RogueKiller V8.8.5 [Feb 3 2014] par Tigzy mail : tigzyRKgmailcom Remontees : hxxp://forum.adlice.com Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://www.adlice.com Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Demarrage : Mode normal Utilisateur : admin [Droits d'admin] Mode : Suppression -- Date : 02/07/2014 13:41:26 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 2 ¤¤¤ [SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> ERROR [5] [SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> ERROR [5] ¤¤¤ Entrees de registre : 7 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKLM\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKUS\S-1-5-21-4048705399-1681725136-4007656137-1000\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> [0x2] Le fichier spécifié est introuvable. [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0) [APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll [-]) -> REMPLACÉ () ¤¤¤ Tâches planifiées : 1 ¤¤¤ [V2][SUSP PATH] EPUpdater : C:\Users\admin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> SUPPRIMÉ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ [Address] IAT @explorer.exe (LoadLibraryExA) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF740) [Address] IAT @explorer.exe (LoadLibraryExW) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF7A0) [Address] IAT @explorer.exe (OpenProcess) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBD120) [Address] IAT @explorer.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF860) [Address] IAT @explorer.exe (TerminateProcess) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBD170) [Address] IAT @explorer.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF800) [Inline] IAT @explorer.exe (DialogBoxParamW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DB7440) [Address] IAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF6D0) [Address] IAT @explorer.exe (NtClose) : ntdll.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC3240) [Inline] EAT @explorer.exe (LoadLibraryA) : kernel32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC4200) [Inline] EAT @explorer.exe (LoadLibraryW) : kernel32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC43D0) [Inline] EAT @explorer.exe (DialogBoxParamW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DB7440) ¤¤¤ Ruches Externes: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\Users\admin\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\Users\Invité\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\Documents and Settings\admin\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++ --- User --- [MBR] 23d018ce353eb1d29d4d9d0431397e23 [BSP] de42e484367190f55a7e95a25a270c7e : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 234900 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 481282048 | Size: 241938 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 2.0 USB Device +++++ --- User --- [MBR] ea6bfe486a0de1c48d2624df8a15311c [BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 6 | Size: 7459 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. ) Termine : << RKreport[0]_D_02072014_134126.txt >> RKreport[0]_S_02052014_105204.txt;RKreport[0]_S_02072014_133605.txt