Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Vaness [Droits d'admin]
Mode : Recherche -- Date : 07/06/2013 09:47:04
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 6 ¤¤¤
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermProc]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
¤¤¤ Entrees de registre : 10 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ
[SHELL][SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ
[SHELL][Rans.Gendarm] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ
[SHELL][SUSP PATH] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] f520e08c08944bcad7f5f1d30ffc532f
[BSP] a03c57c3ee1bc2f7cd979931e1011f07 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_07062013_094704.txt >>
RKreport[1]_S_07062013_094704.txt
mail : tigzyRK
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : Vaness [Droits d'admin]
Mode : Recherche -- Date : 07/06/2013 09:47:04
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 6 ¤¤¤
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermProc]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
[SUSP PATH] old_chrome.exe -- C:\Users\Vaness\AppData\Local\Google\Chrome\Application\old_chrome.exe [7] -> TUÉ [TermThr]
¤¤¤ Entrees de registre : 10 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ
[SHELL][SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ
[SHELL][Rans.Gendarm] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Winlogon : shell (explorer.exe,C:\Users\Vaness\AppData\Roaming\skype.dat) [-] -> TROUVÉ
[SHELL][SUSP PATH] HKUS\S-1-5-21-2877960701-973512089-2064769266-1000[...]\Windows : Load (C:\Users\Vaness\AppData\Local\Temp\{98812~1.EXE) [x] -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rans.Gendarm ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] f520e08c08944bcad7f5f1d30ffc532f
[BSP] a03c57c3ee1bc2f7cd979931e1011f07 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 464838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_S_07062013_094704.txt >>
RKreport[1]_S_07062013_094704.txt