RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Maxime MASTIO [Droits d'admin]
Mode : Suppression -- Date : 12/04/2013 17:36:57
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[Del.Parent][FILE] 00000008.@ : C:\RECYCLER\S-1-5-18\$b04419b44a314b1b1832a6a89f5570e4\U\00000008.@ [-] --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$b04419b44a314b1b1832a6a89f5570e4\U --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-3120409228-1425702060-4049338451-1006\$b04419b44a314b1b1832a6a89f5570e4\U --> SUPPRIMÉ
[Del.Parent][FILE] 00000004.@ : C:\RECYCLER\S-1-5-18\$b04419b44a314b1b1832a6a89f5570e4\L\00000004.@ [-] --> SUPPRIMÉ
[Del.Parent][FILE] 201d3dde : C:\RECYCLER\S-1-5-18\$b04419b44a314b1b1832a6a89f5570e4\L\201d3dde [-] --> SUPPRIMÉ
[Del.Parent][FILE] 76603ac3 : C:\RECYCLER\S-1-5-18\$b04419b44a314b1b1832a6a89f5570e4\L\76603ac3 [-] --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$b04419b44a314b1b1832a6a89f5570e4\L --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-3120409228-1425702060-4049338451-1006\$b04419b44a314b1b1832a6a89f5570e4\L --> SUPPRIMÉ

¤¤¤ Driver : [CHARGE] ¤¤¤
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x861EAF76)
IRP[DriverStartIo] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x861EB0AE)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9160310AS +++++
--- User ---
[MBR] 1c29ad2f3c40fab88b71565a8a600c4e
[BSP] 647cc81c1b29d81374f97562ae8a3ae8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 81940 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167814990 | Size: 70653 Mo
2 - [XXXXXX] UNKNOWN (0xef) [VISIBLE] Offset (sectors): 312512445 | Size: 31 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[3]_D_12042013_173657.txt >>
RKreport[1]_S_12042013_171558.txt ; RKreport[2]_S_12042013_173532.txt ; RKreport[3]_D_12042013_173657.txt