RogueKiller V9.0.0.0 [May 29 2014] par Adlice Software Mail : http://www.adlice.com/contact/ Remontées : http://forum.adlice.com Site Web : http://www.surlatoile.org/RogueKiller/ Blog : http://www.adlice.com Système d'exploitation : Windows 8.1 (6.3.9200 ) 32 bits version Démarrage : Mode normal Utilisateur : scorebut [Droits d'admin] Mode : Suppression -- Date : 05/31/2014 11:48:36 ¤¤¤ Processus malicieux : 2 ¤¤¤ [Hidden!] -- [x] -> TUÉ [TermThr] [Suspicious.Path] (SVC) mbr -- \??\C:\Users\scorebut\AppData\Local\Temp\mbr.sys[x] -> STOPPÉ ¤¤¤ Entrées de registre : 4 ¤¤¤ [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> SUPPRIMÉ [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 -> SUPPRIMÉ [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> SUPPRIMÉ [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UnlockerDriver5 -> SUPPRIMÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Fichiers : 0 ¤¤¤ ¤¤¤ Fichier HOSTS : 21 ¤¤¤ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 85.159.236.252 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 85.159.236.253 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 85.159.236.254 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 85.159.232.81 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 85.159.232.82 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 85.159.232.83 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 193.107.240.1 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 193.107.240.2 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 193.107.240.3 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 193.107.240.4 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 82.138.81.211 -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 license.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.license.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 speccy.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.speccy.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 recuva.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.recuva.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 defraggler.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.defraggler.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 ccleaner.piriform.com -> SUPPRIMÉ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.ccleaner.piriform.com -> SUPPRIMÉ ¤¤¤ Antirootkit : 68 ¤¤¤ [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemFree : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f38d0 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCreateInstance : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7670b29d [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoRegisterClassObject : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7675f40c [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoRevokeClassObject : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767603ec [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoSetProxyBlanket : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7672b5d1 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemAlloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f3a60 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoWaitForMultipleHandles : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767092fd [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoInitializeEx : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f4d05 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoUninitialize : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f487e [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - RoGetAgileReference : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76777d4b [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - StringFromGUID2 : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767081c7 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoTaskMemRealloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76709198 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetApartmentType : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76708480 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - PropVariantClear : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76708430 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CreateStreamOnHGlobal : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673d38c [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetMalloc : C:\WINDOWS\SYSTEM32\combase.dll @ 0x766f3e47 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoEnableCallCancellation : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673cf14 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCancelCall : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767c7d5b [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoDisableCallCancellation : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673cec5 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CLSIDFromString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7671b302 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoFreeUnusedLibraries : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7676264f [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoMarshalInterThreadInterfaceInStream : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673dad5 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoReleaseMarshalData : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767151e9 [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoGetInterfaceAndReleaseStream : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673da7d [IAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-1.dll - CoCreateFreeThreadedMarshaler : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76738b18 [IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsDeleteString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673be69 [IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateStringReference : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767726c7 [IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsCreateString : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7673bd91 [IAT:Addr] (explorer.exe) api-ms-win-core-winrt-string-l1-1-0.dll - WindowsGetStringRawBuffer : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76772739 [IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - CallNtPowerInformation : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74c41e73 [IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - PowerDeterminePlatformRoleEx : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74c439e9 [IAT:Addr] (explorer.exe) api-ms-win-power-base-l1-1-0.dll - GetPwrCapabilities : C:\WINDOWS\SYSTEM32\powrprof.dll @ 0x74c42e29 [IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRegisterInitializeSpy : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76739001 [IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRegisterMessageFilter : C:\WINDOWS\SYSTEM32\combase.dll @ 0x76771ce2 [IAT:Addr] (explorer.exe) api-ms-win-core-com-private-l1-1-0.dll - CoRevokeInitializeSpy : C:\WINDOWS\SYSTEM32\combase.dll @ 0x767176c0 [IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - StopTraceW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77022e13 [IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - EnableTraceEx2 : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x770237e1 [IAT:Addr] (explorer.exe) api-ms-win-eventing-controller-l1-1-0.dll - StartTraceW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x770255f7 [IAT:Addr] (explorer.exe) api-ms-win-service-management-l2-1-0.dll - QueryServiceConfigW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x7701b094 [IAT:Addr] (explorer.exe) api-ms-win-service-management-l2-1-0.dll - NotifyServiceStatusChangeW : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77020f0c [IAT:Addr] (explorer.exe) api-ms-win-core-winrt-l1-1-0.dll - RoGetActivationFactory : C:\WINDOWS\SYSTEM32\combase.dll @ 0x7672ef27 [IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - GetIdentityProviderInfoByGUID : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x7701b65d [IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - EnumerateIdentityProviders : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77018a90 [IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - ReleaseIdentityProviderEnumContext : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77018a6a [IAT:Addr] (explorer.exe) api-ms-win-security-lsalookup-l1-1-1.dll - GetDefaultIdentityProvider : C:\WINDOWS\SYSTEM32\sechost.dll @ 0x77022eeb [EAT:Addr] (explorer.exe) NETAPI32.dll - NetAddAlternateComputerName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed66a7 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetEnumerateComputerNames : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed67b1 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetGetJoinInformation : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed2b89 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetGetJoinableOUs : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6931 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetJoinDomain : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed4409 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetRemoveAlternateComputerName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6a89 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetRenameMachineInDomain : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6b91 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetSetPrimaryComputerName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6c99 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetUnjoinDomain : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed431b [EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseAdd : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed3324 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseDel : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed2fe8 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseEnum : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed30c1 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetUseGetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6da1 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetValidateName : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6e41 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaGetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed2c99 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaSetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed6fd1 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaStatisticsGet : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed70a9 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaTransportAdd : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed71b9 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaTransportDel : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7299 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaTransportEnum : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7371 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaUserEnum : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed74c5 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaUserGetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7615 [EAT:Addr] (explorer.exe) NETAPI32.dll - NetWkstaUserSetInfo : C:\WINDOWS\SYSTEM32\wkscli.dll @ 0x71ed7709 ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ MBR Verif : ¤¤¤ +++++ PhysicalDrive0: ST3320620AS ATA Device +++++ --- User --- [MBR] 286a47ec1d825e6e5408e3b528a9eb83 [BSP] cdb3d16f6f7f7af4c5adeeec4c297cf1 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 153657 MB 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 315410431 | Size: 151235 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: USB Flash Memory USB Device +++++ --- User --- [MBR] 4ea20397e70ebcb4dc329c53aab3aae2 [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 128 | Size: 3874 MB User = LL1 ... OK Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. ) ============================================ RKreport_SCN_05302014_184933.log - RKreport_SCN_05312014_000235.log - RKreport_SCN_05312014_112723.log