Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V10.0.8.0 [Nov 20 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : utilisateur [Administrateur]
Mode : Suppression -- Date : 11/28/2014 09:06:00
¤¤¤ Processus : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- [x] -> Tué(e) [TermThr]
¤¤¤ Registre : 17 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> Supprimé(e)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Supprimé(e)
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 5 ¤¤¤
[FIREFX:Addon] w00861lv.default-1415334404316 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] w00861lv.default-1415334404316 : Flashblock [{3d7eb24f-2740-49df-8937-200b1cc08f8a}] -> Supprimé(e)
[FIREFX:Addon] y5m1cjx6.default-1411203701186 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] y5m1cjx6.default-1411203701186 : avast! Online Security [wrc@avast.com] -> Supprimé(e)
[FIREFX:Addon] y5m1cjx6.default-1411203701186 : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Supprimé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B0 ATA Device +++++
--- User ---
[MBR] f36daa096ec62cd87ec2bd3b4d07c486
[BSP] 7360197d8a70ef9ef1fa21ea896c8be0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 4ba508dec5662c6ceafc59887e1a0a0d
[BSP] 62f04e9fd8b9a0eabad20c5ce30bfadc : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 61050 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: SanDisk Cruzer Pattern USB Device +++++
--- User ---
[MBR] 71f5d6402e17e19c8a44c8eb40ff513f
[BSP] 788470fe12ec57aabe933cfdd9c84885 : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 129 | Size: 955 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_DEL_09202014_040758.log - RKreport_SCN_09202014_040458.log - RKreport_SCN_11282014_090200.log
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : utilisateur [Administrateur]
Mode : Suppression -- Date : 11/28/2014 09:06:00
¤¤¤ Processus : 1 ¤¤¤
[Proc.Svchost] svchost.exe -- [x] -> Tué(e) [TermThr]
¤¤¤ Registre : 17 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> Supprimé(e)
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1054803036-270390378-4222297027-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
¤¤¤ Tâches : 0 ¤¤¤
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Supprimé(e)
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 5 ¤¤¤
[FIREFX:Addon] w00861lv.default-1415334404316 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] w00861lv.default-1415334404316 : Flashblock [{3d7eb24f-2740-49df-8937-200b1cc08f8a}] -> Supprimé(e)
[FIREFX:Addon] y5m1cjx6.default-1411203701186 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] y5m1cjx6.default-1411203701186 : avast! Online Security [wrc@avast.com] -> Supprimé(e)
[FIREFX:Addon] y5m1cjx6.default-1411203701186 : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Supprimé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B0 ATA Device +++++
--- User ---
[MBR] f36daa096ec62cd87ec2bd3b4d07c486
[BSP] 7360197d8a70ef9ef1fa21ea896c8be0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 610477 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 4ba508dec5662c6ceafc59887e1a0a0d
[BSP] 62f04e9fd8b9a0eabad20c5ce30bfadc : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 61050 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
+++++ PhysicalDrive2: SanDisk Cruzer Pattern USB Device +++++
--- User ---
[MBR] 71f5d6402e17e19c8a44c8eb40ff513f
[BSP] 788470fe12ec57aabe933cfdd9c84885 : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 129 | Size: 955 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )
============================================
RKreport_DEL_09202014_040758.log - RKreport_SCN_09202014_040458.log - RKreport_SCN_11282014_090200.log