RogueKiller V8.8.7 [Feb 11 2014] par Tigzy mail : tigzyRKgmailcom Remontees : http://forum.adlice.com Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://www.adlice.com Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version Demarrage : Mode normal Utilisateur : kontamine [Droits d'admin] Mode : Recherche -- Date : 02/19/2014 19:14:49 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 2 ¤¤¤ [SUSP PATH][DLL] explorer.exe -- C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x] -> DECHARGÉE [SUSP PATH][DLL] regsvr32.exe -- C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [-] -> regsvr32.exe TUÉ [TermProc] ¤¤¤ Entrees de registre : 18 ¤¤¤ [RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\kontamine\AppData\Local\Google\Desktop\Install\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\???\???\???ﯹ๛\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\GoogleUpdate.exe" >) -> TROUVÉ [RUN][SUSP PATH] HKCU\[...]\Run : Idsoft (regsvr32.exe C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x][-]) -> TROUVÉ [RUN][SUSP PATH] HKCU\[...]\Run : Jyos (C:\Users\kontamine\AppData\Roaming\Daetwu\jyos.exe [x]) -> TROUVÉ [RUN][ZeroAccess] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Google Update ("C:\Users\kontamine\AppData\Local\Google\Desktop\Install\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\???\???\???ﯹ๛\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\GoogleUpdate.exe" >) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Idsoft (regsvr32.exe C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x][-]) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Jyos (C:\Users\kontamine\AppData\Roaming\Daetwu\jyos.exe [x]) -> TROUVÉ [SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ [SERVICE][Root.Necurs] HKLM\[...]\CCSet\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ [SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ [SERVICE][Root.Necurs] HKLM\[...]\CS002\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ [SERVICE][ROGUE ST] HKLM\[...]\CS003\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ [SERVICE][Root.Necurs] HKLM\[...]\CS003\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> TROUVÉ [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ ¤¤¤ Tâches planifiées : 1 ¤¤¤ [V2][SUSP PATH] Updater19962.exe : C:\Users\kontamine\AppData\Local\Updater19962\Updater19962.exe - /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [x][x] -> TROUVÉ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> TROUVÉ [ZeroAccess][Repertoire] Install : C:\Users\kontamine\AppData\Local\Google\Desktop\Install [-] --> TROUVÉ ¤¤¤ Driver : [NON CHARGE 0xc0000001] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\Users\Dood'z\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND] -> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] -> D:\Documents and Settings\kontamine\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND] ¤¤¤ Infection : ZeroAccess|Root.Necurs ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65L5B1 +++++ --- User --- [MBR] af3b67d834ae118f088d399f8ff913f8 [BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 761111 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1558757376 | Size: 177866 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923028695 | Size: 14888 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_S_02192014_191449.txt >>