RogueKiller V8.7.0 [Sep 30 2013] par Tigzy mail : tigzyRKgmailcom Remontees : http://www.adlice.com/forum/ Site Web : http://www.sur-la-toile.com/RogueKiller/ Blog : http://tigzyrk.blogspot.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Demarrage : Mode normal Utilisateur : Martial [Droits d'admin] Mode : Suppression -- Date : 10/02/2013 10:46:23 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 4 ¤¤¤ [SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Martial\AppData\Roaming\skype.dat [x][x]) -> SUPPRIMÉ [SHELL][Rans.Gendarm] HKUS\[...]\Winlogon : shell (explorer.exe,C:\Users\Martial\AppData\Roaming\skype.dat [x][x]) -> [0x2] Le fichier spécifié est introuvable. [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$de31aca2ae11441f04a2a56b7edb77c9\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll) [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$de31aca2ae11441f04a2a56b7edb77c9\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll) ¤¤¤ Tâches planifiées : 48 ¤¤¤ [V1][SUSP PATH] At25.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At26.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At27.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At28.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At29.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At30.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At31.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At32.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At33.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At34.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At35.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At36.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At37.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At38.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At39.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At40.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At41.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At42.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At43.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At44.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At45.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At46.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At47.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V1][SUSP PATH] At48.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V2][SUSP PATH] At25 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V2][SUSP PATH] At26 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V2][SUSP PATH] At27 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ [V2][SUSP PATH] At28 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At29 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At30 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At31 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At32 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At33 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At34 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At35 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At36 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At37 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At38 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At39 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At40 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At41 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At42 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At43 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At44 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At45 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At46 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At47 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK [V2][SUSP PATH] At48 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ [ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ [ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ ¤¤¤ Driver : [CHARGE] ¤¤¤ [Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x75572AAF) [Inline] EAT @explorer.exe (?g_pArrayPprv@ElementProviderManager@DirectUI@@0PAV?$UiaArray@PAVElementProvider@DirectUI@@@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x43D1BBE5) [Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFBD1BEA9) [Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BD1BEC6) [Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BD1BEC6) [Inline] EAT @explorer.exe (?s_pClassInfo@Combobox@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x7BCFA254) [Inline] EAT @explorer.exe (?s_pClassInfo@ElementWithHWND@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x7BCFA254) [Inline] EAT @explorer.exe (?s_pClassInfo@SelectorNoDefault@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BCFA289) [Inline] EAT @explorer.exe (?s_pClassInfo@Thumb@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BCFA289) [Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416) [Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5) [Inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35) [Inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x466C1483) [Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69CA1E4B) [Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB0E47) [Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB468D) [Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB469D) [Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB46AD) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768946E9) [Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416) [Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5) [Inline] EAT @iexplore.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35) [Inline] EAT @iexplore.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x466C1483) [Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB0E47) [Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB468D) [Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB469D) [Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB46AD) [Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768946E9) [Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416) [Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5) [Inline] EAT @iexplore.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35) ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Lecteurs de disque standard) - ST9250410AS +++++ --- User --- [MBR] 0c3f8326f0552ef254e0e6ac758bb1e3 [BSP] 7f74d5ea8afb0c76626a81171dd67a8f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 172 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 354304 | Size: 10018 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20871168 | Size: 228283 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_D_10022013_104623.txt >> RKreport[0]_S_10012013_081520.txt;RKreport[0]_S_10022013_104545.txt