Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.8.7 [Feb 11 2014] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : kontamine [Droits d'admin]
Mode : Recherche -- Date : 02/19/2014 19:14:49
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x] -> DECHARGÉE
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [-] -> regsvr32.exe TUÉ [TermProc]
¤¤¤ Entrees de registre : 18 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\kontamine\AppData\Local\Google\Desktop\Install\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\?��?��?��\?��?��?��\???ﯹ๛\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : Idsoft (regsvr32.exe C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : Jyos (C:\Users\kontamine\AppData\Roaming\Daetwu\jyos.exe [x]) -> TROUVÉ
[RUN][ZeroAccess] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Google Update ("C:\Users\kontamine\AppData\Local\Google\Desktop\Install\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\?��?��?��\?��?��?��\???ﯹ๛\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Idsoft (regsvr32.exe C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Jyos (C:\Users\kontamine\AppData\Roaming\Daetwu\jyos.exe [x]) -> TROUVÉ
[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ
[SERVICE][Root.Necurs] HKLM\[...]\CCSet\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ
[SERVICE][Root.Necurs] HKLM\[...]\CS002\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ
[SERVICE][ROGUE ST] HKLM\[...]\CS003\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ
[SERVICE][Root.Necurs] HKLM\[...]\CS003\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][SUSP PATH] Updater19962.exe : C:\Users\kontamine\AppData\Local\Updater19962\Updater19962.exe - /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [x][x] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Users\kontamine\AppData\Local\Google\Desktop\Install [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE 0xc0000001] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Dood'z\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\kontamine\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ZeroAccess|Root.Necurs ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65L5B1 +++++
--- User ---
[MBR] af3b67d834ae118f088d399f8ff913f8
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 761111 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1558757376 | Size: 177866 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923028695 | Size: 14888 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_02192014_191449.txt >>
mail : tigzyRK
Remontees : http://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : kontamine [Droits d'admin]
Mode : Recherche -- Date : 02/19/2014 19:14:49
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x] -> DECHARGÉE
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [-] -> regsvr32.exe TUÉ [TermProc]
¤¤¤ Entrees de registre : 18 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\kontamine\AppData\Local\Google\Desktop\Install\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\?��?��?��\?��?��?��\???ﯹ๛\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : Idsoft (regsvr32.exe C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKCU\[...]\Run : Jyos (C:\Users\kontamine\AppData\Roaming\Daetwu\jyos.exe [x]) -> TROUVÉ
[RUN][ZeroAccess] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Google Update ("C:\Users\kontamine\AppData\Local\Google\Desktop\Install\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\?��?��?��\?��?��?��\???ﯹ๛\{3aed91cd-29a3-2594-c360-764bdb52a7cb}\GoogleUpdate.exe" >) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Idsoft (regsvr32.exe C:\Users\kontamine\AppData\Local\Idsoft\igServices80.dll [x][-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-1765441652-3825123164-819375994-1001\[...]\Run : Jyos (C:\Users\kontamine\AppData\Roaming\Daetwu\jyos.exe [x]) -> TROUVÉ
[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ
[SERVICE][Root.Necurs] HKLM\[...]\CCSet\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ
[SERVICE][Root.Necurs] HKLM\[...]\CS002\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ
[SERVICE][ROGUE ST] HKLM\[...]\CS003\[...]\Services : 11344 (C:\Users\kontamine\AppData\Local\Temp\11344.sys [x]) -> TROUVÉ
[SERVICE][Root.Necurs] HKLM\[...]\CS003\[...]\Services : ee98062e48f8d9eb (C:\Windows\system32\ee98062e48f8d9eb.sys [x]) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Tâches planifiées : 1 ¤¤¤
[V2][SUSP PATH] Updater19962.exe : C:\Users\kontamine\AppData\Local\Updater19962\Updater19962.exe - /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [x][x] -> TROUVÉ
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][Jonction] fr-FR : C:\Program Files\Windows Defender\fr-FR >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Jonction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> TROUVÉ
[ZeroAccess][Repertoire] Install : C:\Users\kontamine\AppData\Local\Google\Desktop\Install [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE 0xc0000001] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Dood'z\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> D:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Documents and Settings\kontamine\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ZeroAccess|Root.Necurs ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD10EADS-65L5B1 +++++
--- User ---
[MBR] af3b67d834ae118f088d399f8ff913f8
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 761111 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1558757376 | Size: 177866 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923028695 | Size: 14888 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_S_02192014_191449.txt >>