RogueKiller V8.8.7 [Feb 11 2014] par Tigzy mail : tigzyRKgmailcom Remontees : http://forum.adlice.com Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://www.adlice.com Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur : Killer_VirusFr [Droits d'admin] Mode : Suppression -- Date : 02/16/2014 21:56:00 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 11 ¤¤¤ [SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [7] -> TUÉ [TermProc] [SVCHOST] svchost.exe -- C:\WINDOWS\system32\svchost.exe [7] -> TUÉ [TermProc] [SVCHOST] svchost.exe -- C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe [-] -> TUÉ [TermProc] [SVCHOST] Svchost.exe -- C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Svchost.exe [-] -> TUÉ [TermThr] [SUSP PATH] server.exe -- C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\server.exe [-] -> TUÉ [TermProc] [SVCHOST] svchost.exe -- C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe [-] -> TUÉ [TermThr] [SVCHOST] Svchost.exe -- C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Svchost.exe [-] -> TUÉ [TermThr] [SUSP PATH] server.exe -- C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\server.exe [-] -> TUÉ [TermThr] [SUSP PATH] 1.exe -- C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\3582-490\1.exe [-] -> TUÉ [Tree] [SUSP PATH] update.exe -- C:\Documents and Settings\Killer_VirusFr\Application Data\Microsoft\update.exe [-] -> TUÉ [TermProc] [SUSP PATH] Trojan.exe -- C:\Documents and Settings\Killer_VirusFr\Local Settings\temp\Trojan.exe [-] -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 19 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : 33a02ce3a6dc322bc7e588c3c6d40f38 ("C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKCU\[...]\Run : b6b14442eb327de390e5ed1e983e5ab0 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKCU\[...]\Run : 378d21732268e1971ca57e15bd4a5ad9 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKCU\[...]\Run : 5cd8f17f4086744065eb0992a09e05a2 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKCU\[...]\Run : Facebook Update (%APPDATA%\Microsoft\update.exe [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKLM\[...]\Run : 33a02ce3a6dc322bc7e588c3c6d40f38 ("C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKLM\[...]\Run : b6b14442eb327de390e5ed1e983e5ab0 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKLM\[...]\Run : 378d21732268e1971ca57e15bd4a5ad9 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKLM\[...]\Run : 5cd8f17f4086744065eb0992a09e05a2 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" .. [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKUS\S-1-5-21-1614895754-1708537768-839522115-1003\[...]\Run : 33a02ce3a6dc322bc7e588c3c6d40f38 ("C:\Documents and Settings\Killer_VirusFr\Application Data\svchost.exe" .. [-]) -> [0x2] Le fichier spécifié est introuvable. [RUN][SUSP PATH] HKUS\S-1-5-21-1614895754-1708537768-839522115-1003\[...]\Run : b6b14442eb327de390e5ed1e983e5ab0 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Svchost.exe" .. [-]) -> [0x2] Le fichier spécifié est introuvable. [RUN][SUSP PATH] HKUS\S-1-5-21-1614895754-1708537768-839522115-1003\[...]\Run : 378d21732268e1971ca57e15bd4a5ad9 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\server.exe" .. [-]) -> [0x2] Le fichier spécifié est introuvable. [RUN][SUSP PATH] HKUS\S-1-5-21-1614895754-1708537768-839522115-1003\[...]\Run : 5cd8f17f4086744065eb0992a09e05a2 ("C:\Documents and Settings\Killer_VirusFr\Local Settings\Temp\Trojan.exe" .. [-]) -> [0x2] Le fichier spécifié est introuvable. [RUN][SUSP PATH] HKUS\S-1-5-21-1614895754-1708537768-839522115-1003\[...]\Run : Facebook Update (%APPDATA%\Microsoft\update.exe [-]) -> [0x2] Le fichier spécifié est introuvable. [RUN][SUSP PATH] HKCU\[...]\Run : Facebook Update (%APPDATA%\Microsoft\update.exe [-]) -> SUPPRIMÉ [RUN][SUSP PATH] HKUS\S-1-5-21-1614895754-1708537768-839522115-1003\[...]\Run : Facebook Update (%APPDATA%\Microsoft\update.exe [-]) -> [0x2] Le fichier spécifié est introuvable. [HJ POL][PUM] HKCU\[...]\System : EnableLUA (0) -> REMPLACÉ (1) [HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REMPLACÉ () [HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REMPLACÉ () ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [CHARGE] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) VBOX HARDDISK +++++ --- User --- [MBR] b6c0a44794e8fb852a8018742e9d1323 [BSP] e2e7a520d0a0c8f02ddb567b7ee4694f : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10228 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_D_02162014_215600.txt >> RKreport[0]_D_02162014_214818.txt;RKreport[0]_D_02162014_215022.txt;RKreport[0]_D_02162014_215109.txt RKreport[0]_D_02162014_215144.txt;RKreport[0]_D_02162014_215303.txt;RKreport[0]_H_02162014_214819.txt RKreport[0]_S_02162014_214801.txt;RKreport[0]_S_02162014_215011.txt;RKreport[0]_S_02162014_215107.txt RKreport[0]_S_02162014_215132.txt;RKreport[0]_S_02162014_215302.txt;RKreport[0]_S_02162014_215551.txt