RogueKiller V8.6.12 [Sep 18 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.adlice.com/forum/ Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Demarrage : Mode normal Utilisateur : Stef [Droits d'admin] Mode : Suppression -- Date : 09/27/2013 08:02:39 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\bitguard\261673~1.238\{c16c1~1\bitguard.dll [7]) -> REMPLACÉ () ¤¤¤ Tâches planifiées : 1 ¤¤¤ [V2][SUSP PATH] EPUpdater : C:\Users\Stef\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> SUPPRIMÉ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ [Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8) [Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8) [Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8) [Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8) [Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8) [Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8) [Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8) ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - HDS722512VLAT80 ATA Device +++++ --- User --- [MBR] 058efca68c9d83419125088f225fe571 [BSP] 2aec668f1c54506632abe2ee39a0f49c : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 37785 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 77385105 | Size: 80011 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Lecteurs de disque standard) - Maxtor 6B200P0 ATA Device +++++ --- User --- [MBR] 057b7a37f7e7c96f5e1b1961ee82b9f7 [BSP] 86072e9947d67f89b1047e7571b5710c : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204796620 | Size: 35000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 276478650 | Size: 59475 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) (Lecteurs de disque standard) - WDC WD10EADS-00P8B0 ATA Device +++++ --- User --- [MBR] ceb414d5cf830b46e365c5eb149092b6 [BSP] 70809f0a3dabc2e4b5301b8b89dcc47b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 500000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1228802048 | Size: 353867 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_D_09272013_080239.txt >> RKreport[0]_S_09272013_080208.txt