RogueKiller V8.8.8 [Feb 19 2014] par Tigzy mail : tigzyRKgmailcom Remontees : http://forum.adlice.com Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://www.adlice.com Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : User [Droits d'admin] Mode : Recherche -- Date : 02/23/2014 13:13:47 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 2 ¤¤¤ [PUP][BLPATH] cacaoweb.exe -- C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe [-] -> TUÉ [TermProc] [SUSP PATH] ouc.exe -- C:\ProgramData\Dim@net\OnlineUpdate\ouc.exe [7] -> TUÉ [TermProc] ¤¤¤ Entrees de registre : 8 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : photo 2013 45151545124 (wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs" [x][-]) -> TROUVÉ [RUN][PUP] HKCU\[...]\Run : cacaoweb ("C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-224683104-1602457905-2880346776-1000\[...]\Run : photo 2013 45151545124 (wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs" [x][-]) -> TROUVÉ [RUN][PUP] HKUS\S-1-5-21-224683104-1602457905-2880346776-1000\[...]\Run : cacaoweb ("C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (10.30.1.145:80 [Country: (Private Address) (XX), City: (Private Address)]) -> TROUVÉ [DNS][PUM] HKLM\[...]\CCSet\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ [DNS][PUM] HKLM\[...]\CS001\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ [DNS][PUM] HKLM\[...]\CS002\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : PUP ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320423AS ATA Device +++++ --- User --- [MBR] d1543d7840ddcf8afd4965df65356eaa [BSP] 95dbc41bda8d58c69510e63ecd97f28d : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) ADATA USB Flash Drive USB Device +++++ --- User --- [MBR] c2a0c2ff71ea5228e6dd4c10bbb18a8c [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3863 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. ) Termine : << RKreport[0]_S_02232014_131347.txt >>