RogueKiller V8.6.2 [Jul 5 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.adlice.com/forum/ Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Demarrage : Mode normal Utilisateur : Système [Droits d'admin] Mode : Suppression -- Date : 10/25/2013 19:04:02 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 13 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REMPLACÉ (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REMPLACÉ (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ -> C:\windows\system32\config\SYSTEM C:\Windows\system32 C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -> C:\windows\system32\config\SOFTWARE C:\Windows\system32 C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -> C:\windows\system32\config\SECURITY C:\Windows\system32 C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -> C:\windows\system32\config\SAM C:\Windows\system32 C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -> C:\windows\system32\config\DEFAULT C:\Windows\system32 C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -> C:\Users\Default\NTUSER.DAT C:\Windows\system32 -> C:\Users\Default User\NTUSER.DAT C:\Windows\system32 -> C:\Users\William\NTUSER.DAT C:\Windows\system32 C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup -> C:\Documents and Settings\Default\NTUSER.DAT C:\Windows\system32 -> C:\Documents and Settings\Default User\NTUSER.DAT C:\Windows\system32 -> C:\Documents and Settings\William\NTUSER.DAT C:\Windows\system32 C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 27696a5f4e1541e14abf86a69d27bef5 [BSP] 347f96eec1103977fbce4dd455901260 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 152625 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 357640192 | Size: 435851 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_D_10252013_190402.txt >> RKreport[0]_S_10252013_174755.txt