Publicité
Publicité
Format du document : text/x-log
Prévisualisation
RogueKiller V10.0.4.0 [Oct 29 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Démarré en : Mode normal
Utilisateur : Admin Parents [Administrateur]
Mode : Suppression -- Date : 11/02/2014 00:30:40
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> Supprimé(e)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:53217;https=127.0.0.1:53217 -> Supprimé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:53217;https=127.0.0.1:53217 -> ERROR [2]
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-927858679-1992413843-1000240370-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Remplacé(e) (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-927858679-1992413843-1000240370-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Remplacé(e) (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-927858679-1992413843-1000240370-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Remplacé(e) (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
¤¤¤ Tâches : 4 ¤¤¤
[Suspicious.Path] HUUBGUT.job -- C:\Users\Admin Parents\AppData\Roaming\HUUBGUT.exe (/infocmdline=V8q8cdsM/rHY8B28heaA0I93/UIVrx6neZNsxvAmzFVtUMKUYuS9cfATpzmKPCkPRLD7duj827ls2rHZDE7/rTNQ58x+xh/bE9Xz1+Xebp5OQZArmXFsCodiDq2X9Epi+s3vzTUBzeRxvcjGP6onNI5p42XHYcBJWErZ9hZmqgQaZGhHulNC4ya5oMlEtP9UJNb+zP2bISIRqCsQaHXYKE4FZN84nMoxAzer/yzZGqTMK6S78PV33GGyTU+PZ2HMI8UQcdDdyJyIYgTo267Lk7FMgGBm03Cnt1+ZD3Xbd1R8RkAw1T5YEfBYc1AVskmDZvx3+TXnLVCMwXA7wBYOMnL2ZYH0d0FpFJwhVHAqGDvk2m8owQex9iO0LkcZbc44YYIc0NzrLfb27by6y5eniBWRN3uUmy+kJeGnxpOosCxRIX6NIp5gJYfpBq2XwgjpiSkF/4u0lAMZFfr8l8HDMXD38fz/XzNT7poThRNGU7k5fnX+EA+p9XPy38vnCOhh) -> Supprimé(e)
[Suspicious.Path] KWJWI.job -- C:\Users\Admin Parents\AppData\Roaming\KWJWI.exe (/infocmdline=phchSloNH/M4a8SLyY+pPy9UPkd3X2UFiT0Qodnv2Lbt+SG2gMucNh5qLxDC3BSipNRZU7ueU6W0eMennpUtuPp7kft1CpClaxEnjJowlorO4P2JDVvTF6wAmFULmBPDWONQ0nJCqqjhLq0HfntlZ/Z1hXJpuakPRK7BxqBrxK43nrgY1p+gXzjzL0Qh3FywhP7XatnqXCZOctQGDp1mjgCLpB3e9wnrz0Fkx3xyH4Ua5sT2vh66R8fCQ9fdD7Clv9nG1JXYyZyIGX6hFbvg1NJ+f2JckDsbU9xDkIjam/aVmf11WTAm0np30+juiKqPpUJgK48njZXrd2zMzc/LegM7dj0gBJvUoVz8vhd1UyBI9cBjtrct0fNE2yDkSG8hcyJUeX4KQ1pFzSZ8n27OBltl6Ome0LRHJv+rht31Cf3PbMeosjlWbdA0KOTdvIbZ0I/koqOeLQRBnjGyLgjYJqGHC0BJT/7HQQ9uNKfcf32kuCvfgGitfPVosUfEeLJO) -> Supprimé(e)
[Suspicious.Path] \\HUUBGUT -- C:\Users\Admin Parents\AppData\Roaming\HUUBGUT.exe (/infocmdline=V8q8cdsM/rHY8B28heaA0I93/UIVrx6neZNsxvAmzFVtUMKUYuS9cfATpzmKPCkPRLD7duj827ls2rHZDE7/rTNQ58x+xh/bE9Xz1+Xebp5OQZArmXFsCodiDq2X9Epi+s3vzTUBzeRxvcjGP6onNI5p42XHYcBJWErZ9hZmqgQaZGhHulNC4ya5oMlEtP9UJNb+zP2bISIRqCsQaHXYKE4FZN84nMoxAzer/yzZGqTMK6S78PV33GGyTU+PZ2HMI8UQcdDdyJyIYgTo267Lk7FMgGBm03Cnt1+ZD3Xbd1R8RkAw1T5YEfBYc1AVskmDZvx3+TXnLVCMwXA7wBYOMnL2ZYH0d0FpFJwhVHAqGDvk2m8owQex9iO0LkcZbc44YYIc0NzrLfb27by6y5eniBWRN3uUmy+kJeGnxpOosCxRIX6NIp5gJYfpBq2XwgjpiSkF/4u0lAMZFfr8l8HDMXD38fz/XzNT7poThRNGU7k5fnX+EA+p9XPy38vnCOhh) -> Supprimé(e)
[Suspicious.Path] \\KWJWI -- C:\Users\Admin Parents\AppData\Roaming\KWJWI.exe (/infocmdline=phchSloNH/M4a8SLyY+pPy9UPkd3X2UFiT0Qodnv2Lbt+SG2gMucNh5qLxDC3BSipNRZU7ueU6W0eMennpUtuPp7kft1CpClaxEnjJowlorO4P2JDVvTF6wAmFULmBPDWONQ0nJCqqjhLq0HfntlZ/Z1hXJpuakPRK7BxqBrxK43nrgY1p+gXzjzL0Qh3FywhP7XatnqXCZOctQGDp1mjgCLpB3e9wnrz0Fkx3xyH4Ua5sT2vh66R8fCQ9fdD7Clv9nG1JXYyZyIGX6hFbvg1NJ+f2JckDsbU9xDkIjam/aVmf11WTAm0np30+juiKqPpUJgK48njZXrd2zMzc/LegM7dj0gBJvUoVz8vhd1UyBI9cBjtrct0fNE2yDkSG8hcyJUeX4KQ1pFzSZ8n27OBltl6Ome0LRHJv+rht31Cf3PbMeosjlWbdA0KOTdvIbZ0I/koqOeLQRBnjGyLgjYJqGHC0BJT/7HQQ9uNKfcf32kuCvfgGitfPVosUfEeLJO) -> ERROR [0]
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Supprimé(e)
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> Supprimé(e)
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 7 ¤¤¤
[FIREFX:Addon] azmqvqlz.default : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : DoNotTrackMe [donottrackplus@abine.com] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : ChatZilla [{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : Plugin Orange Installeur [{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : SmileysWeLove: Smileys for use with Facebook, GMail, and more [jid1-FB1bBgFMk5H6Wg@jetpack] -> Supprimé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MJA2160BH G2 +++++
--- User ---
[MBR] 12a161944b3263bd82368f7cca6cdd15
[BSP] c284dfd48f352a396cc2d0cfb44c443e : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 76000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 158722048 | Size: 75125 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11022014_000450.log - RKreport_SCN_11022014_002804.log
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com
Système d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Démarré en : Mode normal
Utilisateur : Admin Parents [Administrateur]
Mode : Suppression -- Date : 11/02/2014 00:30:40
¤¤¤ Processus : 0 ¤¤¤
¤¤¤ Registre : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> Supprimé(e)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> Supprimé(e)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Remplacé(e) (0)
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:53217;https=127.0.0.1:53217 -> Supprimé(e)
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:53217;https=127.0.0.1:53217 -> ERROR [2]
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-927858679-1992413843-1000240370-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Remplacé(e) (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-927858679-1992413843-1000240370-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Remplacé(e) (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-927858679-1992413843-1000240370-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Remplacé(e) (1)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Remplacé(e) (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Remplacé(e) (0)
¤¤¤ Tâches : 4 ¤¤¤
[Suspicious.Path] HUUBGUT.job -- C:\Users\Admin Parents\AppData\Roaming\HUUBGUT.exe (/infocmdline=V8q8cdsM/rHY8B28heaA0I93/UIVrx6neZNsxvAmzFVtUMKUYuS9cfATpzmKPCkPRLD7duj827ls2rHZDE7/rTNQ58x+xh/bE9Xz1+Xebp5OQZArmXFsCodiDq2X9Epi+s3vzTUBzeRxvcjGP6onNI5p42XHYcBJWErZ9hZmqgQaZGhHulNC4ya5oMlEtP9UJNb+zP2bISIRqCsQaHXYKE4FZN84nMoxAzer/yzZGqTMK6S78PV33GGyTU+PZ2HMI8UQcdDdyJyIYgTo267Lk7FMgGBm03Cnt1+ZD3Xbd1R8RkAw1T5YEfBYc1AVskmDZvx3+TXnLVCMwXA7wBYOMnL2ZYH0d0FpFJwhVHAqGDvk2m8owQex9iO0LkcZbc44YYIc0NzrLfb27by6y5eniBWRN3uUmy+kJeGnxpOosCxRIX6NIp5gJYfpBq2XwgjpiSkF/4u0lAMZFfr8l8HDMXD38fz/XzNT7poThRNGU7k5fnX+EA+p9XPy38vnCOhh) -> Supprimé(e)
[Suspicious.Path] KWJWI.job -- C:\Users\Admin Parents\AppData\Roaming\KWJWI.exe (/infocmdline=phchSloNH/M4a8SLyY+pPy9UPkd3X2UFiT0Qodnv2Lbt+SG2gMucNh5qLxDC3BSipNRZU7ueU6W0eMennpUtuPp7kft1CpClaxEnjJowlorO4P2JDVvTF6wAmFULmBPDWONQ0nJCqqjhLq0HfntlZ/Z1hXJpuakPRK7BxqBrxK43nrgY1p+gXzjzL0Qh3FywhP7XatnqXCZOctQGDp1mjgCLpB3e9wnrz0Fkx3xyH4Ua5sT2vh66R8fCQ9fdD7Clv9nG1JXYyZyIGX6hFbvg1NJ+f2JckDsbU9xDkIjam/aVmf11WTAm0np30+juiKqPpUJgK48njZXrd2zMzc/LegM7dj0gBJvUoVz8vhd1UyBI9cBjtrct0fNE2yDkSG8hcyJUeX4KQ1pFzSZ8n27OBltl6Ome0LRHJv+rht31Cf3PbMeosjlWbdA0KOTdvIbZ0I/koqOeLQRBnjGyLgjYJqGHC0BJT/7HQQ9uNKfcf32kuCvfgGitfPVosUfEeLJO) -> Supprimé(e)
[Suspicious.Path] \\HUUBGUT -- C:\Users\Admin Parents\AppData\Roaming\HUUBGUT.exe (/infocmdline=V8q8cdsM/rHY8B28heaA0I93/UIVrx6neZNsxvAmzFVtUMKUYuS9cfATpzmKPCkPRLD7duj827ls2rHZDE7/rTNQ58x+xh/bE9Xz1+Xebp5OQZArmXFsCodiDq2X9Epi+s3vzTUBzeRxvcjGP6onNI5p42XHYcBJWErZ9hZmqgQaZGhHulNC4ya5oMlEtP9UJNb+zP2bISIRqCsQaHXYKE4FZN84nMoxAzer/yzZGqTMK6S78PV33GGyTU+PZ2HMI8UQcdDdyJyIYgTo267Lk7FMgGBm03Cnt1+ZD3Xbd1R8RkAw1T5YEfBYc1AVskmDZvx3+TXnLVCMwXA7wBYOMnL2ZYH0d0FpFJwhVHAqGDvk2m8owQex9iO0LkcZbc44YYIc0NzrLfb27by6y5eniBWRN3uUmy+kJeGnxpOosCxRIX6NIp5gJYfpBq2XwgjpiSkF/4u0lAMZFfr8l8HDMXD38fz/XzNT7poThRNGU7k5fnX+EA+p9XPy38vnCOhh) -> Supprimé(e)
[Suspicious.Path] \\KWJWI -- C:\Users\Admin Parents\AppData\Roaming\KWJWI.exe (/infocmdline=phchSloNH/M4a8SLyY+pPy9UPkd3X2UFiT0Qodnv2Lbt+SG2gMucNh5qLxDC3BSipNRZU7ueU6W0eMennpUtuPp7kft1CpClaxEnjJowlorO4P2JDVvTF6wAmFULmBPDWONQ0nJCqqjhLq0HfntlZ/Z1hXJpuakPRK7BxqBrxK43nrgY1p+gXzjzL0Qh3FywhP7XatnqXCZOctQGDp1mjgCLpB3e9wnrz0Fkx3xyH4Ua5sT2vh66R8fCQ9fdD7Clv9nG1JXYyZyIGX6hFbvg1NJ+f2JckDsbU9xDkIjam/aVmf11WTAm0np30+juiKqPpUJgK48njZXrd2zMzc/LegM7dj0gBJvUoVz8vhd1UyBI9cBjtrct0fNE2yDkSG8hcyJUeX4KQ1pFzSZ8n27OBltl6Ome0LRHJv+rht31Cf3PbMeosjlWbdA0KOTdvIbZ0I/koqOeLQRBnjGyLgjYJqGHC0BJT/7HQQ9uNKfcf32kuCvfgGitfPVosUfEeLJO) -> ERROR [0]
¤¤¤ Fichiers : 0 ¤¤¤
¤¤¤ Fichier Hosts : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Supprimé(e)
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost -> Supprimé(e)
¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤
¤¤¤ Navigateurs web : 7 ¤¤¤
[FIREFX:Addon] azmqvqlz.default : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : DoNotTrackMe [donottrackplus@abine.com] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : ChatZilla [{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : Plugin Orange Installeur [{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}] -> Supprimé(e)
[FIREFX:Addon] azmqvqlz.default : SmileysWeLove: Smileys for use with Facebook, GMail, and more [jid1-FB1bBgFMk5H6Wg@jetpack] -> Supprimé(e)
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MJA2160BH G2 +++++
--- User ---
[MBR] 12a161944b3263bd82368f7cca6cdd15
[BSP] c284dfd48f352a396cc2d0cfb44c443e : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 76000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 158722048 | Size: 75125 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_11022014_000450.log - RKreport_SCN_11022014_002804.log