Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.5.1 [Feb 20 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Maud et Jérôme [Droits d'admin]
Mode : Suppression -- Date : 20/02/2013 21:56:39
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 8 ¤¤¤
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Maud et Jérôme\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll [x] -> TUÉ [TermProc]
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe [x] -> STOPPÉ
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 8 ¤¤¤
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [7] -> SUPPRIMÉ
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> SUPPRIMÉ
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> SUPPRIMÉ
[STARTUP][Rans.Gendarm] runctf.lnk @Maud et Jérôme : C:\Windows\System32\rundll32.exe|C:\Users\MAUDET~1\AppData\Local\Temp\ZPnCEDz.exe,M1N1 -> SUPPRIMÉ
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3231734888-3219877850-1028221950-1001\$2a5009b59e77dc3ac0a132411d1714c2\@ [-] --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3231734888-3219877850-1028221950-1001\$2a5009b59e77dc3ac0a132411d1714c2\U --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3231734888-3219877850-1028221950-1001\$2a5009b59e77dc3ac0a132411d1714c2\L --> SUPPRIMÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2]_D_20022013_215639.txt >>
RKreport[1]_S_20022013_213941.txt ; RKreport[2]_D_20022013_215639.txt
mail : tigzyRK
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Maud et Jérôme [Droits d'admin]
Mode : Suppression -- Date : 20/02/2013 21:56:39
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 8 ¤¤¤
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Maud et Jérôme\AppData\Local\Temp\Bunndle\BunndleOfferManager.dll [x] -> TUÉ [TermProc]
[SERVICE] IBUpdaterService -- C:\Windows\system32\dmwu.exe [x] -> STOPPÉ
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 8 ¤¤¤
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [7] -> SUPPRIMÉ
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> SUPPRIMÉ
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\system32\dmwu.exe) -> SUPPRIMÉ
[STARTUP][Rans.Gendarm] runctf.lnk @Maud et Jérôme : C:\Windows\System32\rundll32.exe|C:\Users\MAUDET~1\AppData\Local\Temp\ZPnCEDz.exe,M1N1 -> SUPPRIMÉ
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3231734888-3219877850-1028221950-1001\$2a5009b59e77dc3ac0a132411d1714c2\@ [-] --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3231734888-3219877850-1028221950-1001\$2a5009b59e77dc3ac0a132411d1714c2\U --> SUPPRIMÉ
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3231734888-3219877850-1028221950-1001\$2a5009b59e77dc3ac0a132411d1714c2\L --> SUPPRIMÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2]_D_20022013_215639.txt >>
RKreport[1]_S_20022013_213941.txt ; RKreport[2]_D_20022013_215639.txt