Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.8.5 [Feb 3 2014] par Tigzy
mail : tigzyRKgmailcom
Remontees : hxxp://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : admin [Droits d'admin]
Mode : Suppression -- Date : 02/07/2014 13:41:26
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> ERROR [5]
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> ERROR [5]
¤¤¤ Entrees de registre : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKLM\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4048705399-1681725136-4007656137-1000\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> [0x2] Le fichier spécifié est introuvable.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll [-]) -> REMPLACÉ ()
¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][SUSP PATH] EPUpdater : C:\Users\admin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @explorer.exe (LoadLibraryExA) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF740)
[Address] IAT @explorer.exe (LoadLibraryExW) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF7A0)
[Address] IAT @explorer.exe (OpenProcess) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBD120)
[Address] IAT @explorer.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF860)
[Address] IAT @explorer.exe (TerminateProcess) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBD170)
[Address] IAT @explorer.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF800)
[Inline] IAT @explorer.exe (DialogBoxParamW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DB7440)
[Address] IAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF6D0)
[Address] IAT @explorer.exe (NtClose) : ntdll.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC3240)
[Inline] EAT @explorer.exe (LoadLibraryA) : kernel32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC4200)
[Inline] EAT @explorer.exe (LoadLibraryW) : kernel32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC43D0)
[Inline] EAT @explorer.exe (DialogBoxParamW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DB7440)
¤¤¤ Ruches Externes: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\admin\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Invité\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\admin\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 23d018ce353eb1d29d4d9d0431397e23
[BSP] de42e484367190f55a7e95a25a270c7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 234900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 481282048 | Size: 241938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] ea6bfe486a0de1c48d2624df8a15311c
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 6 | Size: 7459 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_D_02072014_134126.txt >>
RKreport[0]_S_02052014_105204.txt;RKreport[0]_S_02072014_133605.txt
mail : tigzyRK
Remontees : hxxp://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : admin [Droits d'admin]
Mode : Suppression -- Date : 02/07/2014 13:41:26
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> ERROR [5]
[SUSP PATH] BitGuard.exe -- C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [7] -> ERROR [5]
¤¤¤ Entrees de registre : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKLM\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-4048705399-1681725136-4007656137-1000\[...]\Run : registeryfixer (wscript.exe //B "C:\Users\admin\AppData\Roaming\registeryfixer.vbs" [x][-]) -> [0x2] Le fichier spécifié est introuvable.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll [-]) -> REMPLACÉ ()
¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][SUSP PATH] EPUpdater : C:\Users\admin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> SUPPRIMÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
[Address] IAT @explorer.exe (LoadLibraryExA) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF740)
[Address] IAT @explorer.exe (LoadLibraryExW) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF7A0)
[Address] IAT @explorer.exe (OpenProcess) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBD120)
[Address] IAT @explorer.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF860)
[Address] IAT @explorer.exe (TerminateProcess) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBD170)
[Address] IAT @explorer.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF800)
[Inline] IAT @explorer.exe (DialogBoxParamW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DB7440)
[Address] IAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DBF6D0)
[Address] IAT @explorer.exe (NtClose) : ntdll.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC3240)
[Inline] EAT @explorer.exe (LoadLibraryA) : kernel32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC4200)
[Inline] EAT @explorer.exe (LoadLibraryW) : kernel32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DC43D0)
[Inline] EAT @explorer.exe (DialogBoxParamW) : USER32.dll -> HOOKED (c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll @ 0x74DB7440)
¤¤¤ Ruches Externes: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\admin\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Invité\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\admin\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] 23d018ce353eb1d29d4d9d0431397e23
[BSP] de42e484367190f55a7e95a25a270c7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 234900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 481282048 | Size: 241938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] ea6bfe486a0de1c48d2624df8a15311c
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 6 | Size: 7459 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_D_02072014_134126.txt >>
RKreport[0]_S_02052014_105204.txt;RKreport[0]_S_02072014_133605.txt