Publicité
Publicité
Format du document : text/plain
Prévisualisation
RogueKiller V8.8.8 [Feb 19 2014] par Tigzy
mail : tigzyRKgmailcom
Remontees : http://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : User [Droits d'admin]
Mode : Recherche -- Date : 02/23/2014 13:13:47
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[PUP][BLPATH] cacaoweb.exe -- C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe [-] -> TUÉ [TermProc]
[SUSP PATH] ouc.exe -- C:\ProgramData\Dim@net\OnlineUpdate\ouc.exe [7] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : photo 2013 45151545124 (wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs" [x][-]) -> TROUVÉ
[RUN][PUP] HKCU\[...]\Run : cacaoweb ("C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-224683104-1602457905-2880346776-1000\[...]\Run : photo 2013 45151545124 (wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs" [x][-]) -> TROUVÉ
[RUN][PUP] HKUS\S-1-5-21-224683104-1602457905-2880346776-1000\[...]\Run : cacaoweb ("C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (10.30.1.145:80 [Country: (Private Address) (XX), City: (Private Address)]) -> TROUVÉ
[DNS][PUM] HKLM\[...]\CCSet\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ
[DNS][PUM] HKLM\[...]\CS001\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ
[DNS][PUM] HKLM\[...]\CS002\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : PUP ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320423AS ATA Device +++++
--- User ---
[MBR] d1543d7840ddcf8afd4965df65356eaa
[BSP] 95dbc41bda8d58c69510e63ecd97f28d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) ADATA USB Flash Drive USB Device +++++
--- User ---
[MBR] c2a0c2ff71ea5228e6dd4c10bbb18a8c
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3863 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_S_02232014_131347.txt >>
mail : tigzyRK
Remontees : http://forum.adlice.com
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://www.adlice.com
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : User [Droits d'admin]
Mode : Recherche -- Date : 02/23/2014 13:13:47
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 2 ¤¤¤
[PUP][BLPATH] cacaoweb.exe -- C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe [-] -> TUÉ [TermProc]
[SUSP PATH] ouc.exe -- C:\ProgramData\Dim@net\OnlineUpdate\ouc.exe [7] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : photo 2013 45151545124 (wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs" [x][-]) -> TROUVÉ
[RUN][PUP] HKCU\[...]\Run : cacaoweb ("C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-224683104-1602457905-2880346776-1000\[...]\Run : photo 2013 45151545124 (wscript.exe //B "C:\Users\User\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs" [x][-]) -> TROUVÉ
[RUN][PUP] HKUS\S-1-5-21-224683104-1602457905-2880346776-1000\[...]\Run : cacaoweb ("C:\Users\User\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [-]) -> TROUVÉ
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (10.30.1.145:80 [Country: (Private Address) (XX), City: (Private Address)]) -> TROUVÉ
[DNS][PUM] HKLM\[...]\CCSet\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ
[DNS][PUM] HKLM\[...]\CS001\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ
[DNS][PUM] HKLM\[...]\CS002\[...]\{3BE6BFC2-CE84-48A9-B680-5D8B347AA869} : NameServer (196.203.82.4 8.8.8.8 [TUNISIA (TN) - UNITED STATES (US)]) -> TROUVÉ
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Addons navigateur : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : PUP ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320423AS ATA Device +++++
--- User ---
[MBR] d1543d7840ddcf8afd4965df65356eaa
[BSP] 95dbc41bda8d58c69510e63ecd97f28d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) ADATA USB Flash Drive USB Device +++++
--- User ---
[MBR] c2a0c2ff71ea5228e6dd4c10bbb18a8c
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3863 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Cette demande n?est pas prise en charge. )
Termine : << RKreport[0]_S_02232014_131347.txt >>