RogueKiller V8.4.4 _x64_ [Feb 1 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : vdd [Droits d'admin] Mode : Recherche -- Date : 01/02/2013 20:31:10 | ARK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 25 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Office2012 (C:\Users\vdd\AppData\Roaming\Office2011\office.exe) -> TROUVÉ [RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Office2013 (C:\Users\vdd\AppData\Roaming\Office2013\office.exe) -> TROUVÉ [RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Antivirus (C:\Users\vdd\AppData\Roaming\String\info.exe) -> TROUVÉ [RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : Windows Updater (C:\ProgramData\WindowsUpdater.exe) -> TROUVÉ [RUN][SUSP PATH] HKCU\[...]\Services\Microsoft\Run : {C47F57D5-AEFE-00F7-3CDF-D820A228467C} (C:\Users\vdd\AppData\Roaming\Agti\ylbu.exe) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Office2012 (C:\Users\vdd\AppData\Roaming\Office2011\office.exe) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Office2013 (C:\Users\vdd\AppData\Roaming\Office2013\office.exe) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Antivirus (C:\Users\vdd\AppData\Roaming\String\info.exe) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : Windows Updater (C:\ProgramData\WindowsUpdater.exe) -> TROUVÉ [RUN][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Run : {C47F57D5-AEFE-00F7-3CDF-D820A228467C} (C:\Users\vdd\AppData\Roaming\Agti\ylbu.exe) -> TROUVÉ [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Services\Microsoft\Run : Office2012 (C:\Users\vdd\AppData\Roaming\Office2011\office.exe) -> TROUVÉ [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Services\Microsoft\Run : Office2013 (C:\Users\vdd\AppData\Roaming\Office2013\office.exe) -> TROUVÉ [RUN][ROGUE ST] HKLM\[...]\Policies\Explorer\\Services\Microsoft\Run : 1281 (C:\PROGRA~3\LOCALS~1\Temp\mselgzvva.pif) -> TROUVÉ [RUN][ROGUE ST] HKLM\[...]\Wow6432Node\Policies\Explorer\\Services\Microsoft\Run : 1281 (C:\PROGRA~3\LOCALS~1\Temp\mselgzvva.pif) -> TROUVÉ [SHELL][SUSP PATH] HKCU\[...]\Services\Microsoft\Windows : Load (C:\Users\vdd\Local Settings\Temp\mscbfo.exe) -> TROUVÉ [SHELL][SUSP PATH] HKUS\S-1-5-21-2609519542-3147258301-233002904-1000[...]\Services-2609519542-3147258301-233002904-1000\Windows : Load (C:\Users\vdd\Local Settings\Temp\mscbfo.exe) -> TROUVÉ [HJPOL] HKLM\[...]\Services\Microsoft\System : DisableTaskMgr (0) -> TROUVÉ [HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> TROUVÉ [HJ] HKLM\[...]\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ [HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableTaskMgr (0) -> TROUVÉ [HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> TROUVÉ [HJ] HKLM\[...]\Wow6432Node\Services\Microsoft\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [SCREENSV][SUSP PATH] HKCU\[...]\ServicesPanel\Desktop (C:\Windows\yowindow.scr) -> TROUVÉ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 localhost 127.0.0.1 192.150.14.69 127.0.0.1 192.150.18.101 127.0.0.1 192.150.18.108 127.0.0.1 192.150.22.40 127.0.0.1 192.150.8.100 127.0.0.1 192.150.8.118 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.adobe.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 +++++ --- User --- [MBR] fb1b816ba80b36f99c0efc8a4d46c8f6 [BSP] 174c82233570575a4ace0355ebffbc76 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 35653632 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 35858432 | Size: 229326 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 505518080 | Size: 230104 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++ --- User --- [MBR] 443febbf2b770631bfa63bc73ee3bf3b [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 15267 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1]_S_01022013_203110.txt >> RKreport[1]_S_01022013_203110.txt