cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

RogueKiller V8.8.10 [Feb 28 2014] par Adlice Software
mail : http://www.adlice.com/contact/
Remontees : http://forum.adlice.com
Site Web : http://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Lionel [Droits d'admin]
Mode : Suppression -- Date : 03/11/2014 15:32:34
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] alotservice.exe -- C:\Users\Lionel\AppData\LocalLow\alotservice\alotservice.exe [7] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 8 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Tâches planifiées : 8 ¤¤¤
[V1][SUSP PATH] Digital Sites.job : C:\Users\Lionel\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> SUPPRIMÉ
[V1][SUSP PATH] MySearchDial.job : C:\Users\Lionel\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> SUPPRIMÉ
[V2][SUSP PATH] BoxSoftwareUpdate : "C:\ProgramData\BoxUpdChk\updchk.exe" [x] -> SUPPRIMÉ
[V2][SUSP PATH] Digital Sites : C:\Users\Lionel\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> ERROR DELETING TASK
[V2][SUSP PATH] MySearchDial : C:\Users\Lionel\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> ERROR DELETING TASK
[V2][SUSP PATH] {32A9CC2C-3599-4DE3-A054-6CFE9469548E} : C:\Users\Lionel\Desktop\ZHPDiag2.exe [-] -> SUPPRIMÉ
[V2][SUSP PATH] {4A122726-566C-4FBF-87AD-88FA4AFC503D} : C:\Users\Lionel\Desktop\ZHPDiag2.exe [-] -> SUPPRIMÉ
[V2][SUSP PATH] {8279E003-868F-4294-98D6-979304DD75CF} : C:\Users\Lionel\Desktop\ZHPDiag2.exe [-] -> SUPPRIMÉ

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x632613DD)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7610461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7610462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76100DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7610460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x775746E9)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7610461D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7610462D)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76100DC5)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x7610460D)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x775746E9)

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-22B4A0 ATA Device +++++
--- User ---
[MBR] 8f91c883f5758a73acb0d71f4ef44740
[BSP] df71d1fcc76ad62816bf26ded68019c1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 110757 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 227037184 | Size: 194385 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_D_03112014_153234.txt >>
RKreport[0]_S_03062014_223932.txt;RKreport[0]_S_03112014_153023.txt




Publicité


Signaler le contenu de ce document

Publicité