Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.4.4 [Feb 1 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : JérémY [Droits d'admin]
Mode : Recherche -- Date : 03/02/2013 12:37:35
| ARK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 3 ¤¤¤
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\n) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\n) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\n) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\n --> TROUVÉ
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\n --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\@ --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\@ --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\L --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_POWER] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_PNP] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 06fcc7272c56bb1740c12b661d210054
[BSP] ae315628b057aa70569e31c992178acb : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 20973568 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21178368 | Size: 176942 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 383555584 | Size: 117961 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SanDisk Cruzer Facet USB Device +++++
--- User ---
[MBR] 570422272ced4fad5f334efc4b25fae9
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1]_S_03022013_123735.txt >>
RKreport[1]_S_03022013_123735.txt
mail : tigzyRK
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : JérémY [Droits d'admin]
Mode : Recherche -- Date : 03/02/2013 12:37:35
| ARK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 3 ¤¤¤
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\n) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\n) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\n) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\n --> TROUVÉ
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\n --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\@ --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\@ --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$005acf795dee5507e6ee44072fb1c181\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1137002716-266516932-203928045-1000\$005acf795dee5507e6ee44072fb1c181\L --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_POWER] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
IRP[IRP_MJ_PNP] : \SystemRoot\System32\drivers\mountmgr.sys -> HOOKED ([MAJOR] Unknown @ 0x859811F8)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 06fcc7272c56bb1740c12b661d210054
[BSP] ae315628b057aa70569e31c992178acb : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 20973568 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21178368 | Size: 176942 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 383555584 | Size: 117961 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SanDisk Cruzer Facet USB Device +++++
--- User ---
[MBR] 570422272ced4fad5f334efc4b25fae9
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1]_S_03022013_123735.txt >>
RKreport[1]_S_03022013_123735.txt