Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.6.0 _x64_ [Jun 14 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7
Demarrage : Mode normal
Utilisateur : Daniel [Droits d'admin]
Mode : Suppression -- Date : 06/14/2013 17:32:26
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 10 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:60566) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> [0x2] Le fichier spécifié est introuvable.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-279159176-2999597518-1161301331-1001\$8dfa1f0fc44e2413fee09876650e7d31\n. [x]) -> REMPLACÉ (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8dfa1f0fc44e2413fee09876650e7d31\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8dfa1f0fc44e2413fee09876650e7d31\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Tâches planifiées : 50 ¤¤¤
[V2][SUSP PATH] At1 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At2 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At3 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At57 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At58 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At59 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At60 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At61 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At62 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At63 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At64 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At65 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At66 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At67 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At68 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At69 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At70 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At71 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At72 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At73 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At74 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At75 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At76 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At77 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At78 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At79 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At80 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At81 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At82 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At83 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At84 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At85 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At86 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At87 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At88 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At89 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At90 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At91 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At92 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At93 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At94 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At95 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At96 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At97 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At98 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At99 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] {76B10817-AE80-44F7-8408-06FDFBE30CC5} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
[V2][SUSP PATH] {783D6707-13CA-4405-AB3B-0EBDB27301EF} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
[V2][SUSP PATH] {7E5EFB22-34D0-4438-9192-312EAE6C85E5} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
[V2][SUSP PATH] {83EE4112-8370-42F9-8D28-29558D762224} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 3 ¤¤¤
[FF][PROXY] hdla3c4t.default : user_pref("network.proxy.hxxp", "127.0.0.1"); -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[FF][PROXY] hdla3c4t.default : user_pref("network.proxy.hxxp_port", 60566); -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[FF][PROXY] hdla3c4t.default : user_pref("network.proxy.type", 1); -> NON SUPPRIMÉ, UTILISER PROXY RAZ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-24A0RT0 ATA Device +++++
--- User ---
[MBR] 88ecca5f525f3ae656c43eb385ccc08b
[BSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 16997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 34813952 | Size: 119235 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 279007232 | Size: 340705 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_D_06142013_173226.txt >>
RKreport[0]_S_06142013_172846.txt
mail : tigzyRK
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7
Demarrage : Mode normal
Utilisateur : Daniel [Droits d'admin]
Mode : Suppression -- Date : 06/14/2013 17:32:26
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 10 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:60566) -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> SUPPRIMÉ
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> [0x2] Le fichier spécifié est introuvable.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-279159176-2999597518-1161301331-1001\$8dfa1f0fc44e2413fee09876650e7d31\n. [x]) -> REMPLACÉ (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8dfa1f0fc44e2413fee09876650e7d31\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8dfa1f0fc44e2413fee09876650e7d31\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Tâches planifiées : 50 ¤¤¤
[V2][SUSP PATH] At1 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At2 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At3 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At57 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At58 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At59 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At60 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At61 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At62 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At63 : C:\Users\Daniel\AppData\Roaming\java.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At64 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At65 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At66 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At67 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At68 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At69 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At70 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At71 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At72 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At73 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At74 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At75 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At76 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At77 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At78 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At79 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At80 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At81 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At82 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At83 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At84 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At85 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At86 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At87 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At88 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At89 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At90 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At91 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At92 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At93 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At94 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At95 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At96 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At97 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At98 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] At99 : C:\Users\Daniel\AppData\Roaming\opera.exe - /help [x][x] -> SUPPRIMÉ
[V2][SUSP PATH] {76B10817-AE80-44F7-8408-06FDFBE30CC5} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
[V2][SUSP PATH] {783D6707-13CA-4405-AB3B-0EBDB27301EF} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
[V2][SUSP PATH] {7E5EFB22-34D0-4438-9192-312EAE6C85E5} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
[V2][SUSP PATH] {83EE4112-8370-42F9-8D28-29558D762224} : C:\Users\Daniel\Desktop\debug.exe [x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 3 ¤¤¤
[FF][PROXY] hdla3c4t.default : user_pref("network.proxy.hxxp", "127.0.0.1"); -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[FF][PROXY] hdla3c4t.default : user_pref("network.proxy.hxxp_port", 60566); -> NON SUPPRIMÉ, UTILISER PROXY RAZ
[FF][PROXY] hdla3c4t.default : user_pref("network.proxy.type", 1); -> NON SUPPRIMÉ, UTILISER PROXY RAZ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-24A0RT0 ATA Device +++++
--- User ---
[MBR] 88ecca5f525f3ae656c43eb385ccc08b
[BSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 16997 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 34813952 | Size: 119235 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 279007232 | Size: 340705 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[1]_D_06142013_173226.txt >>
RKreport[0]_S_06142013_172846.txt