Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V9.2.13.0 [Sep 25 2014] par Adlice Software
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarrage : Mode normal
Utilisateur : Home [Droits d'admin]
Mode : Suppression -- Date : 10/04/2014 08:41:16
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NON SELECTIONNÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 37 (Driver: CHARGE) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x8531a1f8
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCER : C:\Windows\system32\cryptext.dll @ 0x72578ef6
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCERW : C:\Windows\system32\cryptext.dll @ 0x72578e57
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCRL : C:\Windows\system32\cryptext.dll @ 0x725792a0
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCRLW : C:\Windows\system32\cryptext.dll @ 0x72579201
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCTL : C:\Windows\system32\cryptext.dll @ 0x725790bd
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCTLW : C:\Windows\system32\cryptext.dll @ 0x7257901e
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddP7R : C:\Windows\system32\cryptext.dll @ 0x7257981c
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddP7RW : C:\Windows\system32\cryptext.dll @ 0x725795c7
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddPFX : C:\Windows\system32\cryptext.dll @ 0x72578dff
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddPFXW : C:\Windows\system32\cryptext.dll @ 0x72578d72
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddSPC : C:\Windows\system32\cryptext.dll @ 0x7257947b
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddSPCW : C:\Windows\system32\cryptext.dll @ 0x725793e8
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCAT : C:\Windows\system32\cryptext.dll @ 0x72578d1a
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCATW : C:\Windows\system32\cryptext.dll @ 0x72578c96
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCER : C:\Windows\system32\cryptext.dll @ 0x72578c3a
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCERW : C:\Windows\system32\cryptext.dll @ 0x72578ba2
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCRL : C:\Windows\system32\cryptext.dll @ 0x725791a9
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCRLW : C:\Windows\system32\cryptext.dll @ 0x72579115
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCTL : C:\Windows\system32\cryptext.dll @ 0x72578fc6
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCTLW : C:\Windows\system32\cryptext.dll @ 0x72578f4e
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenP7R : C:\Windows\system32\cryptext.dll @ 0x725794e3
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenP7RW : C:\Windows\system32\cryptext.dll @ 0x725794d3
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenPKCS7 : C:\Windows\system32\cryptext.dll @ 0x72579390
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenPKCS7W : C:\Windows\system32\cryptext.dll @ 0x725792f8
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenSTR : C:\Windows\system32\cryptext.dll @ 0x725798e3
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenSTRW : C:\Windows\system32\cryptext.dll @ 0x72579867
[EAT:Addr] (explorer.exe) wcnapi.dll - DllCanUnloadNow : C:\Windows\system32\cryptext.dll @ 0x72573742
[EAT:Addr] (explorer.exe) wcnapi.dll - DllGetClassObject : C:\Windows\system32\cryptext.dll @ 0x72573753
[EAT:Addr] (explorer.exe) wcnapi.dll - DllRegisterServer : C:\Windows\system32\cryptext.dll @ 0x72573774
[EAT:Addr] (explorer.exe) wcnapi.dll - DllUnregisterServer : C:\Windows\system32\cryptext.dll @ 0x72573791
¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 2os84r5l.default-1412146634061 : user_pref("browser.startup.homepage", "www.google.com"); -> REMPLACÉ (about:home)
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ST3120026AS ATA Device +++++
--- User ---
[MBR] 17c2b39654041bd872ae1d837454b1fd
[BSP] b13f79ac0bfedc9487bc5555cfe00125 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7633 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive3: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] ab814d4575d271ab4b370afd69c64bfe
[BSP] ffd3b30baf321206fc640e8b8335d92f : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 15264 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive4: disk2go FUSION USB Device +++++
--- User ---
[MBR] 40f0b92c7614616f6f60a8083e666b47
[BSP] 71dd60e752b037911e41e8fdeea774d1 : Unknown MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_10042014_083409.log
Mail : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site Web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarrage : Mode normal
Utilisateur : Home [Droits d'admin]
Mode : Suppression -- Date : 10/04/2014 08:41:16
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrées de registre : 4 ¤¤¤
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NON SELECTIONNÉ
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2183734825-1538499346-3546060110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NON SELECTIONNÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 37 (Driver: CHARGE) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8531a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x8531a1f8
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCER : C:\Windows\system32\cryptext.dll @ 0x72578ef6
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCERW : C:\Windows\system32\cryptext.dll @ 0x72578e57
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCRL : C:\Windows\system32\cryptext.dll @ 0x725792a0
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCRLW : C:\Windows\system32\cryptext.dll @ 0x72579201
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCTL : C:\Windows\system32\cryptext.dll @ 0x725790bd
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddCTLW : C:\Windows\system32\cryptext.dll @ 0x7257901e
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddP7R : C:\Windows\system32\cryptext.dll @ 0x7257981c
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddP7RW : C:\Windows\system32\cryptext.dll @ 0x725795c7
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddPFX : C:\Windows\system32\cryptext.dll @ 0x72578dff
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddPFXW : C:\Windows\system32\cryptext.dll @ 0x72578d72
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddSPC : C:\Windows\system32\cryptext.dll @ 0x7257947b
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtAddSPCW : C:\Windows\system32\cryptext.dll @ 0x725793e8
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCAT : C:\Windows\system32\cryptext.dll @ 0x72578d1a
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCATW : C:\Windows\system32\cryptext.dll @ 0x72578c96
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCER : C:\Windows\system32\cryptext.dll @ 0x72578c3a
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCERW : C:\Windows\system32\cryptext.dll @ 0x72578ba2
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCRL : C:\Windows\system32\cryptext.dll @ 0x725791a9
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCRLW : C:\Windows\system32\cryptext.dll @ 0x72579115
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCTL : C:\Windows\system32\cryptext.dll @ 0x72578fc6
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenCTLW : C:\Windows\system32\cryptext.dll @ 0x72578f4e
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenP7R : C:\Windows\system32\cryptext.dll @ 0x725794e3
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenP7RW : C:\Windows\system32\cryptext.dll @ 0x725794d3
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenPKCS7 : C:\Windows\system32\cryptext.dll @ 0x72579390
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenPKCS7W : C:\Windows\system32\cryptext.dll @ 0x725792f8
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenSTR : C:\Windows\system32\cryptext.dll @ 0x725798e3
[EAT:Addr] (explorer.exe) wcnapi.dll - CryptExtOpenSTRW : C:\Windows\system32\cryptext.dll @ 0x72579867
[EAT:Addr] (explorer.exe) wcnapi.dll - DllCanUnloadNow : C:\Windows\system32\cryptext.dll @ 0x72573742
[EAT:Addr] (explorer.exe) wcnapi.dll - DllGetClassObject : C:\Windows\system32\cryptext.dll @ 0x72573753
[EAT:Addr] (explorer.exe) wcnapi.dll - DllRegisterServer : C:\Windows\system32\cryptext.dll @ 0x72573774
[EAT:Addr] (explorer.exe) wcnapi.dll - DllUnregisterServer : C:\Windows\system32\cryptext.dll @ 0x72573791
¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 2os84r5l.default-1412146634061 : user_pref("browser.startup.homepage", "www.google.com"); -> REMPLACÉ (about:home)
¤¤¤ MBR Verif : ¤¤¤
+++++ PhysicalDrive0: ST3120026AS ATA Device +++++
--- User ---
[MBR] 17c2b39654041bd872ae1d837454b1fd
[BSP] b13f79ac0bfedc9487bc5555cfe00125 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7633 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive3: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] ab814d4575d271ab4b370afd69c64bfe
[BSP] ffd3b30baf321206fc640e8b8335d92f : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 15264 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive4: disk2go FUSION USB Device +++++
--- User ---
[MBR] 40f0b92c7614616f6f60a8083e666b47
[BSP] 71dd60e752b037911e41e8fdeea774d1 : Unknown MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_SCN_10042014_083409.log