Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.7.0 [Sep 30 2013] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Martial [Droits d'admin]
Mode : Suppression -- Date : 10/02/2013 10:46:23
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Martial\AppData\Roaming\skype.dat [x][x]) -> SUPPRIMÉ
[SHELL][Rans.Gendarm] HKUS\[...]\Winlogon : shell (explorer.exe,C:\Users\Martial\AppData\Roaming\skype.dat [x][x]) -> [0x2] Le fichier spécifié est introuvable.
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$de31aca2ae11441f04a2a56b7edb77c9\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$de31aca2ae11441f04a2a56b7edb77c9\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Tâches planifiées : 48 ¤¤¤
[V1][SUSP PATH] At25.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At26.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At27.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At28.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At29.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At30.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At31.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At32.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At33.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At34.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At35.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At36.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At37.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At38.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At39.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At40.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At41.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At42.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At43.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At44.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At45.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At46.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At47.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At48.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At25 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At26 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At27 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At28 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At29 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At30 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At31 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At32 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At33 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At34 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At35 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At36 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At37 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At38 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At39 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At40 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At41 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At42 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At43 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At44 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At45 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At46 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At47 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At48 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x75572AAF)
[Inline] EAT @explorer.exe (?g_pArrayPprv@ElementProviderManager@DirectUI@@0PAV?$UiaArray@PAVElementProvider@DirectUI@@@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x43D1BBE5)
[Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFBD1BEA9)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BD1BEC6)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BD1BEC6)
[Inline] EAT @explorer.exe (?s_pClassInfo@Combobox@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x7BCFA254)
[Inline] EAT @explorer.exe (?s_pClassInfo@ElementWithHWND@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x7BCFA254)
[Inline] EAT @explorer.exe (?s_pClassInfo@SelectorNoDefault@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BCFA289)
[Inline] EAT @explorer.exe (?s_pClassInfo@Thumb@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BCFA289)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5)
[Inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35)
[Inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x466C1483)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69CA1E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768946E9)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5)
[Inline] EAT @iexplore.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35)
[Inline] EAT @iexplore.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x466C1483)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768946E9)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5)
[Inline] EAT @iexplore.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Lecteurs de disque standard) - ST9250410AS +++++
--- User ---
[MBR] 0c3f8326f0552ef254e0e6ac758bb1e3
[BSP] 7f74d5ea8afb0c76626a81171dd67a8f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 172 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 354304 | Size: 10018 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20871168 | Size: 228283 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_10022013_104623.txt >>
RKreport[0]_S_10012013_081520.txt;RKreport[0]_S_10022013_104545.txt
mail : tigzyRK
Remontees : http://www.adlice.com/forum/
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : Martial [Droits d'admin]
Mode : Suppression -- Date : 10/02/2013 10:46:23
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 4 ¤¤¤
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Martial\AppData\Roaming\skype.dat [x][x]) -> SUPPRIMÉ
[SHELL][Rans.Gendarm] HKUS\[...]\Winlogon : shell (explorer.exe,C:\Users\Martial\AppData\Roaming\skype.dat [x][x]) -> [0x2] Le fichier spécifié est introuvable.
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$de31aca2ae11441f04a2a56b7edb77c9\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$de31aca2ae11441f04a2a56b7edb77c9\n. [x]) -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)
¤¤¤ Tâches planifiées : 48 ¤¤¤
[V1][SUSP PATH] At25.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At26.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At27.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At28.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At29.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At30.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At31.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At32.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At33.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At34.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At35.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At36.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At37.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At38.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At39.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At40.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At41.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At42.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At43.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At44.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At45.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At46.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At47.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V1][SUSP PATH] At48.job : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At25 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At26 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At27 : C:\ProgramData\2x40O2u6.exe_ [x] -> SUPPRIMÉ
[V2][SUSP PATH] At28 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At29 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At30 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At31 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At32 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At33 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At34 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At35 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At36 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At37 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At38 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At39 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At40 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At41 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At42 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At43 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At44 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At45 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At46 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At47 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
[V2][SUSP PATH] At48 : C:\ProgramData\2x40O2u6.exe_ [x] -> ERROR DELETING TASK
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Jonction SUPPRIMÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @explorer.exe (GetUserNameExW) : Secur32.dll -> HOOKED (C:\Windows\system32\SSPICLI.DLL @ 0x75572AAF)
[Inline] EAT @explorer.exe (?g_pArrayPprv@ElementProviderManager@DirectUI@@0PAV?$UiaArray@PAVElementProvider@DirectUI@@@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x43D1BBE5)
[Inline] EAT @explorer.exe (?s_pClassInfo@Bind@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0xFBD1BEA9)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCProgressBar@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BD1BEC6)
[Inline] EAT @explorer.exe (?s_pClassInfo@CCRadioButton@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BD1BEC6)
[Inline] EAT @explorer.exe (?s_pClassInfo@Combobox@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x7BCFA254)
[Inline] EAT @explorer.exe (?s_pClassInfo@ElementWithHWND@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x7BCFA254)
[Inline] EAT @explorer.exe (?s_pClassInfo@SelectorNoDefault@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BCFA289)
[Inline] EAT @explorer.exe (?s_pClassInfo@Thumb@DirectUI@@0PAUIClassInfo@2@A) : DUI70.dll -> HOOKED (Unknown @ 0x6BCFA289)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416)
[Inline] EAT @explorer.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5)
[Inline] EAT @explorer.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35)
[Inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x466C1483)
[Address] IAT @iexplore.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x69CA1E4B)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768946E9)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5)
[Inline] EAT @iexplore.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35)
[Inline] EAT @iexplore.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x466C1483)
[Address] IAT @iexplore.exe (RegGetValueW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB0E47)
[Address] IAT @iexplore.exe (RegOpenKeyExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB468D)
[Address] IAT @iexplore.exe (RegCloseKey) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB469D)
[Address] IAT @iexplore.exe (RegQueryValueExW) : api-ms-win-downlevel-advapi32-l1-1-0.dll -> HOOKED (C:\Windows\system32\advapi32.DLL @ 0x76AB46AD)
[Address] IAT @iexplore.exe (StrStrIW) : api-ms-win-downlevel-shlwapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\shlwapi.DLL @ 0x768946E9)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP90.dll -> HOOKED (Unknown @ 0x18FD0416)
[Inline] EAT @iexplore.exe (?_Ptr_wcout@std@@3PAV?$basic_ostream@GU?$char_traits@G@std@@@1@A) : MSVCP80.dll -> HOOKED (Unknown @ 0x223CC9A5)
[Inline] EAT @iexplore.exe (_pctype) : MSVCR80.dll -> HOOKED (Unknown @ 0x5C33DA35)
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) (Lecteurs de disque standard) - ST9250410AS +++++
--- User ---
[MBR] 0c3f8326f0552ef254e0e6ac758bb1e3
[BSP] 7f74d5ea8afb0c76626a81171dd67a8f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 172 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 354304 | Size: 10018 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20871168 | Size: 228283 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_10022013_104623.txt >>
RKreport[0]_S_10012013_081520.txt;RKreport[0]_S_10022013_104545.txt