RogueKiller V8.5.4 [Mar 18 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Vaness [Droits d'admin] Mode : Recherche -- Date : 07/06/2013 09:47:04 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 6 ¤¤¤ [SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermProc] [SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr] [SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr] [SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr] [SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr] [SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr] ¤¤¤ Entrees de registre : 10 ¤¤¤ [SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ [SHELL][SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ [SHELL][Rans.Gendarm] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ [SHELL][SUSP PATH] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ [HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++ --- User --- [MBR] f520e08c08944bcad7f5f1d30ffc532f [BSP] a03c57c3ee1bc2f7cd979931e1011f07 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[1]_S_07062013_094704.txt >> RKreport[1]_S_07062013_094704.txt