1b60f9da352f588875731df200c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 99d67ad14ce204318f92a9a128a74c0d
[BSP] 53ac4ce9e8942b888d356d453bc5fc26 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_07162014_142802.log - RKreport_DEL_07162014_190957.log - RKreport_DEL_07222014_123507.log - RKreport_DEL_07252014_205741.log
RKreport_DEL_07302014_175414.log - RKreport_DEL_08182014_140243.log - RKreport_DEL_08192014_171134.log - RKreport_DEL_09032014_225112.log
RKreport_DEL_09072014_132742.log - RKreport_DEL_09092014_123252.log - RKreport_SCN_07162014_141303.log - RKreport_SCN_07162014_142106.log
RKreport_SCN_07162014_142611.log - RKreport_SCN_07162014_190935.log - RKreport_SCN_07222014_123236.log - RKreport_SCN_07252014_205407.log
RKreport_SCN_07252014_205729.log - RKreport_SCN_07302014_173921.log - RKreport_SCN_07302014_174849.log - RKreport_SCN_08182014_135549.log
RKreport_SCN_08192014_164349.log - RKreport_SCN_08192014_165229.log - RKreport_SCN_09032014_225029.log - RKreport_SCN_09032014_225427.log
RKreport_SCN_09072014_130859.log - RKreport_SCN_09072014_131811.log - RKreport_SCN_09092014_121008.log - RKreport_SCN_09092014_122428.log