cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Vaness [Droits d'admin]
Mode : Recherche -- Date : 07/06/2013 09:47:04
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 6 ¤¤¤
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermProc]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]

¤¤¤ Entrees de registre : 10 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ
[SHELL][SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ
[SHELL][Rans.Gendarm] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ
[SHELL][SUSP PATH] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] f520e08c08944bcad7f5f1d30ffc532f
[BSP] a03c57c3ee1bc2f7cd979931e1011f07 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_07062013_094704.txt >>
RKreport[1]_S_07062013_094704.txt




Publicité


Signaler le contenu de ce document

Publicité