Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.6.12 [Sep 18 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Stef [Droits d'admin]
Mode : Suppression -- Date : 09/27/2013 08:02:39
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\bitguard\261673~1.238\{c16c1~1\bitguard.dll [7]) -> REMPLACÉ ()
¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][SUSP PATH] EPUpdater : C:\Users\Stef\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - HDS722512VLAT80 ATA Device +++++
--- User ---
[MBR] 058efca68c9d83419125088f225fe571
[BSP] 2aec668f1c54506632abe2ee39a0f49c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 37785 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 77385105 | Size: 80011 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Lecteurs de disque standard) - Maxtor 6B200P0 ATA Device +++++
--- User ---
[MBR] 057b7a37f7e7c96f5e1b1961ee82b9f7
[BSP] 86072e9947d67f89b1047e7571b5710c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204796620 | Size: 35000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 276478650 | Size: 59475 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) (Lecteurs de disque standard) - WDC WD10EADS-00P8B0 ATA Device +++++
--- User ---
[MBR] ceb414d5cf830b46e365c5eb149092b6
[BSP] 70809f0a3dabc2e4b5301b8b89dcc47b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 500000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1228802048 | Size: 353867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_09272013_080239.txt >>
RKreport[0]_S_09272013_080208.txt
mail : tigzyRK
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Stef [Droits d'admin]
Mode : Suppression -- Date : 09/27/2013 08:02:39
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\bitguard\261673~1.238\{c16c1~1\bitguard.dll [7]) -> REMPLACÉ ()
¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][SUSP PATH] EPUpdater : C:\Users\Stef\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\drivers\winhv.sys -> HOOKED ([Address] Unknown @ 0x874251F8)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Lecteurs de disque standard) - HDS722512VLAT80 ATA Device +++++
--- User ---
[MBR] 058efca68c9d83419125088f225fe571
[BSP] 2aec668f1c54506632abe2ee39a0f49c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 37785 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 77385105 | Size: 80011 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Lecteurs de disque standard) - Maxtor 6B200P0 ATA Device +++++
--- User ---
[MBR] 057b7a37f7e7c96f5e1b1961ee82b9f7
[BSP] 86072e9947d67f89b1047e7571b5710c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204796620 | Size: 35000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 276478650 | Size: 59475 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) (Lecteurs de disque standard) - WDC WD10EADS-00P8B0 ATA Device +++++
--- User ---
[MBR] ceb414d5cf830b46e365c5eb149092b6
[BSP] 70809f0a3dabc2e4b5301b8b89dcc47b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 500000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1228802048 | Size: 353867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_09272013_080239.txt >>
RKreport[0]_S_09272013_080208.txt