cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V8.4.4 _x64_ [Feb 1 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : vdd [Droits d'admin]
Mode : Recherche -- Date : 01/02/2013 20:31:10
| ARK || MBR |

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 25 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Office2012 (C:\Users\vdd\AppData\Roaming\Office2011\office.exe) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Office2013 (C:\Users\vdd\AppData\Roaming\Office2013\office.exe) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Antivirus (C:\Users\vdd\AppData\Roaming\String\info.exe) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Windows Updater (C:\ProgramData\WindowsUpdater.exe) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : {C47F57D5-AEFE-00F7-3CDF-D820A228467C} (C:\Users\vdd\AppData\Roaming\Agti\ylbu.exe) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Office2012 (C:\Users\vdd\AppData\Roaming\Office2011\office.exe) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Office2013 (C:\Users\vdd\AppData\Roaming\Office2013\office.exe) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Antivirus (C:\Users\vdd\AppData\Roaming\String\info.exe) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Windows Updater (C:\ProgramData\WindowsUpdater.exe) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : {C47F57D5-AEFE-00F7-3CDF-D820A228467C} (C:\Users\vdd\AppData\Roaming\Agti\ylbu.exe) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Services\Microsoft\Run : Office2012 (C:\Users\vdd\AppData\Roaming\Office2011\office.exe) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Services\Microsoft\Run : Office2013 (C:\Users\vdd\AppData\Roaming\Office2013\office.exe) -> TROUVÉ
[RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Services\Microsoft\Run : 1281 (C:\PROGRA~3\LOCALS~1\Temp\mselgzvva.pif) -> TROUVÉ
[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Policies\Explorer\\Services\Microsoft\Run : 1281 (C:\PROGRA~3\LOCALS~1\Temp\mselgzvva.pif) -> TROUVÉ
[SHELL][SUSP PATH] HKCU\[...]\Services\Microsoft\Windows : Load (C:\Users\vdd\Local Settings\Temp\mscbfo.exe) -> TROUVÉ
[SHELL][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Windows : Load (C:\Users\vdd\Local Settings\Temp\mscbfo.exe) -> TROUVÉ
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> TROUVÉ
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> TROUVÉ
[HJ] HKLM\[...]\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableTaskMgr (0) -> TROUVÉ
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[SCREENSV][SUSP PATH] HKCU\[...]\ServicesPanel\Desktop (C:\Windows\yowindow.scr) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 localhost
127.0.0.1 192.150.14.69
127.0.0.1 192.150.18.101
127.0.0.1 192.150.18.108
127.0.0.1 192.150.22.40
127.0.0.1 192.150.8.100
127.0.0.1 192.150.8.118
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.adobe.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 +++++
--- User ---
[MBR] fb1b816ba80b36f99c0efc8a4d46c8f6
[BSP] 174c82233570575a4ace0355ebffbc76 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 35653632 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 35858432 | Size: 229326 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 505518080 | Size: 230104 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
--- User ---
[MBR] 443febbf2b770631bfa63bc73ee3bf3b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15267 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1]_S_01022013_203110.txt >>
RKreport[1]_S_01022013_203110.txt




Publicité


Signaler le contenu de ce document

Publicité